New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cannot set HttpOnly attribute to false for cookie #3340
Comments
Hi @raugustin-amplify I wasn't able to reproduce your issue with the latest Node.js on the latest Node.js 6.x. Here is what I tried:
You can see that the Set-Cookie header is just Can you please provide all the following?
Thanks! |
I am running node v8.0.0 and express 5.0.0 We run the host on a test environment with https connection: here is a snippet of the relevant server code I extracted :
|
Hm, I'm still not able to reproduce with that code. What is the call you are making against that server and seeing the issue with? Without being able to reproduce, I'm not sure what I can debug against. |
hi @raugustin-amplify what you are trying to do with
router.get ('*', [middleware1, middleware2] , (req,res)={
// do your stuff here api
res.cookie('name', 'express').send('cookie set'); //cookie is set with key value
}); //"* " ==> means that you are redirecting all you get api's to this router through router level middle ware |
Closing since I couldn't reproduce, so don't know what the resolution would be. |
Hi I am setting a cookie for tracking purposes in response object like this :
res.cookie('tracking_cookie', 'cookievalue',{ httpOnly: false});
We have some client side script that want to read the cookies but it still set HttpOnly flag.
It seems that it something overrides the statement .
The reason I say that is when set the cookie with set or append like this:
res.append('Set-Cookie', 'tracking_cookie'=cookie_name; Path=/; HttpOnly=false');
I see this on the client side response header
Set-Cookie:tracking_cookie=cookievalue; Path=/; HttpOnly=false; Secure; HttpOnly
this means something set the HttpOnly attribute after the statement.
The text was updated successfully, but these errors were encountered: