@hez2010 Ah yes 
Nice find! That’s not a Caddy issue, fortunately.
It’s because you’re on an HTTP page, but the WAC backend is setting secure-only cookies. You have to do one of these things:
- Use HTTPS on the front end (recommended)
- Configure WAC to set non-secure cookies
- Cheat
#3 is the most fun, so let’s do that:
{
"handler": "reverse_proxy",
"transport": {
"protocol": "http_ntlm",
"tls": {
"insecure_skip_verify": true
}
},
"headers": {
"response": {
"replace": {
"Set-Cookie": [
{
"search": "; secure",
"replace": ""
}
]
}
}
},
"upstreams": [
{"dial": "wac:1080"}
]
}
Notice that we are rewriting the Set-Cookie header so it is no longer a secure cookie.
I did this while I was developing the fix, so I know it works.