Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Webpack Dev Server Utils - Allow changing of the set-cookie header #4455

Closed
JeffBaumgardt opened this issue May 14, 2018 · 2 comments
Closed

Webpack Dev Server Utils - Allow changing of the set-cookie header #4455

JeffBaumgardt opened this issue May 14, 2018 · 2 comments

Comments

@JeffBaumgardt
Copy link

I'm happy to discuss but let me first explain.

I have an API that sets a cookie on successful login and uses that as the authentication and session variable for the rest of the session.

However our API sets the cookie with the domain and secure attributes where when we are in localhost:3000 in CRA this fails to set the cookie thereby not allowing any authenticated requests.
authKey=<keydetails>; expires=Mon, 14 May 2018 00:18:01 GMT; domain=ml-dev2.caseshare.com; path=/; secure; samesite=lax; httponly
The domain is set for when the application is live that the requests come from the same host as the api. Secure for https.

I would like to strip these from the cookie at the proxy portion of the dev server.

I would eject but this utils is buried deep and I would basically have to re-write all of the webpack config and I really don't want to. I could see if we add additional properties to the proxy section that would allow us to strip/re-write these attributes that would save me a ton of time.

I see it something like this

onProxyReq: proxyReq => {
    // Browers may send Origin headers even with same-origin
    // requests. To prevent CORS issues, we have to change
    // the Origin to match the target URL.
    if (proxyReq.getHeader('origin')) {
      proxyReq.setHeader('origin', target);
    }
    if (proxy[context].cleanCookie) {
      // do something to clean up the response cookie
      if (proxyReq.headers['set-cookie']) {
        proxyReq.headers['set-cookie'] = proxyReq.headers['set-cookie'].map(cookie => {
          return cookie
	// Get rid of the domain so that the browser doesn't reject due to a mismatch.
	.replace(/\s+domain=[^\s;]+;?/, '')
	// Get rid of the "secure" attribute so that we don't have to run https.
	.replace(/\s+secure;?/, '')
      })
    }
}

I know this is a little special case but I'm sure I can't be the only one who has been hit with an API setting a secure / domain specific cookie before.
@JeffBaumgardt
Copy link
Author

This will be solved by #3366 once that is complete

@swillis12
Copy link

@JeffBaumgardt FYI This PR allows path rewrite if that helps (needed this one for JSESSIONID cookie in Tomcat):
http-party/node-http-proxy#1235
merged here
http-party/node-http-proxy#1251

@lock lock bot locked and limited conversation to collaborators Jan 18, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@JeffBaumgardt @swillis12