Reputation: 63
Accessing cookie set by back-end on another domain
If my backend is on abc.com and sets a cookie in the frontend which is on xyz.com then I am not able to access the cookie on the frontend using document.cookie , is there a work-around for this issue ?
Upvotes: 6
Views: 3284
Answers (1)
Reputation: 943569
No.
If it was possible then Evil-Hacker.com could read the cookies from Your-Bank.com and gain access to your bank account.
Cookies are accessible, directly, only if the Domain parameter of the cookie matches a segment of the domain of the page trying to read them. (e.g. foo.example.com could read a cookie set for example.com). Top-level domains (like .com) are excluded from this.
An Ajax request, with the withCredentials flag set, could make a request to the domain the served the cookies (this would need permission via CORS with a pre-flight). A server-side script on that domain could then read the cookie and echo it back in the body of the response where JS could read it. Obviously this requires the domain the cookie belongs to to co-operate by providing such a webservice.
Upvotes: 3
Related Questions
- Reading a cookie from a different domain
- Setting Cookies via AJAX CORS Response and accessing them in document.cookies
- Setting Cookies with CORS requests
- set cookie cross origin
- How to get the browser Cookies using JavaScript
- Cookies on cross domain requests
- Get Cookie of another Domain Javascript
- how to make javascript requests using login information from another site
- Setting cookie for different domain from javascript
- Reading Cookie from a different domain?