How to enable reading cookies for localhost?

D

djEban2022-02-16 12:15:12

local server

djEban, 2022-02-16 12:15:12

Hello!
I have a server located under the myserver.com domain. Settings: HttpOnly=false, SameSite=None, Secure=true
I have ngrok (to make it https) proxying requests to localhost:3000.
But here's the problem: I can't read the session cookie through the console. How so? After all, all the necessary attributes on the server are disabled/enabled.
And if I go to myserver.com and enter document.cookie in the console, everything will be visible.
It turns out that I can't allow cross-domain reading of cookies in ANY WAY (without using any hacks in the form of subdomains and other things)?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

antares4045, 2022-02-16
@antares4045

̶S̶e̶c̶u̶r̶e̶ = ̶f̶a̶l̶s̶e̶ ̶p̶o̶p̶r̶o̶b̶u̶y̶t̶e̶ ̶-̶-̶ ̶s̶u̶d̶ya̶ ̶p̶o̶ ̶m̶a̶n̶u̶a̶l̶a̶m̶ ̶d̶o̶l̶zh̶n̶o̶ ̶p̶r̶o̶k̶a̶t̶i̶t̶̶.̶ But security cors long been at the mercy of browser vendors and every city that wants to (the last time I had problems turned out to be the most friendly Yandex Browser)
PS while responding to a comment, read MDN and it says that not Secure, but HttpOnly cookies are inaccessible to Javascript (although I'm sure it was the other way around a year ago (maybe I'm an idiot)) so now everything is in theory correct for you (if there are no problems with Expires and Domain with Path) if you can - remove HttpOnly altogether (so that it is not mentioned in the settings). True, Google in this case is not obliged to follow the manuals of the muff.