search

apache / cordova-plugin-inappbrowser

Apache Cordova InAppBrowser Plugin
https://cordova.apache.org/
Apache License 2.0
1.11k stars 2.14k forks source link

Access HTTP response headers #1011

Closed KaemmeA closed 9 months ago

KaemmeA commented 9 months ago

As document.cookie does not include HttpOnly cookies, Is there any way to use this plugin to access HTTP response headers, e.g. for accessing the Set-Cookie header?

breautek commented 9 months ago

A httpOnly cookie means its a cookie only meant to be accessed by the server. Browser user agents shouldn't expose these cookies to the clients scripting interface.

I don't think the underlying webview has the capability to read response headers of requests but even if it would be considered a security vulnerability if there was a way to expose httpOnly headers.

If you want to use cookie information in the clients, then the proper solution is for the server to remove the httpOnly flag when setting cookies.