Refused to set unsafe header cookie

Question

Refused to set unsafe header cookie

Closed this issue a year ago · 0 comments

Problem

In the browser, in dev, for every request made to the server, we have the following error:

xhrio.js:176 Refused to set unsafe header "cookie"

This is due to the fact that, we set the header in xhrio for the mobile app:

{:http-xhrio {:method   :post
              :uri      (base-uri "/pattern")
              :headers  {:cookie (:user/cookie db)} ;; for mobile only
              :params          ...
              ...              ...}}

In the web client, the cookies are automatically sent with the request.

In the mobile client, the cookies need to be handle manually hence the logic above.

However, the headers should not be touched in the web.

Suggestion

add a convenient function for default http-xhrio data
add a goog-define to only include headers for the mobile