I'm trying to set a secure cookie on localhost:
Set-Cookie: loggedUser=brillout; Max-Age=315360000; Path=/; HttpOnly; Secure
But Chrome complains:
This Set-Cookie was blocked because it had the "Secure" attribute but was not received over a secure connection.
Removing Secure while in development is unfortunately not possible: the cookie is set in a library and the library cannot easily know whether it is being used in production or in dev.
Is it possible to use Secure on http://localhost?
According to MDN it should work:
A cookie with the Secure attribute is sent to the server only with an encrypted request over the HTTPS protocol, never with unsecured HTTP (except on localhost)
Aucun commentaire:
Enregistrer un commentaire