I'm setting up CSRF in my React application and I'm trying to access a cookie that has been set by my Node server.
I'm using universal-cookie to try to read the cookies. I can access some of the cookies, just not the one I need.
The cookies look like:
csrf_token_secret=s%3AXfLOSTp6QNLTeRk;
Path=/; Expires=Tue, 20 Mar 2018 12:34:34 GMT; HttpOnly
_csrf=PqswrVPP4GUePCh-0fFewrHh; Path=/
Using universal-cookie I tried:
const cookies = new Cookies();
console.log(cookies.get('csrf_token_secret'));
console.log(cookies.get('_csrf'));
I can access _csrf just fine but I can't get the value of csrf_token_secret.
What do I need to do differently to get the value of this cookie? I assume it has something to do with the HttpOnly flag?
The HttpOnly tag means it can't be accessed by JS, only by your server.
this explains things in more detail... Set a cookie to HttpOnly via Javascript