Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Setting the HttpOnly attribute for the NodeJS cookie header

I'm trying to figure out how to set the HttpOnly attribute for the set-cookie header, specifically for native NodeJS.

Right now, I have this code, but it doesn't work because I can still access the cookies with client side javascript.

response.setHeader('Set-Cookie', ['HttpOnly']);
like image 673
Artur Avatar asked Mar 21 '17 02:03

Artur


1 Answers

To set cookie, you need to specify cookie name and value, which is missing in your code. That's why it does not work. Example code would be:

response.setHeader('Set-Cookie', 'foo=bar; HttpOnly');

If you want to set multiple cookies, some with HttpOnly, some without. The code would be:

response.setHeader('Set-Cookie', ['foo=bar; HttpOnly', 'x=42; HttpOnly', 'y=88']);

According to Node.js HTTP document, there is no global HttpOnly configuration, which makes sense, as normally you may need some cookie client readable.

like image 116
shaochuancs Avatar answered Oct 17 '22 07:10

shaochuancs