javascript - Is this a good / secure way to set server side cookies from client -

-

i working single app application framework called reactjs, issue encountered setting httponly cookies, can not set / read client side needed figure out way how use express this.

one idea came make post request route /cookie:data data value of token needs stored in cookie, so:

app.post('/cookie:data', function(req, res) {   // set cookie here   res.send(200) })

issue hesitant token contains unique user identifier used secure api, , not sure if or not exposing setting cookie way.

alternatively instead of using :data beneficial figure out how can grab data (json object) post request

edit: 1 issue can think of can post route , set different cookies? way of securing it?

edit 2: express setup use proxy api calls (only relevant clarifying comments)

  app.use('/api', function (req, res) {     let url = config.api_host + req.url     req.pipe(request(url)).pipe(res)   })

say want proxy requests starting /api third-party, except /api/users, want perform 'manually' because returns token need:

app.post('/api/users', function(req, res) {   let url        = config.api_host + req.url;   let apirequest = request.post(url, function(err, response, body) {     // responses examples, should tailor them situation     if (err) {       return res.sendstatus(500);     } else if (response.statuscode !== 200) {       return res.sendstatus(response.statuscode);     } else {       res.cookie('token', body).send('ok');     }   });   req.pipe(apirequest); })  app.use('/api', function (req, res) {   let url = config.api_host + req.url   req.pipe(request(url)).pipe(res) })

Comments

Post a Comment

Popular posts from this blog

sequelize.js - Sequelize group by with association includes id -

-
so when requesting group sequelize follows: return models.workingcalendar .findall({ attributes: [ 'workingcalendar.periodid', 'workingcalendar.date', 'period.name' ], include: [ { model: models.period, attributes: [] } ], where: { getsudoid: currentgetsudo.id, unitplantid: unitplantid }, group: ['workingcalendar.periodid', 'workingcalendar.date', 'period.name'], }); sequelize run query: select [workingcalendar].[id], [workingcalendar].[periodid], [workingcalendar].[date], [period].[name] [workingcalendars] [workingcalendar] left outer join [periods] [period] on [wor
Read more

android - Robolectric "INTERNET permission is required" -

-
i'm getting error when create activity robolectric: java.lang.illegalargumentexception: internet permission required. this i'm doing: @config(constants = buildconfig.class, sdk = testconfig.min_sdk_unit_tests, manifest = "src/main/androidmanifest.xml") @runwith(robolectricgradletestrunner.class) public class atest { @test public void testtrackdonotaskmeagainselected() throws exception { final anactivity activity = robolectric.buildactivity(anactivity.class).create().get(); } update 1: our current setup, have manifests: app/src/androidtest/androidmanifest.xml app/src/debug/androidmanifest.xml app/src/main/androidmanifest.xml app/src/test/androidmanifest.xml i found debug executed instead of test , that's why permission in app/src/test/androidmanifest.xml ignored. add manifest: <uses-permission android:name="android.permission.internet" />
Read more

java - Android raising EPERM (Operation not permitted) when attempting to send UDP packet after network connection -

-
when responding supplicant_state_changed_action broadcast , attempting send udp packet, exception: java.net.socketexception: sendto failed: eperm (operation not permitted) @ libcore.io.iobridge.maybethrowaftersendto(iobridge.java:542) @ libcore.io.iobridge.sendto(iobridge.java:511) @ java.net.plaindatagramsocketimpl.send(plaindatagramsocketimpl.java:184) @ java.net.datagramsocket.send(datagramsocket.java:305) @ com.mycompany.app.serviceclass.discover(serviceclass.java:355)at com.mycompany.app.serviceclass.access$600(serviceclass.java:39) @ com.mycompany.app.serviceclass$statemachine.run(serviceclass.java:242) @ java.lang.thread.run(thread.java:818) caused by: android.system.errnoexception: sendto failed: eperm (operation not permitted) @ libcore.io.posix.sendtobytes(native method) @ libcore.io.posix.sendto(posix.java:211) @ libcore.io.blockguardos.sendto(blockguardos.java:278) @ libcore.io.iobridge.sendto(iobridge.java:509) @ java.net.plaindat
Read more