"Refused to set unsafe header 'Cookie' " while sending cookies with GET request in angular 6

You can't do this, cause the browser doesn't allow you to do it. Let me describe the problem here:

Did you notice the Set-Cookie: JSESSIONID=......; Path=/; HttpOnly in your response headers? Well, The problem is the HttpOnly flag. Actually :) it's not a problem, it's a feature to prevent attacks that aim to steal your browser cookies:

HttpOnly is a flag added to cookies that tell the browser not to display the cookie through client-side scripts (document.cookie and others). ... When you set a cookie with the HttpOnly flag, it informs the browser that this special cookie should only be accessed by the server

So the browser doesn't allow any javascript code to access this variable. If you could change that value, then it's not a HttpOnly flagged cookie anymore:)

If you want to send this cookie via javascript, you should send it via the Authorization header for example and write middleware in Java server so that it captures these values from the Authorization header and think of them as JSESSIONID cookie. No more options for you :)

"Refused to set unsafe header 'Cookie' " while sending cookies with GET request in angular 6

Tags:

Java

Cookies

Spring Security

Spring Boot

Angular

Related

Recent Posts