Http.proxy modification of individual cookies to upstream

lukenowak · July 13, 2018, 8:36am

Hello guys,

I am currently using http.proxy (with a bit of http.rewrite) to control which headers I pass to my app.

I am able to rewrite normal headers with http.rewrite, but what I am struggling now is being able to remove indivifual cookies sent by the browser.

Lets say the header which comes from the browser is:

Cookie: Chocolate=absent; Vanilia=absent; Coffee=present; Milk=absent

I would like to pass to my upstream only Coffee cookie with valuepresent, thus removing cookies Chocolate, Vanilia and Milk.

I was thinking to use http.rewrite, but it does not have cond exists to express it:

rewrite {
  if {~Chocolate} exists
  if {~Vanilia} is not empty   # maybe this is possible?
  if {~Milk} exists
  if_op or
  to /remove_not_needed_cookies{url}
}

proxy /remove_not_needed_cookies {
  without /remove_not_needed_cookies
  # Now what?
  # header_upstream Cookie some_result_of_http_rewrite?
  # stuck....
}

So it blocked me.

So, if there would be cookie_upstream and cookie_downstream directives in http.proxy this would automatically solve my issue, I could have Caddyfile like:

proxy / {
  cookie_upstream -Chocolate
  cookie_upstream -Vanilia
  cookie_upstream -Milk
}

and voila!, it is done. It is not so simple with header_upstream, as it would require regular expression replacement.

Questions:

Do you solve such problem (removing individual cookies) differently and I missed simple solution?
If not, shall it be solved by adding features to http.proxy or by writing plugin which extends http.proxy or just adds it somewhere else?

Thanks in advance,
Regards,
Łukasz

Whitestrake · July 13, 2018, 12:40pm

You can crudely manipulate cookies via the Cookie header… Unfortunately, though, arbitrary placeholder string manipulation isn’t easy at all.

To determine existence of a cookie, you can test against an empty string "":

rewrite {
  if_op or
  if {~Chocolate} not ""
  if {~Vanilia} not ""
  if {~Milk} not ""
  to /remove_not_needed_cookies{uri}
}

You could take the sledgehammer approach and overwrite the Cookie header entirely:

proxy /remove_not_needed_cookies {
  without /remove_not_needed_cookies
  header_upstream Cookie "Coffee={~Coffee}"
}

This PR for regex manipulation of proxied headers would make this much easier (you could simply replace instances of those three cookies with nothing). You might go voice your support there - the proposed changes are currently awaiting a review by a Caddy contributor.

https://github.com/mholt/caddy/pull/2144

lukenowak · July 13, 2018, 12:56pm

Hello,

Yep, but of course I do not know about the Coffee cookie presence upfront.

That’s excellent, it would solve my need fully, I could do it without playing with rewrite at all. Added like for it, thanks

Regards,
Łukasz

PS. I made a mistake in original post – I meant header_downstream not header_upstream but I see I was able to communicate the idea.

Whitestrake · July 13, 2018, 1:21pm

Ah, so you want to stop a cookie set from your app from going from the server to the client?

lukenowak · July 13, 2018, 1:40pm

Hello,

Yes. The MR you linked will work for header_downstream, so this will help me.

Łukasz

system · October 11, 2018, 1:47pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.