I stored jwt in a http only cookie. I can access it automatically in java controller classes as it gets included in the request. However, I can't find a way to get the token for JavaScript ajax in order to post a request to the APIs. Those APIs require the token in authorization header. Am I doing it the wrong way?
Asked
Active
Viewed 148 times
0
-
There are certain rules for Cookie where it should be sent when it should be stored. Please provide the Web URL and the API URL, cookie data which is sent to the client from the server? – Ashish May 21 '20 at 11:54
-
Did you see this - https://stackoverflow.com/questions/8064318/how-to-read-a-http-only-cookie-using-javascript – Mukesh Keshu May 21 '20 at 11:55
-
@Mukesh Keshu Yes. Does it mean I should make remove the http only property? Where should I store it in the client side then? – Sangames Kumar May 21 '20 at 12:04
-
https://stackoverflow.com/questions/26340275/where-to-save-a-jwt-in-a-browser-based-application-and-how-to-use-it – Mukesh Keshu May 21 '20 at 12:29
1 Answers
0
The whole point to set a cookie as http-only so that it can not be assessed by client-side javascript. If you want the token to be included in the header from the client-side request
you can set the header Authorization: Bearer 'your token goes here'
subashMahapatra
- 6,339
- 1
- 20
- 26
-
That's alright. But from where do you get the token? The client side request is plain javaScript. – Sangames Kumar May 21 '20 at 12:07
-
Can you explain a bit more how are you trying to make the client-side request? Is it an external API you are trying to call but you need the token inside the cookie to make the call or you just need to send the jwt back to your own server with a post request? – subashMahapatra May 21 '20 at 12:21
-
It is an ajax POST request to internal API which is triggered when a dropdown is selected. I need to somehow send the token(which is saved in http only cookie) in the header of that ajax post request. – Sangames Kumar May 21 '20 at 13:33