Hi,
Is it possible to use Amplify Auth with CookieStorage and httpOnly flag? Our plan is to prevent XSS with the httpOnly flag but looks like this isn't supported (current config example below). Do you have any plans to add this feature in near future?
If you can advise any other alternative(s), that'll be much appreciated.
cookieStorage: {
domain: '.yourdomain.com',
path: '/',
expires: 365,
sameSite: "strict" | "lax",
secure: true
},
Ref: https://docs.amplify.aws/lib/auth/start/q/platform/js/#re-use-existing-authentication-resource
Thanks,
AWS 官方已更新 2 年前