Skip to content
This repository was archived by the owner on May 22, 2024. It is now read-only.
This repository was archived by the owner on May 22, 2024. It is now read-only.

JWT cookie httpOnly solution #48

Closed
@ace-han

Description

@ace-han

It's time to keep jwt token in httpOnly cookie for website

Take a close look at jazzband/djangorestframework-simplejwt#157

Try installing https://github.com/AtuzSolution/django-rest-framework-simplejwt/commits/jwt_cookie

  • Some test procedures:
  1. first visit / in browser
  2. open console in the browser and
        fetch("/api/v1/guest", {
            "headers": {
                "accept": "application/json,text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
                "accept-language": "en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7,zh-TW;q=0.6",
                "cache-control": "no-cache",
                "pragma": "no-cache",
                "sec-fetch-dest": "document",
                "sec-fetch-mode": "navigate",
                "sec-fetch-site": "none",
                "sec-fetch-user": "?1",
                "upgrade-insecure-requests": "1"
            },
            "referrerPolicy": "no-referrer-when-downgrade",
            "body": null,
            "method": "GET",
            "mode": "cors",
            "credentials": "include"
        }).then(resp => {console.info(resp, resp.json())});
  1. you will see the cookies in Tab Application of the browser debugger
  2. event the devServer (change the api to dev-api) could proxy the cookie

Metadata

Metadata

Assignees

Labels

enhancementNew feature or request

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions