1

Problem: domains are stripped from the set-cookie header. httpoonly, expires, and path are all correct.

My location block:

location ~* ^/path {
  proxy_pass http://nodeserver; # this is an upstream running in another container
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $scheme;
  proxy_set_header Host $http_host;
  proxy_set_header X-NginX-Proxy true;

  proxy_redirect off;
  proxy_http_version 1.1;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "upgrade";
}
  • curl foo.bar.local/path -X GET -I -- this is hitting NGINX. set-cookie headers come through, but without a domain.
  • curl localhost/path -X GET -I -- hitting NGINX, but under localhost instead of the domain, does not work.

  • curl localhost:4010/path -X GET -I -- directly hitting the (Node) server, cookie has correct domain.

  • Adding something like proxy_cookie_domain ~.*$ $http_host; doesn't seem to have any effect.

  • Adding a proxy_cookie_domain ~*.$ foo.bar.local doesn't work.
  • With add_header Set-Cookie "foo=bar; path=/; domain=$http_host"; the domain is set correctly.
  • Adding proxy_cookie_path ~.*$ /foobar; works as expected (cookies are rewritten to have path /foobar).

Rewriting the set-cookie headers in perl or lua would probably work, but that seems like the wrong solution.

Zac Anger
  • 143
  • 7
  • Are you sure `nodeserver` sets domain in first case? – Alexey Ten Mar 25 '17 at 08:20
  • Yep. I can throw a `console.log` in there and see that it's there, or `curl` that container instead of the NGINX container and see the domain in the `Set-Cookie` header. – Zac Anger Mar 27 '17 at 18:45

0 Answers0