georgir
commented
2 years ago those headers often (always?) specify a cookie domain which will need to be rewritten from the original to the proxy domain for the cookie to be accepted by browsers
Closed DovOps closed 2 years ago
georgir
commented
2 years ago those headers often (always?) specify a cookie domain which will need to be rewritten from the original to the proxy domain for the cookie to be accepted by browsers
Rob--W
commented
2 years ago those headers often (always?) specify a cookie domain which will need to be rewritten from the original to the proxy domain for the cookie to be accepted by browsers
Not "always". "Sometimes" would be more accurate. And such domain cookies cannot reliably be rewritten.
The linked pull request (#401) was closed for good reasons, I'll do the same with this issue.
When doing local development against non-cors API endpoints, sometimes they set cookies in the response which may be needed for subsequent requests. Currently there is hardcoded code to delete set-cookie/2 headers. The proxy should provide an option to preserve these set-cookie response headers, in the event the user configures that they desire this behavior.