Suppose on server side you set 2 httpOnly cookies (accesstoken & refreshtoken) you want to pass accesstoken to all of the frontend requests but only pass refreshtoken to /RefreshToken endpoint.
I can see in axios withCredential: true flag allows for all httponly cookies to be passed to server, but is there a way to customize this to a specific cookie ?
That isn't how httpOnly
cookies work. You don't get to access them or decide which gets sent from the browser.
It seems like your server-side code for the /RefreshToken
route can easily just ignore the accessToken
cookie and only pay attention to the refreshToken
cookie. That's entirely up to your server code so you can just code it accordingly.
but is there a way to customize this to a specific cookie ?
No, not for httpOnly
cookies. They are httpOnly
for a reason - the client can't mess with them in any way.