nuxt-ssr-firebase-auth icon indicating copy to clipboard operation
nuxt-ssr-firebase-auth copied to clipboard

Published 20 hours ago verified publisher icon davidroyer

HttpOnly cookie

Open besnikh opened this issue 5 years ago • 0 comments

I used a lot of this repo to do ssr auth on my side, especially the req thing was very usefull.

I am little confused about the HttpOnly flag, protecting agains XSS .. and you are not using here but also that is referenced on Firebase Auth.

Am I wrong here or should we use something else to "protect" cookie ?

I tried to do something like this but It's not working:

auth.addAuthTokenListener(function (idToken) {
   document.cookie = '__session=' + idToken + ';max-age=' + (idToken ? 604800 : 0) + ';HttpOnly'
})

besnikh avatar Sep 10 '18 04:09 besnikh