Unable to get cookie header

[AlexKovalevych]

The server sends me a response header "SET-COOKIE" and i'm not able to retrieve it - it just doesn't appear among headers. Probably it doesn't pass a normalizer test, is this how it should work or i missed something? How can i retrieve it? Thanks in advance.

[mislav]

If the cookies apply to the current domain/page, then you should be able to access them via document.cookie

[AlexKovalevych]

Cookie is not available in the document.cookie, otherwise i wouldn't create an issue here. The header "SET-COOKIE" completely ignored and not available in the response.headers.

[dgraham]

Does the header appear if you instrument the header parsing with console.log?

[dgraham]

I think this is a duplicate of #138.

[mislav]

Yes, I don't think XHR is able to access set-cookie response header. Most likely native fetch() follows this as well.

[AlexKovalevych]

Correct, so what should be a solution here? Send a different custom header or you know a better approach?

[mislav]

Well, we don't know what your problem is, so we can't offer a solution yet. The browser doesn't want you to read set-cookie yourself from an ajax response. It wants to handle the cookies natively, as it does. We don't know what you want to achieve with said cookies.

[dgraham]

Maybe you're running into the same-origin issue from #142? Cookies are handled transparently with requests and responses. There shouldn't be a need to read them out of the response headers.

[AlexKovalevych]

Ok, i see, the cookie is needed to authenticate the user - thats how it works by default. Server set the cookie and i send it back with each request (pretty common approach). The issue i faced with - is that cookie is not set for some reason, probably i used fetch library wrong. Thank you for your response, i'll investigate.

[mislav]

@AlexKovalevych I understand. Then, you should leave it to the browser to handle all the cookie stuff. However, if the browser is not sending the authentication cookie back to the server when you're using fetch(), that's actually expected (and per-spec) with default invocations of fetch.

To have fetch send cookies back to your server, and preserve authentication information, you will need to pass the option to it every time:

fetch(url, {credentials: 'same-origin'})

[fanqidaoerxing]

i have meet the same problem, but finally i realize that i don't need to get the 'Set-Cookie' from headers, use credentials: 'same-origin' (or 'include'), it helps me to send my browser cookie which server sends to me back to them. whatever they send to us, like login state or other values, its totally controlled by the server.

[MartinDawson]

@mislav Thanks a lot. Was so hard to find this answer.

[jobyktom]

Thank you very much @fanqidaoerxing. include option has done it for me.
fetch(_url, {credentials: 'include'}).then( ....