6

work on a full spa with vue, vue-router, vue-resource, etc. sending request with vue-resource and server will return a response with a set-cookie header, but it is a httpOnly cookie, how could I make this cookie also work with the vue-resource request?

funkyLover
  • 127
  • 1
  • 9

1 Answers1

5

To prevent cross-site scripting (XSS) attacks, HTTP-only cookies aren't accessible via JavaScript through the Document.cookie property, the XMLHttpRequest and Request APIs.

You may refer to here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#Secure_and_HttpOnly_cookies

Tony Yip
  • 705
  • 5
  • 14