Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The Cookie header is not being included in the redirected address. #993

Open
2 tasks done
alpgul opened this issue Apr 21, 2024 · 2 comments
Open
2 tasks done

The Cookie header is not being included in the redirected address. #993

alpgul opened this issue Apr 21, 2024 · 2 comments

Comments

@alpgul
Copy link

alpgul commented Apr 21, 2024

Checks

Describe the bug (be clear and concise)

The "Cookie" header is not automatically added to the redirected address.

Step-by-step reproduction instructions

When I inspected the requests with Burp, the redirected address was not receiving the "Cookie" header. However, when I changed the user agent, the user agent was indeed changing.

Expected behavior (be clear and concise)

The addition of the "Cookie" header to the redirected address.

How is http-proxy-middleware used in your project?

pnpm i http-proxy-middleware

What http-proxy-middleware configuration are you using?

`const proxy=createProxyMiddleware({
  target: 'https://www.example.com/',
  changeOrigin: true,
  agent,
  autoRewrite: true ,
  followRedirects: true,
  selfHandleResponse: true,
  headers:{
  "Cookie":"test=123"
  },
  on: {
    proxyReq: (proxyReq, req, res,options) => {
      
    }
    }
});
function customProxy(req,res,next){
  req.headers["Cookie"]='test='+getKey();
  proxy(req,res,next);
}
app.use('/proxy',customProxy );
//app.use('/proxy',proxy);`
`

What OS/version and node/version are you seeing the problem?

win 10
node v21.7.1

Additional context (optional)

No response
@alpgul
Copy link
Author

alpgul commented Apr 21, 2024
edited

follow-redirects:

  if (redirectUrl.protocol !== currentUrlParts.protocol &&
     redirectUrl.protocol !== "https:" ||
     redirectUrl.host !== currentHost &&
     !isSubdomain(redirectUrl.host, currentHost)) {
    removeMatchingHeaders(/^(?:(?:proxy-)?authorization|cookie)$/i, this._options.headers);
  }

I found the reason for the problem: follow-redirects package is deleting the cookie header.

@alpgul
Copy link
Author

alpgul commented Apr 22, 2024 

 const proxy = createProxyMiddleware({
     ssl: {
         beforeRedirect: (options, response, request) => {
             options.headers["Cookie"] = 'mycookie=test';
         }
     }
     target: 'https://www.example.com/',
     changeOrigin: true,
     agent,
     autoRewrite: true,
     followRedirects: true,
     selfHandleResponse: true,
     headers: {
         "Cookie": "test=123"
     },
     on: {
         proxyReq: (proxyReq, req, res, options) => {

         }
     }
 });

I can send the cookie value to the redirect using the temporary solution above.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@alpgul