I'm trying to figure out how to set the HttpOnly attribute for the set-cookie header, specifically for native NodeJS.
Right now, I have this code, but it doesn't work because I can still access the cookies with client side javascript.
response.setHeader('Set-Cookie', ['HttpOnly']);
To set cookie, you need to specify cookie name and value, which is missing in your code. That's why it does not work. Example code would be:
response.setHeader('Set-Cookie', 'foo=bar; HttpOnly');
If you want to set multiple cookies, some with HttpOnly
, some without. The code would be:
response.setHeader('Set-Cookie', ['foo=bar; HttpOnly', 'x=42; HttpOnly', 'y=88']);
According to Node.js HTTP document, there is no global HttpOnly
configuration, which makes sense, as normally you may need some cookie client readable.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With