Reputation: 5204
Probably a duplicate of this question but it doesn't have an answer, and I tried the suggestion there and was unable to make it work. I need to authorize a every request before proxying it, and I'm trying to do that via cookie, but the cookie value isn't set on any subsequent requests. Most places on the internet recommend something like the following
server {
auth_request /auth;
location /auth {
internal;
proxy_pass http://auth:8080/auth;
auth_request_set $saved_set_cookie $upstream_http_set_cookie;
add_header Set-Cookie $saved_set_cookie;
}
}
But that does not seem to be working. I've tried even using a custom header to see if I can see it, as mentioned in the question above, and it doesn't work.
server {
auth_request /auth;
location /auth {
internal;
proxy_pass http://auth:8080/auth;
auth_request_set $saved_set_cookie $upstream_http_set_cookie;
add_header X-COOKIE-TEST $saved_set_cookie;
}
}
If I go to the auth server directly I do see the cookie is set
Upvotes: 1
Views: 5034
Reputation: 332
Found a working solution at https://github.com/nginxinc/NGINX-Demos/blob/331fd357e6e1813b5d41aed48880cf274d31dcee/oauth2-token-introspection-oss/frontend.conf#L29 and it's really simple (Nginx 1.18.0):
location / {
auth_request /authz;
auth_request_set $new_cookie $sent_http_set_cookie; # use sent_http_*, not upstream_http_*
add_header Set-Cookie $new_cookie;
add_header X-Test $sent_http_set_cookie; # it's even working directly
}
Upvotes: 2