I've been trying to access the Set-Cookie value from the response headers. I have went through a lot of questions on here and also through other forums. The cookie is not 'HTTPOnly', SameSite: None, Secure: True.

I'm trying to make a post request, response status is 302(Redirect) and also the response body(in PostMan) is {redirect: '/next/', someId: 'random_id_value'}. However no matter how much I try to access the set-cookie, I'm failing at it.

I have used the CORS extension as well. Changed 'withCredentials: true', "credentials: 'include'". Used a proxy too. Also, I'm using localhost:3000 to render the page in my react dev server.

Really hoping that someone could give me a solution to access the set-cookie.

I've been trying to access the Set-Cookie value from the response headers. I have went through a lot of questions on here and also through other forums. The cookie is not 'HTTPOnly', SameSite: None, Secure: True.

I'm trying to make a post request, response status is 302(Redirect) and also the response body(in PostMan) is {redirect: '/next/', someId: 'random_id_value'}. However no matter how much I try to access the set-cookie, I'm failing at it.

I have used the CORS extension as well. Changed 'withCredentials: true', "credentials: 'include'". Used a proxy too. Also, I'm using localhost:3000 to render the page in my react dev server.

Really hoping that someone could give me a solution to access the set-cookie.

• javascript
• reactjs
• cookies
• axios
• setcookie

Share Improve this question Follow asked Sep 8, 2022 at 11:46 SrikanthSrikanth 3111 silver badge33 bronze badges 10

• document.cookie? – Jaromanda X Commented Sep 8, 2022 at 11:52
• You must add SSL to your domain, then you can access cookies value otherwise not possible. But if you are running from your local machine or localhost or IP address then you are not facing this problem. I have already fetched this problem and already solved it. If not posible add ssl at that time, then you can use localstorage. – Bulbul Sarker Commented Sep 8, 2022 at 11:58
• @JaromandaX the cookie received in the response header is not set in the Application/Cookie. So, I can't really access it via document.cookie – Srikanth Commented Sep 8, 2022 at 12:05
• @BulbulSarker I'm running this from my local machine through Localhost and I'm facing this problem. Is there any way to get the Set-Cookie value without making changes to the backend server? I'm receiving the data in response headers which is visible in Network but the cookie is not set in Application/Cookie or Application/Localstorage – Srikanth Commented Sep 8, 2022 at 12:07
• Are cookies set in the browser? – Bulbul Sarker Commented Sep 8, 2022 at 12:36

 |  Show 5 more ments

1 Answer 1

Sorted by: Reset to default 4

In accordance with the Fetch standard, client code cannot read Set-Cookie response headers, even if the server happens to be configured for CORS and lists Set-Cookie in its responses' Access-Control-Expose-Headers header. See this section of the standard:

A forbidden response-header name is a header name that is a byte-case-insensitive match for one of:

• Set-Cookie
• Set-Cookie2

and further down:

A CORS-safelisted response-header name[...] is a header name that is a byte-case-insensitive match for one of

• [...]
• Any item in [Access-Control-Expose-Headers] that is not a forbidden response-header name.