search

stomp-js / stompjs

Javascript and Typescript Stomp client for Web browsers and node.js apps
Apache License 2.0
775 stars 81 forks source link

How to add httpOnly cookies to connectHeaders #626

Closed gaoooon closed 7 months ago

gaoooon commented 8 months ago

Please let me know if there is an example of putting httpOnly cookies in connectHeaders.

kum-deepak commented 8 months ago

I am unclear about your question. The connectHeaders are not HTTP headers.

Please check https://stomp-js.github.io/faqs/faqs.html#p-can-i-use-token-based-authentication-with-these-libraries-p

If it does not resolve your query, please elaborate.

frorong commented 8 months ago

Since our team is using HTTP Only cookies, direct access to cookies from the client-side is not possible. Consequently, manually including the access token in the connectHeader is necessary. However, obtaining the access token is not feasible due to the HTTP Only cookie restriction. Even when using withCredentials, the connectHeader is not an HTTP header, making it impossible to access the cookie directly.

Is there a way to solve this issue?

Here are the solutions our team is considering:

Adding a new API endpoint on the server that returns the access token in the response body. Modifying the server logic to handle the access token differently. Your feedback would be appreciated.

kum-deepak commented 7 months ago

Closing this as it is not an issue with this library.