Hi,
Is it possible to use Amplify Auth with CookieStorage and httpOnly flag? Our plan is to prevent XSS with the httpOnly flag but looks like this isn't supported (current config example below). Do you have any plans to add this feature in near future?
If you can advise any other alternative(s), that'll be much appreciated.
cookieStorage: {
domain: '.yourdomain.com',
path: '/',
expires: 365,
sameSite: "strict" | "lax",
secure: true
},
Ref: https://docs.amplify.aws/lib/auth/start/q/platform/js/#re-use-existing-authentication-resource
Thanks,
AWS 공식업데이트됨 2년 전
