[英]How to set HttpOnly flag In Node.js ,Express.js application?
Hi I have a project in node.js
and I want to set the HttpOnly flag: true for header response.嗨,我在
node.js
有一个项目,我想设置HttpOnly 标志:对于 header 响应为 true 。
I have written the following code in app.js
but it make no effect in response header.我在
app.js
中编写了以下代码,但它对响应 header 没有任何影响。
app.use(session({
secret: "notagoodsecretnoreallydontusethisone",
resave: false,
saveUninitialized: true,
cookie: {httpOnly: true, secure: true}
}));
So any suggestion for setting HttpOnly Flag in express.js
is most welcome.因此,欢迎任何关于在
express.js
中设置HttpOnly 标志的建议。
I think you could try this! 我想你可以尝试一下!
app.use(session({
cookieName: 'sessionName',
secret: "notagoodsecretnoreallydontusethisone",
resave: false,
saveUninitialized: true,
httpOnly: true, // dont let browser javascript access cookie ever
secure: true, // only use cookie over https
ephemeral: true // delete this cookie while browser close
}));
This example uses cookie-parser library.此示例使用 cookie-parser 库。
Setting a cookie: res.cookie("cookie_name", token, {})设置 cookie:res.cookie("cookie_name", token, {})
Pass res.cookie() an options object with httpOnly: true
,使用
httpOnly: true
传递 res.cookie() 一个选项 object ,
const options = {
expires: duration,
httpOnly: true,
};
Final eg最后例如
res.cookie("cookie_name", token, options)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.