I'm using Angularjs. When I set Cookie
header with xhr.setRequestHeader()
I get the following error on Chrome:
Refused to set unsafe header "Cookie"
However, the Cookie
is included into the request and successfully sent to server. I seem to have configured everything correctly to allow Cookie
header on server and client:
for server I have these:
Header add Access-Control-Allow-Credentials "true"
for client I specify these:
withCredentials
Why is this error?
You get that error from Chrome because, per the XHR specification, the setRequestHeader
method should not set headers with a forbidden header name.
Per the specification:
These are forbidden so the user agent remains in full control over them.
Instead, for Angular 1.x, set the cookie by using $cookies
, and it will be included in subsequent xhr
requests.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With