7

I was trying to set parameters of the cookie using angular. I am able to set Expiration date and security parameter but not able to set the HttpOnly Parameter. I have set 'Expires' and 'Security' using angular cookie service i.e "cookie.service.d.ts" using below method

set(name: string, value: string, expires?: number | Date, path?: string, domain?: string, secure?: boolean, sameSite?: 'Lax' | 'Strict'): void;

I could not find how to set the HttpOnly parameter because angular cookie service does not contain such a parameter. any best way to set the HttpOnly parameter.

PFA..

enter image description here

Improve this question

2 Answers 2

Reset to default
16

HttpOnly flag on a cookie implies that it can be set and accessed by the server side only. Client code will not have access to such cookies. Hence you will not be able to set this flag from the client side code like angular.

This is a security feature to prevent client side code (malicious code injected through XSS) from reading sensitive information stored in cookies.

Refer this issue and this answer for more info.

Also below is the text snippet from MDN. -

Cookies created via JavaScript cannot include the HttpOnly flag.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Nice response. However, can angular read that cookie?
3

HttpOnly cookies are not accessible from the client side, meaning you will not be able to read or set it.

You can use a regular cookie to store a authorization token like JWT which you can generate from the backend.

Angular treats all values as untrusted by default. When a value is inserted into the DOM from a template binding, or interpolation, Angular sanitizes and escapes untrusted values.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.