v.1.0.61
Pricing Blog
Sign up
Open app
Uptime
nu%
See details
Product
Learn
Community
Pricing
Blog
Press Kit Terms & Conditions Privacy Policy Affiliate hello@nordcraft.com
All topics

Send http-only cookie into Edge Function

  • saillmone-1394664660862500864

    saillmone

    3 months ago

    Hi,

    I can't retrieve the values of HttpOnly cookies.
    req.headers.get('cookie') are always null, I don't understand where the error is coming from...
    Can someone help me solve this problem?

    Thank you!
    1394664661265420308-image.png
    1394664661554823260-image.png
    1394664661843968170-image.png
  • jaycmpb-1394673135332229210

    Jay Campbell

    3 months ago

    What cookies are you trying to send? Like the access token?
  • saillmone-1394673446897713232

    saillmone

    3 months ago

    refresh_token in order to refreshSession and then store the new values for access_token and refresh_token
  • jaycmpb-1394673596089106464

    Jay Campbell

    3 months ago

    Ah I didn’t see the code. What you can do is in headers add one called something like x-refresh-token, and set its formula to get the http-only cookie.

    Then in your edge function you can pull get that header.
  • saillmone-1394675120416624710

    saillmone

    3 months ago

    Yes, it works like that, but it's not ideal in terms of security, is it?

    I'd like to be able to switch them to secure cookies.
  • jaycmpb-1394677227345547316

    Jay Campbell

    3 months ago

    Hmm well first, just to make sure but you saved the cookie as refresh-token, not refresh_token right? Since you’re checking for refresh-token.
  • saillmone-1394679166418555080

    saillmone

    3 months ago

    Wooow, didn't notice that I was missing it..But that doesn't change the issue : req.headers.get('cookie') is always NULL.

    It seems that something blocks for security reason.
    1394679165831086080-image.png
    1394679166103719977-image.png
  • martinf4630-1395331013567320176

    MartinF

    3 months ago

    I use X-Access-Token and then pass the value from the get http only cookie formula. The proxy then substitutes in the cookie value and the edge function then has the value.
    1395331013458133092-CleanShot_2025-07-17_at_10.05.522x.png
  • martinf4630-1395331779853811712

    MartinF

    3 months ago

    You have to use the proxy which you look to be doing, else you can try the new 'Client-side credentials' = include feature and then look in the network tab to see what is being passed. Not tried this yet but this should let you bypass the proxy although there will be cors fun to deal with. So you might need to make your own proxy. I'd keep the proxy on and then send values as shown.
  • andreasmoller-1396148847008415816

    Andreas Møller

    3 months ago

    We don’t pass the http only cookies on by default
  • Instead you can pass it as an auth header
Leave a comment
Nordcraft Co-Founders Kasper Svenning Hansen and Andreas Møller

Chat with Nordcraft

Chat with us about Nordcraft

 Nordcraft Co-Founder and CEO Andreas Møller

Call our CEO

Plan a video call with Andreas
Hello Nordcraft!

Write Nordcraft

Send us an email

Academy Blog Pricing Documentation hello@nordcraft.com
Roadmap Press Kit Terms & Conditions Privacy Policy Affiliate
© Nordcraft 2025. All rights reserved.