401 Unauthorized when using HTTPOnly

Imran Jalali 101 Reputation points

Dear All;

I am using customized SharePoint 2019 (On Premises) with VUE JS libaray application with ASP.NET Core Web API as a backend.
The application is using Json Token to authenticate. Just recently our CS departments advice to use HTTPOnly flag to prevent any XSS exploits.

I have added the following line to enable HTTPOnly in SharePoint web.config file.

<httpCookies httpOnlyCookies="true" requireSSL="true" />  

My problem is whenever I added this line to SharePoint web.config file. The backend API could not authenticate and I am getting 401 Unauthorized error. When I remove the above line everything works fine.

I want to know what is actually going wrong? What I need to do?

A set of technologies in the .NET Framework for building web applications and XML web services.
4,376 questions
SharePoint Development
SharePoint Development
SharePoint: A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.Development: The process of researching, productizing, and refining new or existing technologies.
2,796 questions
{count} votes