AWS – AWS Amplify supports HttpOnly cookies for server-rendered Next.js applications

AWS Amplify now supports HttpOnly cookies for server-rendered Next.js applications when using Amazon Cognito’s Managed Login. This enhancement builds upon existing cookie functionality in server-rendered sites, opting in to the HttpOnly attribute strengthens your application’s security posture by blocking client-side JavaScript from accessing cookie contents.

With HttpOnly cookies, your applications gain an additional layer of protection against cross-site scripting (XSS) attacks. This ensures that sensitive information remains secure and will only be transmitted between the browser and the server, and is particularly valuable when handling authentication tokens in your web applications. The contents of cookies with HttpOnly attributes can only be read by the server, requiring your requests to flow through the server before reaching other services.

This feature is now available in all AWS regions where AWS Amplify and Amazon Cognito are supported.

To learn more, visit the AWS Amplify documentation for Server-Side Rendering.

Read More for the details.