Home > Mobile >  JWT HttpOnly Cookie, who sets the Authorization header?
JWT HttpOnly Cookie, who sets the Authorization header?

Time:09-24

so i am doing an OAuth between my FrontEnd (ReactJS) and my BackEnd (Spring Boot),

since i am setting a cookie httpOnly, my frontend cant access it obv.

but now, since the token needs to be send on every request to check if the user is Authorized or not, how we go about that?

If i send any request with axios for example, how do i get the Authorized Token in the header?

CodePudding user response:

Well, you can't. If the cookie is httponly, there is no way to add its content to the Authorization header. You either need to store tokens directly in the JS code (e.g. in local storage or memory - taking into consideration the risk), or you need to add a proxy between the APIs and your SPA. The proxy will extract the token from the cookie and place it in the Authorization header.

  • Related