Menu
I was trying to set parameters of the cookie using angular. I am able to set Expiration date and security parameter but not able to set the HttpOnly Parameter. I have set 'Expires' and 'Security' using angular cookie service i.e "cookie.service.d.ts" using below method
set(name: string, value: string, expires?: number | Date, path?: string, domain?: string, secure?: boolean, sameSite?: 'Lax' | 'Strict'): void;
I could not find how to set the HttpOnly parameter because angular cookie service does not contain such a parameter. any best way to set the HttpOnly parameter.
PFA..
558
HttpOnly flag on a cookie implies that it can be set and accessed by the server side only. Client code will not have access to such cookies. Hence you will not be able to set this flag from the client side code like angular.
This is a security feature to prevent client side code (malicious code injected through XSS) from reading sensitive information stored in cookies.
Refer this issue and this answer for more info.
Also below is the text snippet from MDN. -
Cookies created via JavaScript cannot include the HttpOnly flag.
119
HttpOnly cookies are not accessible from the client side, meaning you will not be able to read or set it.
You can use a regular cookie to store a authorization token like JWT which you can generate from the backend.
Angular treats all values as untrusted by default. When a value is inserted into the DOM from a template binding, or interpolation, Angular sanitizes and escapes untrusted values.
40
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
