如何使用 document.cookie 创建 secure/httpOnly cookie?

How can I create secure/httpOnly cookies with document.cookie?

如果我创建函数:

function setCookie(name, value)
    {
      // this works:
      // document.cookie=name + "=" + escape(value) + "; path=/;";
      // this does not:
      // document.cookie=name + "=" + escape(value) + "; path=/; secure; HttpOnly; SameSite=strict";
    }
setCookie('my_cookie','some_random_value');

我不是 100% 了解为什么第二个选项不起作用。有人有什么想法吗?

MDN:

A cookie with the HttpOnly attribute is inaccessible to the JavaScript Document.cookie API; it is sent only to the server. For example, cookies that persist server-side sessions don't need to be available to JavaScript, and should have the HttpOnly attribute. This precaution helps mitigate cross-site scripting (XSS) attacks.

你不能用 document.cookie 设置它,因为标志的 整个 点是为了防止用 document.cookie 设置(或读取)它.