Menu
I'm playing around with window.fetch() in Firefox and Chrome. For some reasons, fetch() doesn't send any cookies. Now that wouldn't be a problem, as I can send them using
fetch('/something', { headers: { Cookie: document.cookie } }) But this won't work for httpOnly cookies.
702
If you want to pass cookies with this request, you can do so by passing the credentials option to the fetch request. fetch("http://example.com/data.json", { credentials: "same-origin" }) . then(response => response. json()) .
If you set credentials to same-origin : Fetch will send 1st party cookies to its own server. It will not send cookies to other domains or subdomains. If you set credentials to include : Fetch will continue to send 1st party cookies to its own server.
You can determine whether or not a session cookie is missing the HttpOnly flag by checking the domain against https://securityheaders.com. Alternatively, you can validate with the Google Chrome developer tools when examining the HTTP Response header Set-Cookie.
Unless fetch() is called with the credentials option set to include , fetch() : won't send cookies in cross-origin requests. won't set any cookies sent back in cross-origin responses. As of August 2018, the default credentials policy changed to same-origin.
Okay, I found out after reading on the Mozilla Developer Network a bit more and trying out the credentials option.
Looks like the credentials option is what I should have looked for.
fetch('/something', { credentials: 'same-origin' }) // or 'include' Will send the cookies.
199
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With