Django-jwt use cookie instead of Authorization header I want to build the SPA application using Django Rest Framework as a back-end. The application will use JsonWebToken authentication.
For maximum security, I want to store the authentication token inside of httpOnly cookie, so it will not be accessible from javascript. However, because the cookie is not accessible from the javascript, I am not able to set the 'Authorization: JWT ...' header. So, my question is, can I make the DRF system to read the authentication token from the cookie instead of reading it from the "Authorization" header? Or the "Authorization" header is the only and correct way to authenticate in DRF? -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAPjsHcEnosf-N3aUTRcz%3DhZuZHDUEKvdepQFZVOYugAOH%2BZ-0A%40mail.gmail.com.