I'm trying to get a response header using express js but no way i try is working. Here is where i set the header:

   return res.status(400).header('loginError', error.details[0].message).redirect('/login');

This works and i can see the header in the network tab on inspect element but when i try to access it it doesn't return a value. I've tried:

res.getHeader("loginError"), res.get("loginError"), res.header("loginError")

Here is my ejs code:

   <div >
        <div >
             <span id="login-form-error__span"><%=loginError%></span>
   </div>
</div>
<% } %>

I set the loginError var when i render the page:

 res.render('login/index.ejs', {
        loginError: res.header
    });

Any help is appreciated, sorry if this is a dumb question

CodePudding user response：

From your proposed solution, it sounds like you're trying to do a redirect, but send some data with the redirect that will come back to the server when the client requests the redirected URL (on the next request).

You cannot use a custom header with a redirect. The header will go to the browser, but the browser will NOT include the header on the request that follows to the redirect URL. So your server won't get the header back again.

You can send data from one request to the next request from the same client in the following ways:

1. Set a query parameter on the redirect so that when the browser sends the redirected URL to the server, the data you attached as a query parameter will be part of the URL where your server can look for it and use it. This would be useful for data that is not particularly secret.

2. Use a server-side session such as express-session. Then, you can set a client-specific piece of data in the session object (which is a unique object for each user), send your redirect response and then when the redirected URL comes back on the next request, your server can check the session for the data (read that data and perhaps clear it).

3. Set a cookie along with sending the redirect response and then when the redirected request comes back to your server, you can check for the cookie and grab whatever you want in the cookie (and delete the cookie).

Using data in a server-side session is the most secure (as the data never leaves the server) if that's relevant for your particular use case.

You cannot use req.app.get() and req.app.set() because those are global to your server and thus multiple users will compete for the same values causing concurrency problems (where one user's value trounces that from another user or one user gets the data that belonged to another user). This is a buggy experience that will only hit you every once in a while and is hard to reproduce and figure out why things went wrong. Don't do it this way. It's analogous to trying to store data from two users in the same server-side variable. Only leads to problems.

CodePudding user response：

For anyone wondering: Instead of using headers I found that if you use req.app.get(var) and req.app.set(var, value) you can easily send data from one request to another. I don't know if it is a secure way to send store data or not if anyone else has more info on that feel free to respond.