-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add option to rewrite domain in set-cookie headers #1009
Conversation
Looks promising |
Would love to see this merged. |
function writeHeaders(req, res, proxyRes) { | ||
function writeHeaders(req, res, proxyRes, options) { | ||
var rewriteCookieDomainConfig = options ? options.cookieDomainRewrite : undefined; | ||
if(typeof rewriteCookieDomainConfig === "string") { //also test for "" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
single quotes, space after if
.
1116bbf
to
15d25a0
Compare
PR should be clean now, I also rebased on top of current master, and improved function comments. Let me know if I missed anything. |
return rewriteCookieDomain(headerElement, config); | ||
}); | ||
} | ||
return header.replace(/(;\s*domain=)([^;]+)/, function(match, prefix, previousDomain) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lets cache this regex so it isnt created every time the function is called. Put var domainRegex = ...
up top here and use it in this function.
@Volune Overall this looks good. I would like to see some more documentation for this option in the README, similar to what you have in this PR in your initial proposal. The only thing that kind of bothers me is having |
@jcrugzz The first reason of using Also, it adds some meaning to the type of the option:
I'm not against using explicit |
@Volune Thats reasonable, i think its ok. Lets just document all the options for this option in the readme, take care of that one nit i have so that we are a bit more performant so we arent creating the regex everytime and we cache it in a variable at the top of |
Also we just need a minor rebase. since i merged some other PRs |
15d25a0
to
8b89110
Compare
Should be all good. |
Hey everyone, thanks for this - a very helpful feature. Wondering if there is any built-in way to also rewrite secure/httpOnly option? In local development, I am using |
@isaachinman I am faced with this same issue as well. Perhaps it would be good to open up a separate issue for this feature. |
@isaachinman Just information, node-proxy-middleware has this implemented. It can't be hard to implement this in node-http-proxy https://github.com/gonzalocasas/node-proxy-middleware/blob/master/index.js#L113 [edit] I added this onProxyRes: function (proxyRes, req, res) {
let existingCookies = proxyRes.headers['set-cookie'],
rewrittenCookies = [];
if (existingCookies !== undefined) {
if (!Array.isArray(existingCookies)) {
existingCookies = [existingCookies];
}
for (let i = 0; i < existingCookies.length; i++) {
rewrittenCookies.push(existingCookies[i].replace(/;\s*?(Secure)/i, ''));
}
proxyRes.headers['set-cookie'] = rewrittenCookies;
}
} |
Sometime the
set-cookie
header specify a domain for the cookie. When proxying the a target usingchangeOrigin
option, the response may contain a cookie not matching the domain of the client.Example of such a cookie:
foo=bar; domain=my.domain; expires=Tue, 12-Feb-2019 10:50:41 GMT; path=/
This pull request adds an option to rewrite the
set-cookie
header of the response.Possible option values:
disabled (default):
cookieDomainRewrite: false
rewrite all domains:
cookieDomainRewrite: "my.client.domain"
remove all domains:
cookieDomainRewrite: ""
more advanced configuration (this example removes all except one):
Let me know if I can improve this option or for any question.