Skip to content
This repository was archived by the owner on Oct 29, 2021. It is now read-only.

Make "Set-Cookie" header in the response optional#187

Open
AliasQli wants to merge 1 commit into
haskell-servant:masterfrom
AliasQli:master
Open

Make "Set-Cookie" header in the response optional#187
AliasQli wants to merge 1 commit into
haskell-servant:masterfrom
AliasQli:master

Conversation

@AliasQli

Copy link
Copy Markdown

I noticed that often it's not needed to pass a JWT token in cookie.
A field is added to CookieSettings to let the used specify whether to generate Set-Cookie headers. The default value for it is True, so the default behavior is kept the same as prevoius versions.
I made as little change as possible to add this feature.

@domenkozar

Copy link
Copy Markdown
Collaborator

@AliasQli what's the use case?

@AliasQli

Copy link
Copy Markdown
Author

@domenkozar Because it's often the desired behaviour of an API server. At least in my use case, there's only one central place for verification (for example, login) and the server will respond with a JSON containing the JWT token, like this:

{
    "token": "someJwtToken"
}

And the client will use this token in all its following requests as its bearer token.
In such a use case, the set-cookie header is completely unneeded, and may even lead to security problems. Thus I propose making the header optional.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants