iOS:如何为NSHTTPCookie设置httponly标志

时间:2014-12-31 10:20:48

标签: ios objective-c cookies nshttpcookie

我使用以下代码构建NSHTTPCookie但是没有为cookie设置httpOnly标志的选项

[cookieProperties setObject:@"name" forKey:NSHTTPCookieName];
[cookieProperties setObject:@"value" forKey:NSHTTPCookieValue];
[cookieProperties setObject:[NSNumber numberWithBool: NO] forKey:NSHTTPCookieDiscard];
[cookieProperties setObject:[dictionary objectForKey:@"isSecure"] forKey:NSHTTPCookieSecure];


[cookieProperties setObject:@"abc.xyz.com" forKey:NSHTTPCookieDomain];
[cookieProperties setObject:@"abc.xyz.com" forKey:NSHTTPCookieOriginURL];
[cookieProperties setObject:@"/" forKey:NSHTTPCookiePath];
[cookieProperties setObject:@"0" forKey:NSHTTPCookieVersion];

2 个答案:

答案 0 :(得分:3)

undocumented cookie property key(通过@mikewest找到):

  

// NSHTTPCookie的未记录属性。
  NSString * const kNSHTTPCookieHttpOnly = @" HttpOnly&#34 ;;

我在Swift中尝试过,代码执行了预期的操作。

import Foundation

extension HTTPCookiePropertyKey {
    static let httpOnly = HTTPCookiePropertyKey("HttpOnly")
}

let cookie = HTTPCookie(properties: [
  .domain: "example.org",
  .path: "/",
  .name: "Cookie Example",
  .value: "Om nom nom",

  .version: 1, // RFC2965 for HttpOnly cookies
  .httpOnly: true
])!

print(cookie.isHTTPOnly) // true

答案 1 :(得分:2)

来自Apple文档:

  

HTTPOnly属性

     

一个布尔值,指示接收方是否应仅按照RFC 2965发送到HTTP服务器。(只读)

     

宣言

     
    

SWIFT

         
var HTTPOnly: Bool { get }
             

目标-C 

@property(readonly, getter=isHTTPOnly) BOOL HTTPOnly
    
  
     

如果此cookie只应通过HTTP头发送,则返回YES,NO   否则。

     

Cookie只能由服务器(或javascript)标记为HTTP。   标记为此类的Cookie只能通过HTTP中的HTTP标头发送   请求与网站的路径和域匹配的网址   相应的cookies。

您只能从服务器或通过javascript设置HTTPOnly标志。通过本机iOS应用程序代码无法实现这一点。

相关问题
最新问题