javascript - Is this a good / secure way to set server side cookies from client -

-

i working single app application framework called reactjs, issue encountered setting httponly cookies, can not set / read client side needed figure out way how use express this.

one idea came make post request route /cookie:data data value of token needs stored in cookie, so:

app.post('/cookie:data', function(req, res) {   // set cookie here   res.send(200) })

issue hesitant token contains unique user identifier used secure api, , not sure if or not exposing setting cookie way.

alternatively instead of using :data beneficial figure out how can grab data (json object) post request

edit: 1 issue can think of can post route , set different cookies? way of securing it?

edit 2: express setup use proxy api calls (only relevant clarifying comments)

  app.use('/api', function (req, res) {     let url = config.api_host + req.url     req.pipe(request(url)).pipe(res)   })

say want proxy requests starting /api third-party, except /api/users, want perform 'manually' because returns token need:

app.post('/api/users', function(req, res) {   let url        = config.api_host + req.url;   let apirequest = request.post(url, function(err, response, body) {     // responses examples, should tailor them situation     if (err) {       return res.sendstatus(500);     } else if (response.statuscode !== 200) {       return res.sendstatus(response.statuscode);     } else {       res.cookie('token', body).send('ok');     }   });   req.pipe(apirequest); })  app.use('/api', function (req, res) {   let url = config.api_host + req.url   req.pipe(request(url)).pipe(res) })

Comments

Post a Comment

Popular posts from this blog

sequelize.js - Sequelize group by with association includes id -

-
so when requesting group sequelize follows: return models.workingcalendar .findall({ attributes: [ 'workingcalendar.periodid', 'workingcalendar.date', 'period.name' ], include: [ { model: models.period, attributes: [] } ], where: { getsudoid: currentgetsudo.id, unitplantid: unitplantid }, group: ['workingcalendar.periodid', 'workingcalendar.date', 'period.name'], }); sequelize run query: select [workingcalendar].[id], [workingcalendar].[periodid], [workingcalendar].[date], [period].[name] [workingcalendars] [workingcalendar] left outer join [periods] [period] on [wor...
Read more

java - Android raising EPERM (Operation not permitted) when attempting to send UDP packet after network connection -

-
when responding supplicant_state_changed_action broadcast , attempting send udp packet, exception: java.net.socketexception: sendto failed: eperm (operation not permitted) @ libcore.io.iobridge.maybethrowaftersendto(iobridge.java:542) @ libcore.io.iobridge.sendto(iobridge.java:511) @ java.net.plaindatagramsocketimpl.send(plaindatagramsocketimpl.java:184) @ java.net.datagramsocket.send(datagramsocket.java:305) @ com.mycompany.app.serviceclass.discover(serviceclass.java:355)at com.mycompany.app.serviceclass.access$600(serviceclass.java:39) @ com.mycompany.app.serviceclass$statemachine.run(serviceclass.java:242) @ java.lang.thread.run(thread.java:818) caused by: android.system.errnoexception: sendto failed: eperm (operation not permitted) @ libcore.io.posix.sendtobytes(native method) @ libcore.io.posix.sendto(posix.java:211) @ libcore.io.blockguardos.sendto(blockguardos.java:278) @ libcore.io.iobridge.sendto(iobridge.java:509) @ java.net.plaindat...
Read more

c++ - Migration from QScriptEngine to QJSEngine -

-
i'm migrating qscriptengine code on qjsengine. now, have: class pars { public: static qscriptvalue printmainlog(qscriptcontext* c, qscriptengine* e); }; qscriptvalue pars::printmainlog(qscriptcontext* c, qscriptengine* e) { //some actions return e->globalobject().property(""); } ... qscriptengine engine; ... engine.globalobject().setproperty("printlog",engine.newfunction(pars::printmainlog)); so, user can put printlog("what ever"); in application in , example, qlineedit , function pars::printmainlog evalute. is there way qjsengine? so, user put same printlog("what ever");? way find here , user should put logger.printlog("what ever"); logger class inherited qobject printlog slot.
Read more