Closed eskiesirius closed 2 years ago
Hello @eskiesirius ,
I'm afraid I don't understand what you're asking. I think you'll need to describe much more fully what you are trying to do.
sorry.. i mean example i have setup a nginx test cookie in my API then when i send a post request to /api/login from the frontend it will still ask for the test cookies right?
I'm still not sure what you mean.
Without ModSecurity active, you might have a normal flow related to cookies of two transactions:
Transaction 1: the server sends a 'Set-Cookie' response header to the client
Transaction 2: the client sends a 'Cookie' header to the server with the key-value pair(s) it received in Transaction 1.
With ModSecurity active (I'm assuming embedded mode), if you're asking if the client will still send the same cookies as before, the answer is yes.
I currently have a system that has backend(laravel) and frontend(vue).. how can we bypass the test cookie when accessing through API or what is the correct way of handling test cookie in API?