can't access httponly cookie from react js but can access in postman app! how is it possible?

Question

I send a request to server to login and get cookie with token value with HTTP only tag after this action I can not access cookie value in my react app but I tested it in the postman app and i can see cookie in this app if I can see it in the postman app so I can see it in my app! what is different between them? Is There A Way To get HTTP only cookie in react app? result from request response from server in postman

Answer 1

That is exactly the purpose of HttpOnly cookies.

The server sends the cookie along with the response, the browser stores it and sends it along with any request to the domain of this cookie. But the browser will prevent any code running on it to access it.

Why ?, this creates a secured way to store sensible information, such as authentication tokens, preventing any injected code in your page to access it.

https://www.owasp.org/index.php/HttpOnly

Answer 2

You can't have access to the httponly cookies in react or any javascript framework. you see it in postman because in this case, postman acts like a browser and saves all of the cookies in itself then you can see them.