我使用以下代码构建NSHTTPCookie但是没有为cookie设置httpOnly标志的选项
[cookieProperties setObject:@"name" forKey:NSHTTPCookieName];
[cookieProperties setObject:@"value" forKey:NSHTTPCookieValue];
[cookieProperties setObject:[NSNumber numberWithBool: NO] forKey:NSHTTPCookieDiscard];
[cookieProperties setObject:[dictionary objectForKey:@"isSecure"] forKey:NSHTTPCookieSecure];
[cookieProperties setObject:@"abc.xyz.com" forKey:NSHTTPCookieDomain];
[cookieProperties setObject:@"abc.xyz.com" forKey:NSHTTPCookieOriginURL];
[cookieProperties setObject:@"/" forKey:NSHTTPCookiePath];
[cookieProperties setObject:@"0" forKey:NSHTTPCookieVersion];
答案 0 :(得分:3)
有undocumented cookie property key(通过@mikewest找到):
// NSHTTPCookie的未记录属性。
NSString * const kNSHTTPCookieHttpOnly = @" HttpOnly&#34 ;;
我在Swift中尝试过,代码执行了预期的操作。
import Foundation
extension HTTPCookiePropertyKey {
static let httpOnly = HTTPCookiePropertyKey("HttpOnly")
}
let cookie = HTTPCookie(properties: [
.domain: "example.org",
.path: "/",
.name: "Cookie Example",
.value: "Om nom nom",
.version: 1, // RFC2965 for HttpOnly cookies
.httpOnly: true
])!
print(cookie.isHTTPOnly) // true
答案 1 :(得分:2)
来自Apple文档:
HTTPOnly属性
一个布尔值,指示接收方是否应仅按照RFC 2965发送到HTTP服务器。(只读)
宣言
SWIFT
var HTTPOnly: Bool { get }目标-C
@property(readonly, getter=isHTTPOnly) BOOL HTTPOnly如果此cookie只应通过HTTP头发送,则返回YES,NO 否则。
Cookie只能由服务器(或javascript)标记为HTTP。 标记为此类的Cookie只能通过HTTP中的HTTP标头发送 请求与网站的路径和域匹配的网址 相应的cookies。
您只能从服务器或通过javascript设置HTTPOnly标志。通过本机iOS应用程序代码无法实现这一点。