Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
minhazm
on April 7, 2021
|
parent
|
context
|
favorite
| on:
SPAs Are Dead?
That also applies to cookies. Users can run any browser or script to access your site and do whatever they want with the cookies.
gigaftp
on April 7, 2021
|
next
[–]
In the context of a compliant web browser you can set a cookie as http only as to disallow access it via Js.
Jenk
on April 7, 2021
|
prev
|
next
[–]
Not for http-only cookies it doesn't.
fractionalhare
on April 7, 2021
|
prev
[–]
No they can’t, refer to the documentation on cookie flags and attributes like httpOnly:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
