Angular 8 get "Set-Cookie" header from HttpResponse

2
votes

I have the following Java Spring REST API method:

@RequestMapping(value = "/login", method = RequestMethod.POST)
public ResponseEntity login(@RequestBody LoginRequest request) {
    request.getSession(true);
    LoginResponse res = this.authService.login(request);
    return new ResponseEntity<>(res, HttpStatus.OK);
}

When called using Postman or from a FireFox browser, I can clearly see the "Set-Cookie" header:

enter image description here

Yet, when I'm using console.log to print the response in Angular, I don't see this header:

enter image description here

This is the REST call in Angular:

this.http.post<Login>(this.url, this.loginRequest, {
  headers: AuthService.getHeaders(),
  observe: 'response',
  withCredentials: true
}).subscribe(
  response => {
    console.log(response);
});

I did add withCredentials: true and observe: 'response' to the request call as suggested, and I do get the whole response, but without the cookie. What I want to do is to get a cookie after a successful login, which will be delivered with any request afterwards for authentication in the server.

Thanks for the help!

1
javaangularspringtypescriptcookies
Your Spring REST API uses Spring Security? Which version of Spring boot / security do you use?Imaguest
No Spring Security, nor spring boot. Simple old Spring MVC :)MightGod
Have you tried to use the built-in JS functionality to get the page cookies? (e.g. document.cookie) This is most likely a security feature of the browser to prevent cookie stealing from other domains and isn't passed on to JavaScript (along with that some cookie values won't be accessible because they have the httponly setting).Daniel W Strimpel
I've tried now, the result is null :(MightGod

1 Answers

1
votes

Seems that browsers do not share the cookies to the client if it's not https. I had to follow this guide in order to serve the application in https mode, and then I was able to see the cookie in the server side.