如何在Node.js和Express.js应用程序中设置HttpOnly标志? [英] How to set HttpOnly flag In Node.js ,Express.js application?
本文介绍了如何在Node.js和Express.js应用程序中设置HttpOnly标志?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我在 node.js 中有一个项目,我想为标题响应设置 HttpOnly标志:true .
Hi I have a project in node.js and I want to set the HttpOnly flag: true for header response.
我已经在 app.js 中编写了以下代码,但对响应标头无效.
I have written the following code in app.js but it make no effect in response header .
app.use(session({
secret: "notagoodsecretnoreallydontusethisone",
resave: false,
saveUninitialized: true,
cookie: {httpOnly: true, secure: true}
}));
因此,最欢迎在 express.js 中设置 HttpOnly标志的任何建议.
So any suggestion for setting HttpOnly Flag in express.js is most welcome.
推荐答案
我认为您可以尝试一下!
I think you could try this!
app.use(session({
cookieName: 'sessionName',
secret: "notagoodsecretnoreallydontusethisone",
resave: false,
saveUninitialized: true,
httpOnly: true, // dont let browser javascript access cookie ever
secure: true, // only use cookie over https
ephemeral: true // delete this cookie while browser close
}));
这篇关于如何在Node.js和Express.js应用程序中设置HttpOnly标志?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
