Authorization header in img src link

. fetch cookie fetch header {credentials: 'omit'}. MDN

fetch:

const user = JSON.parse(localStorage.getItem('user'));
let headers = {};

if (user && user.token) {
  headers = { 'Authorization': 'Bearer ' + user.token };
} 

const requestOptions = {
    method: 'GET',
    headers: headers,
    credentials: 'omit'
};

let req = await fetch('${serverUrl}/api/v2/foo', requestOptions);
if (req.ok === true) {
...

, , - - localStorage, cookie. :

let reqJson = await req.json();
// response is: {token: 'string'}
//// login successful if there a jwt token in the response
if (reqJson.token) {
    // store user details and jwt token in local storage to keep user logged in between page refreshes
    localStorage.setItem('user', JSON.stringify({token: reqJson.token}));
    document.cookie = 'token=${reqJson.token};'; //set the cookies for img, etc
}

, - localStorage, . (img, video, href), .

cookie , .

Node.js + -:

.use(function(req, res, next) { //function setHeader
  if(req.cookies && req.headers &&
     !Object.prototype.hasOwnProperty.call(req.headers, 'authorization') &&
     Object.prototype.hasOwnProperty.call(req.cookies, 'token') &&
     req.cookies.token.length > 0
   ) {
    //req.cookies has no hasOwnProperty function,
    // likely created with Object.create(null)
    req.headers.authorization = 'Bearer ' + req.cookies.token.slice(0, req.cookies.token.length);
  }
  next();
})

, - .