Opened 5 years ago

Closed 4 years ago

#1855 closed enhancement (fixed)

Strip an object from an header(cookie)

Reported by: asarubbo@… Owned by:
Priority: minor Milestone:
Component: other Version: 1.16.x
Keywords: Cc:
uname -a: Linux zookeeper-test 3.10.0-957.21.3.el7.x86_64 #1 SMP Tue Jun 18 16:35:19 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.12.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_auth_request_module --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_perl_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream=dynamic --with-stream_ssl_module --with-google_perftools_module --with-debug --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' --with-ld-opt='-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E'

Description

Hello,

we have the following situations:

nginx listen on port 80 and 443, and there is a proxy_pass to tomcat. Tomcat is not on the same machine so the traffic between nginx and tomcat is encrypted by using tomcat on ssl.

We need to leave nginx listen on 80 because there are some embebbed devices that do not support SSL, so they will fail on 443.

The issue, for us, is that if you try to connect to 80 with a browser, the 'set-cookie' header contains 'Secure' added by tomcat, so it will fail in plain text.

We were able to fix the issue as described here:
https://serverfault.com/questions/853228/nginx-reverse-proxy-remove-secure-from-cookies

Would be great to have a feature to strip something from an header (unless I failed to search and already exists)
Thanks in advance

Change History (1)

comment:1 by Maxim Dounin, 4 years ago

Resolution: fixed
Status: newclosed

The proxy_cookie_flags directive to control cookie flags of proxied responses was introduced in nginx 1.19.3 (d6a5e14aa3e4).

Note: See TracTickets for help on using tickets.