Menu
I'm using Angularjs. When I set Cookie header with xhr.setRequestHeader() I get the following error on Chrome:
Refused to set unsafe header "Cookie"
However, the Cookie is included into the request and successfully sent to server. I seem to have configured everything correctly to allow Cookie header on server and client:
for server I have these:
Header add Access-Control-Allow-Credentials "true"
for client I specify these:
withCredentials
Why is this error?
547
You get that error from Chrome because, per the XHR specification, the setRequestHeader method should not set headers with a forbidden header name.
Per the specification:
These are forbidden so the user agent remains in full control over them.
Instead, for Angular 1.x, set the cookie by using $cookies, and it will be included in subsequent xhr requests.
108
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
