Opened 4 years ago
Last modified 3 years ago
#2161 new enhancement
Allow accessing arbitrary cookies.
| Reported by: | Kevin Cox | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | nginx-core | Version: | 1.19.x |
| Keywords: | Cc: | Kevin Cox | |
| uname -a: | Linux kevinidea 5.10.27 #1-NixOS SMP Tue Mar 30 12:32:09 UTC 2021 x86_64 GNU/Linux | ||
| nginx -V: |
nginx version: nginx/1.18.0
built by gcc 10.2.0 (GCC) built with OpenSSL 1.1.1k 25 Mar 2021 TLS SNI support enabled configure arguments: --prefix=/nix/store/zqcmjafbkyr17v9vlswl308i5djmd7mr-nginx-1.18.0 --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_stub_status_module --with-threads --with-pcre-jit --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --pid-path=/var/log/nginx/nginx.pid --http-client-body-temp-path=/var/cache/nginx/client_body --http-proxy-temp-path=/var/cache/nginx/proxy --http-fastcgi-temp-path=/var/cache/nginx/fastcgi --http-uwsgi-temp-path=/var/cache/nginx/uwsgi --http-scgi-temp-path=/var/cache/nginx/scgi --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-http_image_filter_module --with-http_geoip_module --with-stream_geoip_module --with-file-aio --add-module=/nix/store/dr6n543igdhj589qirfh36m5a5fcg47d-rtmp --add-module=/nix/store/6pb7j6kymf3y4xs5blp3g8mwin2j22kk-dav --add-module=/nix/store/y39g23fn8ikzcd1iy3b1bclqwjk2qmxd-moreheaders |
||
Description
This is a duplicate of https://trac.nginx.org/nginx/ticket/707, however after 6 years I think it deserves rethinking.
- There are standard cookies that aren't
[a-zA-Z_]such as the__Secure-and__Host-prefixes (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#attributes). - Parsing cookies is non-trivial. Cookies may or may not be quoted and these are generally treated the same. Furthermore it is easy to match values inside of cookies instead of the cookies themselves (eg
foo=bar=baz; bar=helloand a regexbar=foo). Adhoc regexes are not an appropriate tool for cookie parsing.
I think it would be good to encourage robust parsing of cookies and encouraging the use of the __Secure- and __Host- headers by supporting them natively.
Obviously it isn't perfectly clear how to integrate this into nginx configs. Maybe there could be a specific map option for parsing cookies with arbitrary names? Or a new directive for similar. A bigger change to the language would be supporting arbitrarily-named variables. Perhaps a syntax such as ${cookie___Secure-foo} or $"cookie___Secure-foo".
Note:
See TracTickets
for help on using tickets.
