ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,816 questions
401 Unauthorized when using HTTPOnly
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 43%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIJ%3C/text%3E%3C/svg%3E)
Imran Jalali
101
Reputation points
Dear All;
I am using customized SharePoint 2019 (On Premises) with VUE JS libaray application with ASP.NET Core Web API as a backend.
The application is using Json Token to authenticate. Just recently our CS departments advice to use HTTPOnly flag to prevent any XSS exploits.
I have added the following line to enable HTTPOnly in SharePoint web.config file.
<httpCookies httpOnlyCookies="true" requireSSL="true" />
My problem is whenever I added this line to SharePoint web.config file. The backend API could not authenticate and I am getting 401 Unauthorized error. When I remove the above line everything works fine.
I want to know what is actually going wrong? What I need to do?
ASP.NET Core
SharePoint Development
SharePoint Development
SharePoint: A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.Development: The process of researching, productizing, and refining new or existing technologies.
3,681 questions
{count} votes
-
AgaveJoe 30,121 Reputation points2022-11-30T13:55:42.22+00:00 The HTTPOnly flag does not allow client side code (JavaScript) to access a cookie. Your VUE application must be dependent on a cookie. Or perhaps the requireSSL flag is also causing the problem.
Sign in to comment
Sign in to answer