having same issue here pls help>

[guruZongo]

Yes Sir I watched it and thanks for uploading very good content. We are using httponly cookie to prevent xss. But My problem is that How can I send this httpOnly cookie through Post Request as Post Request needs Body otherwise it gives 400 error.

Here withCredentials is sending cookies i.e refresh-token but In my backend I am sending refresh token through requests body using post request.

Backend Request:

POST /auth/refresh-token HTTP/1.1
Host: localhost:3000
Content-Type: application/json
Content-Length: 225

{
    "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE2NDg1NTM0NDIsImV4cCI6MTY4MDExMTA0MiwiYXVkIjoiNjIwYzAyYTNlN2MyMWM0NzNhMjZmNGUxIiwiaXNzIjoic29jaWFsLmNvbSJ9.iQiSGutds1ZPrwrJi2lx0UOGUB4Ed6OQdUQAskq3BR0"
}

I Tried:

const  refresh= async()=>{
        const response= await axios.post("/auth/refresh-token",{
            headers:{'Content-Type': 'application/json'},
            withCredentials:true
        });

And it is giving 400 error as expected.
How can I send refresh token to this post request?

Originally posted by @traitor00 in #1 (comment)