Amplify Auth with CookieStorage - support for httpOnly flag

0

Hi,

Is it possible to use Amplify Auth with CookieStorage and httpOnly flag? Our plan is to prevent XSS with the httpOnly flag but looks like this isn't supported (current config example below). Do you have any plans to add this feature in near future?

If you can advise any other alternative(s), that'll be much appreciated.

cookieStorage: {
        domain: '.yourdomain.com',
        path: '/',
        expires: 365,
        sameSite: "strict" | "lax",
        secure: true
},

Ref: https://docs.amplify.aws/lib/auth/start/q/platform/js/#re-use-existing-authentication-resource

Thanks,

asked a year ago60 views
No Answers

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions