[Webkit-unassigned] [Bug 232088] Unable to set httpOnly cookie for localhost in Safari from Node JS
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Oct 21 09:40:36 PDT 2021
https://bugs.webkit.org/show_bug.cgi?id=232088
--- Comment #6 from John Wilander <wilander at apple.com> ---
Thanks for filing.
(In reply to Raj from comment #0)
> Created attachment 442035 [details]
> Http Cookie on Edge vs Safari
>
> I am using node express server to set a httpOnly cookie on localhost:3000. I
> can see cookie setting on other browsers but not on Safari.
>
>
> Here is HTML code:
>
> <html>
> <head>
> <title> CGID Beta </title>
> <script
> src="https://assets.adobedtm.com/43cf45b098bd/38a98b49e24d/launch-
> 5d7d0d6eb58d-development.min.js" async></script>
> </head>
> <body>
> <br><br><br>
> <h1><center>Welcome to CGID beta
> program</center></h1><br><br><br><br>
> <h3><center>To set a http only cookie click the below
> button</center></h3><br><br><br>
> <center>
> <form method="post" action="/">
> <button type="submit">CLICK ME</button>
> </form>
> </center>
> </body>
> </html>
>
>
> Here is node server-side code:
>
> const express = require("express");
> const bodyParser = require("body-parser")
> const cookieParser = require('cookie-parser');
> const { v4: uuidv4 } = require('uuid');
>
> const app = express();
>
> app.use(cookieParser());
>
> app.use(bodyParser.urlencoded({
> extended:true
> }));
>
> app.get("/", (req, res) => {
> res.sendFile(__dirname + "/index.html");
> });
>
> app.post("/", function(req, res) {
> res.cookie('CGID', uuidv4(), {
> maxAge: 60*60*24*30*13,
> httpOnly: true,
> secure: true,
Are you using a self-signed certificate for localhost and serving all of its resources over https? Secure cookies are not accepted from non-secure pages.
> sameSite: "lax",
> domain: 'localhost',
> path: '/',
> });
> //res.send("<h2>CGID is now set</h2>")
> });
>
> app.listen(3000, () => {
> console.log("Application started and Listening on port 3000");
> });
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20211021/8df9c780/attachment.htm>
More information about the webkit-unassigned
mailing list