search

chimurai / http-proxy-middleware

:zap: The one-liner node.js http-proxy middleware for connect, express, next.js and more
MIT License
10.6k stars 828 forks source link

The Cookie header is not being included in the redirected address. #993

Open alpgul opened 2 months ago

alpgul commented 2 months ago

Checks

Describe the bug (be clear and concise)

The "Cookie" header is not automatically added to the redirected address.

Step-by-step reproduction instructions

When I inspected the requests with Burp, the redirected address was not receiving the "Cookie" header. However, when I changed the user agent, the user agent was indeed changing.

Expected behavior (be clear and concise)

The addition of the "Cookie" header to the redirected address.

How is http-proxy-middleware used in your project?

pnpm i http-proxy-middleware

What http-proxy-middleware configuration are you using?

`const proxy=createProxyMiddleware({
  target: 'https://www.example.com/',
  changeOrigin: true,
  agent,
  autoRewrite: true ,
  followRedirects: true,
  selfHandleResponse: true,
  headers:{
  "Cookie":"test=123"
  },
  on: {
    proxyReq: (proxyReq, req, res,options) => {

    }
    }
});
function customProxy(req,res,next){
  req.headers["Cookie"]='test='+getKey();
  proxy(req,res,next);
}
app.use('/proxy',customProxy );
//app.use('/proxy',proxy);`
`

What OS/version and node/version are you seeing the problem?

win 10
node v21.7.1

Additional context (optional)

No response

alpgul commented 2 months ago

follow-redirects:

  if (redirectUrl.protocol !== currentUrlParts.protocol &&
     redirectUrl.protocol !== "https:" ||
     redirectUrl.host !== currentHost &&
     !isSubdomain(redirectUrl.host, currentHost)) {
    removeMatchingHeaders(/^(?:(?:proxy-)?authorization|cookie)$/i, this._options.headers);
  }

I found the reason for the problem: follow-redirects package is deleting the cookie header.

alpgul commented 2 months ago 
 const proxy = createProxyMiddleware({
     ssl: {
         beforeRedirect: (options, response, request) => {
             options.headers["Cookie"] = 'mycookie=test';
         }
     }
     target: 'https://www.example.com/',
     changeOrigin: true,
     agent,
     autoRewrite: true,
     followRedirects: true,
     selfHandleResponse: true,
     headers: {
         "Cookie": "test=123"
     },
     on: {
         proxyReq: (proxyReq, req, res, options) => {

         }
     }
 });

I can send the cookie value to the redirect using the temporary solution above.