My post request to UAA is missing CSRF value i.e. X-Uaa-Csrf=2QytIy. This is required for login in to cloud foundry UAA. This is problem is because of internet domain name /private domain name mapping done in haproxy.
Get /login request response has the X-Uaa-Csrf token and I want to use same token for my post request.
I have to add X-Uaa-Csrf=2QytIy in the cookies section. Is is it possible to capture X-Uaa-Csrf token from Get request and add it in Post request
Login Get Request response is shown below
...{...GHTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Set-Cookie: X-Uaa-Csrf=mfDZv6; Expires=Wed, 20-Apr-2016 17:49:28 GMT; HttpOnly
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 2307
Date: Wed, 20 Apr 2016 17:44:28 GMT
Connection: close
I want add X-Uaa-Csrf=mfDZv6 to my post request Cookies section using haproxy
Is is possible to do this
UPDATE:
I tried following but no luck
stick-table type string len 32 1 expire 5m
stick store-response set-cookie(X-Uaa-Csrf)
stick store-request cookie(X-Uaa-Csrf)
In my case we have two haproxy
1.Internal haproxy (Cloud foundry)
2.External Haproxy ( haproxy-1.5.4-2.el7.x86_64.rpm)
I have done my changes in internal haproxy only.Just now I tried this but no luck
rspirep ^(Set-Cookie:.*)\ Domain=uaa.devtest22.io(.*) \1\ Domain=Internet-devtest22.cisco.com\2 if hdr_set_cookie_domain
uaa.devtest22.io is private domain name
Internet-devtest22.cisco.com internet domain name
