Will express-http-proxy pass session cookies through to clients?

villadora / express-http-proxy

Proxy middleware for express/connect

Other

1.23k stars 234 forks source link

Will express-http-proxy pass session cookies through to clients? #152

Closed rdkgit closed 8 years ago

rdkgit commented 8 years ago

Hi!

I'm using express-http-proxy for a proxy server I'm writing. I'm testing access to a webapp through this proxy. The web app sets session cookies. When I examine the client, it is not receiving the cookie when it queries through the proxy. When the client queries directly, it gets the cookie. Sorry if this is a duplicate question.

Thanks,

Bobby

rdkgit commented 8 years ago

Followup, cookies are getting sent back and forth but somehow the node/express webapp is not recognizing the cookie when it comes through the proxy.

Any ideas who to fix this? I've enabled 'trust proxy' in the app.

Bobby

rdkgit commented 8 years ago

I struggled with paths in the proxy code but once I got that squared away, proxy performed nicely with https,http, and cookies. Closing issue.

radixhound commented 7 years ago

@rdkgit Any chance you can post a little bit more detail about what you mean about struggling with the paths? Could you give an example of what kind of thing didn't work vs. what kind of thing worked? I'm just starting on this and ran into the same thing pretty quickly. Not sure why cookies aren't being set.

radixhound commented 7 years ago

Ok looks like cookies are working for me too.

For future explorers, you can view the cookies being set with something like this:

  decorateRequest: (proxyReq) => {
    console.log("Cookie", proxyReq.headers.cookie);
    return proxyReq;
  },
  intercept: (rsp, data, req, res, callback) => {
    // rsp - original response from the target
    console.log("set-cookie", rsp.headers['set-cookie']);
    callback(null, data);
  },

My problem is that the form data being isn't making it through to the other server on a POST, and it's failing the check for the CSRF token which is a little misleading because the POST is blank...

rdkgit commented 7 years ago

Hi!

I havent tested posting forms through my web proxy yet. I'll test that next week when I get back from backpacking trip.

For paths, I'm setting up a proxy so that anything under /path goes to proxy1, /otherpath goes to proxy2, etc. I had to manipulate the path a bit so I could catch various parts of the entire url string.

app.use('/path',proxy('localhost:1234/path',{ https: true, forwardPath: function (req, res) { aUrl = url.parse(req.url); console.log("Requesting "+req.baseUrl+aUrl.path); return req.baseUrl+aUrl.path; }, }));

radixhound commented 7 years ago

Thanks for the reply!

I figured out my problem as well, turns out it's unrelated to the proxy. I have body-parser in the root of the app and it was intercepting the post request even though the mime type was application/x-www-form-urlencoded and wiping out the posted form data.

rdkgit commented 7 years ago

Hi!

Sorry for the long long delay. Was knee-deep in java/android and c-code.

I tested my proxy with forms, session cookies, and posts and it all seems to be working quite nicely.

Bobby

tnguyen14 commented 4 years ago

@radixhound how did you fix that issue?

radixhound commented 4 years ago

@tnguyen14 It's been a while so I can remember well the details but the problem was that a different package (body-parser) was behaving badly. The data wasn't JSON but it was trying to parse the data anyway and clearing the data out. We probably explicitly bypassed body-parser for form encoded data by looking at the mime type. Either that or we removed body-parser and used a different method for parsing json.