Search code examples
reactjscookieshttponly

Can Javascript React send HttpOnly cookie to Server?

Can you, using fetch or by some other means send request with HttpOnly cookie to server in React ?

I know HttpOnly means you can't access it with JS. I'm thinking maybe you can't read it but you can send it back? I don't know.

I want this:

  • Request to server is made from client (ReactJS SPA)
  • Server responds and sets HttpOnly Cookie.
  • Client gets response, cookie is automatically set by browser.

With new request to that same server I want to send back that cookie. is this possible using ReactJS ? or maybe there are some ways to bypass that, like maybe opening new window, with simple HTML, not ReactDOM ?

Thanks for your help.

Solution

  • Ok, I checked it out.

    Cookie with HttpOnly set with true, will still be send using ReactJS, fetch or any other Request made with JS, You just Can't read it using JS, but when using HttpPost, HttpGet, or other. Browser still attaches it to request, even if it's HttpOnly.

    I guess the lesson here is that browser handles setting cookies to requests, and it doesn't care if request is made by HTML, or JavaScript.