如何在 ngCookies 中设置 httpOnly 标志?
[英]How to set httpOnly flag in ngCookies?
问题描述
I have a JWT token that I'd like to store in a cookie.
我有一个 JWT 令牌,我想将其存储在 cookie 中。 The cookie needs to have at least HttpOnly flag set, but I would also want to set the Secure flag to true. cookie 至少需要设置 HttpOnly 标志,但我也想将 Secure 标志设置为 true。
From the angular docs I know I can store my token in cookies like this:从 angular docs 我知道我可以将我的令牌存储在这样的 cookie 中:
// using 'ngCookies'
createToken(jwt_token) {
$cookies.put('jwt', jwt_token);
},
retrieveToken() {
return $cookies.get('jwt');
}
But it's not clear how I can specify the HttpOnly and Secure flags.但不清楚如何指定 HttpOnly 和 Secure 标志。 The docs say it has an options field for put() and get() , but then it mentions $cookiesProvider . 文档说它有一个用于put()和get()的选项字段,但随后它提到了$cookiesProvider 。 I'm not sure how that fits in, or where it should be declared, or if it needs to be set every time I do a put() or get() ?我不确定它是如何适应的,或者应该在哪里声明它,或者每次我执行put()或get()时是否都需要设置它?
So would it be something like:那么它会是这样的:
createToken(jwt_token) {
$cookiesProvider['domain'] = 'www.mydomain.com';
$cookiesProvider['secure'] = true;
$cookies.put('jwt', jwt_token);
},
retrieveToken() {
$cookiesProvider['domain'] = 'www.mydomain.com';
$cookiesProvider['secure'] = true;
return $cookies.get('jwt');
}
Or is that completely wrong?或者这是完全错误的? I didn't see any HttpOnly flag either, but I do see domain which I set to www.mydomain.com .我也没有看到任何 HttpOnly 标志,但我确实看到了我设置为www.mydomain.com domain 。 Is that equivalent to HttpOnly = true?这等价于 HttpOnly = true 吗?
1 个解决方案
解决方案1
5 2015-07-20 11:26:22
You can't do this using ngCookies.你不能使用 ngCookies 来做到这一点。 A HttpOnly cookie can't be created from JavaScript, the alternative however, is to make an ajax query to the server that will add a Set-Cookie HTTP response.无法从 JavaScript 创建HttpOnly cookie,但是,替代方法是对服务器进行 ajax 查询,以添加Set-Cookie HTTP 响应。
Related: Set a cookie to HttpOnly via Javascript相关: 通过 Javascript 将 cookie 设置为 HttpOnly
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.