when secure: false, cookies secure flag should be automatically removed
secure flag is not removed
proxy: {
'/': {
target: 'https://mydomain.com',
secure: false,
changeOrigin: true,
hostRewrite: true,
autoRewrite: true,
xfwd: true,
cookieDomainRewrite: '',
}
}
There is a workaround for this by removing the secure flag manually like
proxy: {
'/': {
target: 'https://mydomain.com',
secure: false,
changeOrigin: true,
hostRewrite: true,
autoRewrite: true,
xfwd: true,
cookieDomainRewrite: '',
onProxyRes: proxyResponse => {
if (proxyResponse.headers['set-cookie']) {
const cookies = proxyResponse.headers['set-cookie'].map(cookie =>
cookie.replace(/; secure/gi, '')
);
proxyResponse.headers['set-cookie'] = cookies;
}
}
}
},
but it takes time to figure out that the flag should be removed, and I expected secure:false to setup all this kind of stuff for me.
The secure option comes from the http-proxy libary.
Option doesn't apply to cookies, only the secure connection:
secure: true/false, if you want to verify the SSL Certs
There is a feature request on their issue tracker for this: https://github.com/nodejitsu/node-http-proxy/issues/1165
Issue has gone stale; Closing issue.
Feel free to re-open.
thanks! your workaround helps me a lot
Thanks @villesau . This is still a valid issue. I need this work around to proxy from http to https using a common react-create-app configuration. Can you please reopen this issue?
Unfortunately I'm not able to reopen this. It needs to be done by some maintainer, maybe @chimurai ? Although the base issue is in the other library..
Don't think it's wise to modify the behaviour of secure, which is a configuration option of the http-proxy library.
There is a thread for this issue: https://github.com/nodejitsu/node-http-proxy/issues/1165
imho, the ecosystem would benefit more if it is solved there.
I'm open for suggestions.
In my opinion... when I set changeOrigin: true, and I'm going from http://localhost:3000 to https://qa.api.com, it should just work..
But I had to dive deep into the http headers and eventually figured out the cookies weren't being set - then I dived deep into cookies and figured it's because the cookies have this secure; flag.
So it's really an implementation detail - maybe there could be an option for patching the cookies - but I'm not sure what to call it - ohBTW_patch_cookies: true - it's really just a messy thing that has to do with http/cookies that developers shouldn't have to think about/be exposed to.
At the end of the day I guess it's as easy as just copy pasting these few lines to remove the secure flag: https://github.com/http-party/node-http-proxy/issues/1165#issuecomment-431025061
For me, I'm using angular CLI with the proxy options, so the config is a JSON file in the project, providing the workaround function is not doable for me 馃様
Edit: Well, I converted my config to js instead of JSON and that worked 馃コ
Most helpful comment
In my opinion... when I set changeOrigin: true, and I'm going from http://localhost:3000 to https://qa.api.com, it should just work..
But I had to dive deep into the http headers and eventually figured out the cookies weren't being set - then I dived deep into cookies and figured it's because the cookies have this secure; flag.
So it's really an implementation detail - maybe there could be an option for patching the cookies - but I'm not sure what to call it -
ohBTW_patch_cookies: true- it's really just a messy thing that has to do with http/cookies that developers shouldn't have to think about/be exposed to.At the end of the day I guess it's as easy as just copy pasting these few lines to remove the secure flag: https://github.com/http-party/node-http-proxy/issues/1165#issuecomment-431025061