477
社区成员
发帖
与我相关
我的任务
分享nginx对cookie设置,取消Secure属性
用nginx做反向代理的时候,后台总是收不到session,发现cookie的属性有一个Secure,查阅资料说这个属性会使客户端在发送请求的时候,如果是http,不会带上cookie。但我不知道怎么取消这个属性。
...全文
请发表友善的回复…
发表回复
btx258 2021-01-14
- 打赏
- 举报
遇到同样的问题,去查了官网手册,在1.19.3以后的版本,可以用proxy_cookie_flag实现。
proxy_cookie_flags ~ nosecure;
这个表示去掉所有cookie里的secure属性,亲测可用。
Syntax: proxy_cookie_flags off | cookie [flag ...];
Default:
proxy_cookie_flags off;
Context: http, server, location
This directive appeared in version 1.19.3.
Sets one or more flags for the cookie. The cookie can contain text, variables, and their combinations. The secure, httponly, samesite=strict, samesite=lax, samesite=none parameters add the corresponding flags. The nosecure, nohttponly, nosamesite parameters remove the corresponding flags.
The cookie can also be specified using regular expressions. In this case, cookie should start from the “~” symbol.
Several proxy_cookie_flags directives can be specified on the same configuration level:
proxy_cookie_flags one httponly;
proxy_cookie_flags ~ nosecure samesite=strict;
If several directives can be applied to the cookie, the first matching directive will be chosen. In the example, the httponly flag is added to the cookie one, for all other cookies the samesite=strict flag is added and the secure flag is deleted.
The off parameter cancels the effect of the proxy_cookie_flags directives inherited from the previous configuration level.
