1

I'm trying to intercept Set-Cookie response header from fetch's response:

fetch('https://upload.wikimedia.org/wikipedia/commons/4/47/PNG_transparency_demonstration_1.png', {
 method: 'get'
}).then(function(response) {
    for (var pair of response.headers.entries()) {
        console.log(`${pair[0]}: ${pair[1]}`);
    }
});

But not all of the headers (as can be seen in developer tools' network) can be found in there! Why is that? Is there any way I can get the header I'm looking for?

Just for clarification, I'm not looking for the cookie but I'm interested to know when the Set-Cookie header is sent.

Kaiido
  • 123,334
  • 13
  • 219
  • 285
Mehran
  • 15,593
  • 27
  • 122
  • 221
  • `Fetch API cannot load https://google.com/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://www.google.com' is therefore not allowed access. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.` – guest271314 Sep 24 '16 at 04:01
  • @guest271314 That's because I could not find any website with `Access-Control-Allow-Origin: *`. If you know any, please tell me. – Mehran Sep 24 '16 at 04:03
  • Use `"/"` as URL at the current Question at `console` – guest271314 Sep 24 '16 at 04:03
  • @guest271314 Does not help, it leads to the same error! – Mehran Sep 24 '16 at 04:08

1 Answers1

2

You cannot read the Set-Cookie header as it is declared as forbidden. The fetch polyfill on github provides a reasonable explanation:

Like with XMLHttpRequest, the Set-Cookie response header returned from the server is a forbidden header name and therefore can't be programatically read with response.headers.get(). Instead, it's the browser's responsibility to handle new cookies being set (if applicable to the current URL). Unless they are HTTP-only, new cookies will be available through document.cookie.

https://github.com/github/fetch#receiving-cookies

TomLingham
  • 331
  • 1
  • 6