1

I am trying to fetch data from my api, I need to pass a cookie in the header. I tested on postman, and it works, but I does not work in my code, the return error is 403. Any ideas what I am missing ?

Thanks

here is my code:

function LoadStudies() {

    const config = {
    
        headers: { 
            Cookie: '_ga=GA1.2.2139220028.1611912340;csrftoken=ADJBapIX3oLu3j8QHdD05zsJnDhzx0jDYtAjKV2GY0FkBzVNfdLY8xVMV1YF4Ibd;djdt=show;sessionid=0x40wumk8ehcb4boh6610pqud5wtqsjl;session_state=4f7e11af-abd0-4f9f-8357-611100821df3' 
        },
        withCredentials :true,
   
    }
    console.log(config)
    axios
        .get("https://Domain/api/study/", config)
        .then((response) => {
            console.log('working!')
        }).catch((error) => {
            console.log(error)
        });

}

LoadStudies();
Sabbin
  • 2,215
  • 1
  • 17
  • 34

1 Answers1

0

(I'm assuming you are running this client-side, in a browser, given the tag:reactjs] tag).

Cookie is a forbidden header name.

You can't set the header manually with client-side JavaScript. You must have an existing cookie (which will then be sent if you have withCredentials: true).

If you are making a same origin request you could set it via document.cookie, otherwise you will have to make an HTTP request (with withCredentials: true) and have the API set the cookie (browser restrictions on 3rd-party cookies may cause problems here though).

Note that APIs are generally stateless, so it is quite odd that you are trying to send cookies with a Google Analytics ID, a session ID, and a csrftoken. Generally you would just be sending an authorisation token, which is commonly a JWT these days, and often in the Authorization header rather than a Cookie.

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335