-
Notifications
You must be signed in to change notification settings - Fork 854
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Response interceptor copyHeaders logic only removes first character of cookie domain because of non-greedy regex #970
Comments
Hello. I've the exact same behavior using
proxy.conf.mjs import { responseInterceptor } from 'http-proxy-middleware';
export default {
"/api/v1/**": {
"target": "**redacted**",
"secure": true,
"changeOrigin": true,
"logger": console,
"ws": true,
selfHandleResponse: true, // res.end() will be called internally by responseInterceptor()
configure: (proxy, _options) => {
proxy.on("proxyRes", responseInterceptor(async (responseBuffer, proxyRes, req, serverResponse) => {
// body manipulation here
return responseBuffer
}));
}
}
} Cookie sent by the server : Cookie returned to Angular app |
Hi, I believe we managed to track down the source of this bug with my team. We forked the project and managed to fix the the domain overwrite. Fork available here We made 2 changes:
This means that the code will start to respect the documentation on this page where it says that the default behaviour is not to remove the domains. See: Our requirement was actually to keep the same domain that came back on proxyRes, but this can be used to alter the domain, as well. I'd love to raise a PR if that's ok with @chimurai. Suggestions are welcomed, and encouraged. 😉 |
Hi @chimurai Looks like you already had a PR with a similar fix here: #806 Would it be possible to merge this, please, so we can stop using our forked version? I'm sure others would appreciate it, too. On a separate, but related note: It doesn't address the fact though, that you still don't get to control the cookie domain overwrites, because the config that you're accepting on I think all you need to do is pass the config down to The line would change from Would you accept my PR to fix this, too? I'd be more than happy to raise it. |
Checks
http-proxy-middleware
.Describe the bug (be clear and concise)
The regex here https://github.com/chimurai/http-proxy-middleware/blob/master/src/handlers/response-interceptor.ts#L120 only removes the first character of the cookie domain in the
Set-Cookie
header, e.g.... domain=magento2.docker; ...
is rewritten... domain=agento2.docker; ...
Step-by-step reproduction instructions
Expected behavior (be clear and concise)
If the intended behavior here is to completely remove the domain from the cookie (which doesn't seem right to me based on default config, but that's a separate issue I guess?), then it should be entirely removed.
How is http-proxy-middleware used in your project?
I'm using it directly for localhost to rewrite magento2.docker -> localhost:3000
What http-proxy-middleware configuration are you using?
What OS/version and node/version are you seeing the problem?
Additional context (optional)
It seems perhaps the regex should be "greedy", and the
?
should be removed perhaps? Honestly I don't exactly know what the intention is for this logic.The text was updated successfully, but these errors were encountered: