stompjs icon indicating copy to clipboard operation
stompjs copied to clipboard

Published 20 hours ago verified publisher icon stomp-js

How to add httpOnly cookies to connectHeaders

Open gaoooon opened this issue 11 months ago • 2 comments

Please let me know if there is an example of putting httpOnly cookies in connectHeaders.

gaoooon avatar Mar 14 '24 14:03 gaoooon

I am unclear about your question. The connectHeaders are not HTTP headers.

Please check https://stomp-js.github.io/faqs/faqs.html#p-can-i-use-token-based-authentication-with-these-libraries-p

If it does not resolve your query, please elaborate.

kum-deepak avatar Mar 14 '24 14:03 kum-deepak

Since our team is using HTTP Only cookies, direct access to cookies from the client-side is not possible. Consequently, manually including the access token in the connectHeader is necessary. However, obtaining the access token is not feasible due to the HTTP Only cookie restriction. Even when using withCredentials, the connectHeader is not an HTTP header, making it impossible to access the cookie directly.

Is there a way to solve this issue?

Here are the solutions our team is considering:

Adding a new API endpoint on the server that returns the access token in the response body. Modifying the server logic to handle the access token differently. Your feedback would be appreciated.

frorong avatar Mar 14 '24 14:03 frorong

Closing this as it is not an issue with this library.

kum-deepak avatar Apr 26 '24 09:04 kum-deepak