Skip to content
This repository has been archived by the owner on Oct 29, 2021. It is now read-only.

Make "Set-Cookie" header in the response optional #187

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Make "Set-Cookie" header in the response optional #187

wants to merge 1 commit into from

Conversation

AliasQli
Copy link

I noticed that often it's not needed to pass a JWT token in cookie.
A field is added to CookieSettings to let the used specify whether to generate Set-Cookie headers. The default value for it is True, so the default behavior is kept the same as prevoius versions.
I made as little change as possible to add this feature.

@domenkozar
Copy link
Collaborator

@AliasQli what's the use case?

@AliasQli
Copy link
Author

@domenkozar Because it's often the desired behaviour of an API server. At least in my use case, there's only one central place for verification (for example, login) and the server will respond with a JSON containing the JWT token, like this:

{
    "token": "someJwtToken"
}

And the client will use this token in all its following requests as its bearer token.
In such a use case, the set-cookie header is completely unneeded, and may even lead to security problems. Thus I propose making the header optional.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AliasQli @domenkozar