[英]How to set httpOnly flag in ngCookies?
I have a JWT token that I'd like to store in a cookie.我有一个 JWT 令牌,我想将其存储在 cookie 中。 The cookie needs to have at least HttpOnly flag set, but I would also want to set the Secure flag to true.
cookie 至少需要设置 HttpOnly 标志,但我也想将 Secure 标志设置为 true。
From the angular docs I know I can store my token in cookies like this:从 angular docs 我知道我可以将我的令牌存储在这样的 cookie 中:
// using 'ngCookies'
createToken(jwt_token) {
$cookies.put('jwt', jwt_token);
},
retrieveToken() {
return $cookies.get('jwt');
}
But it's not clear how I can specify the HttpOnly and Secure flags.但不清楚如何指定 HttpOnly 和 Secure 标志。 The docs say it has an options field for
put()
and get()
, but then it mentions $cookiesProvider
. 文档说它有一个用于
put()
和get()
的选项字段,但随后它提到了$cookiesProvider
。 I'm not sure how that fits in, or where it should be declared, or if it needs to be set every time I do a put()
or get()
?我不确定它是如何适应的,或者应该在哪里声明它,或者每次我执行
put()
或get()
时是否都需要设置它?
So would it be something like:那么它会是这样的:
createToken(jwt_token) {
$cookiesProvider['domain'] = 'www.mydomain.com';
$cookiesProvider['secure'] = true;
$cookies.put('jwt', jwt_token);
},
retrieveToken() {
$cookiesProvider['domain'] = 'www.mydomain.com';
$cookiesProvider['secure'] = true;
return $cookies.get('jwt');
}
Or is that completely wrong?或者这是完全错误的? I didn't see any HttpOnly flag either, but I do see
domain
which I set to www.mydomain.com
.我也没有看到任何 HttpOnly 标志,但我确实看到了我设置为
www.mydomain.com
domain
。 Is that equivalent to HttpOnly = true?这等价于 HttpOnly = true 吗?
You can't do this using ngCookies.你不能使用 ngCookies 来做到这一点。 A
HttpOnly
cookie can't be created from JavaScript, the alternative however, is to make an ajax query to the server that will add a Set-Cookie
HTTP response.无法从 JavaScript 创建
HttpOnly
cookie,但是,替代方法是对服务器进行 ajax 查询,以添加Set-Cookie
HTTP 响应。
Related: Set a cookie to HttpOnly via Javascript相关: 通过 Javascript 将 cookie 设置为 HttpOnly
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.