Menu
I've been trying to access the Set-Cookie value from the response headers. I have went through a lot of questions on here and also through other forums. The cookie is not 'HTTPOnly', SameSite: None, Secure: True.
I'm trying to make a post request, response status is 302(Redirect) and also the response body(in PostMan) is {redirect: '/next/', someId: 'random_id_value'}. However no matter how much I try to access the set-cookie, I'm failing at it.
I have used the CORS extension as well. Changed 'withCredentials: true', "credentials: 'include'". Used a proxy too. Also, I'm using localhost:3000 to render the page in my react dev server.
Really hoping that someone could give me a solution to access the set-cookie.
964
asked Apr 28 '26 21:04
In accordance with the Fetch standard, client code cannot read Set-Cookie response headers, even if the server happens to be configured for CORS and lists Set-Cookie in its responses' Access-Control-Expose-Headers header. See this section of the standard:
A forbidden response-header name is a header name that is a byte-case-insensitive match for one of:
Set-CookieSet-Cookie2
and further down:
A CORS-safelisted response-header name[...] is a header name that is a byte-case-insensitive match for one of
- [...]
- Any item in [
Access-Control-Expose-Headers] that is not a forbidden response-header name.
127
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
