I have a web server that sets a httpOnly
cookie on the res
object but it is not saved in the browser.
const refreshToken = 'my-token'
res.cookie('refreshToken', refreshToken, { httpOnly: true, secure: true, sameSite: 'none' })
This server is served on https://192.168.1.179:3001
The client application (Angular 11) is served on https://192.168.1.179:4200
I generated self-signed ssl certificates for both the server and the client (And installed them as Trusted root authorities
), don't know if that matters.
The funny thing is that the browser receives this cookie:
EDIT: I also app.use(cors())
if that matters
httpOnly cookies cannot be accessed by client-side application in the browser. Change httpOnly to false.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.