ayanc97
Exploring Cookies set by phoenix methods and sending ajax request with auth token in header
Hi, I am complete new to handling cookies and storing tokens in order to send request from phoenix template html page to api endpoint, authenticated by auth plug (via ajax), so I need a way to store the auth token to send them along with every request, but if I normally store it in cookie as key value pair, it can be read by every one, I am not much versed with cookie , I came to know about various flags to make the cookies secure, but I tried this one
put_resp_cookie("auth_token", "some value", [same_site: "strict", secure: true, http_only: true])
but i see nothing is being stored, I think I am getting it wrong , please suggest me how I can send ajax request using auth token in header from my phoenix html pages( had it been any front end framework, i could have many options, but currently i need to implement it using normal html phoenix page and js/ajax) .
Most Liked
Exadra37
If you use the http_only flag the browser will not let any Javascript access the cookie, therefore you JS code will not be able to read the auth_token to use in an Ajax call.
Read more about securing cookies here:
Now, if you need to use this auth_token to call a thrid-party API, then the only secure approach is to delegate that task to your Phoenix backend that will then return the response to the browser via a socket event.
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance









