Refused to set unsafe header “Cookie" error


#1

I’m trying to make a get request to a API that requires a cookie.

I get a Refused to set unsafe header “Cookie" error

I’m using the Chrome extension for CORS and dont own the API

headers.append(‘Cookie’,’Cookie value’); 

let options = new RequestOptions({
     headers: headers,
     withCredentials: true
   });

   var response = this.http
       .get('website', options)
       .map(res => {
           return res;
       })

thats the main bit. Atm i login via PAW(software) while I test. I receive the cookie data and then include it in headers.append(‘Cookie’,’Cookie value’);

Any ideas?


#2

I have the same issue and my situation is the same :

  1. I’m trying to make a GET/POST request to an API that requires a cookie
  2. I get a ’ Refused to set unsafe header “Cookie" ’ error
  3. I don’t own the API

I tried to modify programmatically the header as @baadier did :

headers.append(‘Cookie’,’Cookie value’); 

let options = new RequestOptions({
     headers: headers,
     withCredentials: true
});

var response = this.http.get('website', options)
                        .map(res => {
                             return res;
                         })

But I think that the browser does not allow modifying the Cookie header field for security concerns (XSS, …) :

Source of the image : Cookie - HTTP | MDN
Other interesting link : Fetch Standard - forbidden header name

Cookies are managed by the browser and browser’s users cannot interact with cookies (without some hacks).

I will continue to find more information and try to provide conclusions but if someone of the Ionic team can enlighten us with the management of cookies between an Ionic2 app and a cookie-based backend, it will be a big step for our journey.

Thank you :smiley:


#3

@iborik Facing the same issue. Did you find a solution


#4

I never did manage to solve the issue. Let me know if you come right as I ended up having to give up on the project.


#5

I tried the solution in this link https://drupal.stackexchange.com/questions/200683/ionic-framework-wont-authenticate-in-browser-works-in-emulator and It works.