express-http-proxy icon indicating copy to clipboard operation
express-http-proxy copied to clipboard
verified publisher icon villadora

copyProxyResHeadersToUserRes overwrites Set-Cookie headers that have already been set by previous middleware

Open fabb opened this issue 1 year ago • 4 comments

We have some middlewares before the proxy middleware to handle setting cookies (like authentication and others). We set cookies like this in previous middlewares: res.cookie('name', 'value').

Responses that are proxies do not contain these Set-Cookie headers though. Other headers seem to pass fine.

We do not use userResHeaderDecorator.

express-http-proxy should not remove any Set-Cookie headers that have already been set on the response object.

fabb avatar Aug 16 '24 10:08 fabb

The problem is this line: https://github.com/villadora/express-http-proxy/blob/master/app/steps/copyProxyResHeadersToUserRes.js#L13

It looks like if the proxied backend returns Set-Cookie header, it overwrites these headers if they were already set on the user response object.

The problem is that there is no workaround using userResHeaderDecorator because copyProxyResHeadersToUserRes runs before it and already deleted the headers.

fabb avatar Aug 16 '24 12:08 fabb

@fabb Thanks for the detailed report and fix. I'll review this week.

monkpow avatar Aug 20 '24 00:08 monkpow

@monkpow friendly reminder 🙂

fabb avatar Oct 02 '24 16:10 fabb

@monkpow friendly reminder, plz review :-)

fabb avatar Jan 13 '25 11:01 fabb