Browser ignoring set-cookie

Question

I am working on Angular 2 / Django Project. Each project is running on a specific port.

When making a post to /login route, server returns seesionid and csrftoken cookies. Javascript code can't access both returned cookies and they don't apear on chrome developer tool:

Response:

Access-Control-Allow-Credentials:true
Access-Control-Allow-Origin:http://localhost
Allow:POST, OPTIONS
Date:Tue, 04 Apr 2017 14:47:31 GMT
Server:WSGIServer/0.2 CPython/3.5.2
Set-Cookie:csrftoken=ITzlkMrTtSYcmlNQANFvxQHlZ829qXe0tEblA3KOaKY6iRRB7Y3pYlvdcZNSpDcv; expires=Tue, 03-Apr-2018 14:47:31 GMT; Max-Age=31449600; Path=/
Set-Cookie:sessionid=d5v1mri12bniyvyqqt55ar8mfl9mr2jk; expires=Tue, 18-Apr-2017 14:47:31 GMT; HttpOnly; Max-Age=1209600; Path=/
Vary:Accept, Cookie, Origin
X-Frame-Options:SAMEORIGIN

"Javascript code can't access both returned cookies" access how ? — n00dl3, Apr 04 '17 at 14:54
document.cookie returns empty string "", I need to access csrftoken cookie using javascript to inject it in the csrf http header for the next request — amine amine, Apr 04 '17 at 14:56
document.cookie is (as its name states) for the cookie of the current document, not AJAX response. — n00dl3, Apr 04 '17 at 14:57
[this might help](http://stackoverflow.com/questions/12840410/how-to-get-a-cookie-from-an-ajax-response) — n00dl3, Apr 04 '17 at 15:05
[And this might help too](http://stackoverflow.com/questions/14686769/xmlhttp-getresponseheader-not-working-for-cors) as you are working on different ports (see the first answer). — n00dl3, Apr 04 '17 at 15:06
Possible duplicate of [How to get a cookie from an AJAX response?](http://stackoverflow.com/questions/12840410/how-to-get-a-cookie-from-an-ajax-response) — n00dl3, Apr 04 '17 at 15:06
what about the first cookie it's not httpOnly and it's meant to be automatically written to the current document without manual extraction. — amine amine, Apr 04 '17 at 15:10

Browser ignoring set-cookie

0 Answers0