httpOnly cookie authentication

[4lp]

Is there any way to use an httpOnly cookie for authentication in graphql-ws? The http graphql library I'm using include a credentials option to set cookies for those requests but I haven't be able to find anything similar for this library. Right now I'm having to exact a JWT from a cookie and use the value for the request authorization header, meaning I can't set it as httpOnly.

[enisdenjo]

The browser native WebSocket automatically sends cookies alongside the upgrade request. There are no credentials configuration options when instantiating a WebSocket. Also see #257 (comment).

Furthermore, there's no way you can set custom headers in the browser's WebSocket.

Also beware that httpOnly cookies cant be accessed from JavaScript.

[4lp]

thanks for the quick reply! based on the links you provided it doesn't seem like this is possible so I'll just have to use my current strategy