I'm using nginx as a reverse proxy to serve a https-only site. So I want the cookies for this site flagged as secure. But the backend server is an http one so it won't set the secure flag to its cookies. How can I modify the Set-Cookie header in response to add a secure flag?
Nginx – In nginx reverse proxy, how to set the secure flag for cookies
nginxreverse-proxy
Related Topic
- NGINX Reverse Proxy – URL Rewrite
- Nginx – Remove cookies by cookie name in nginx reverse proxy
- Nginx – Chrome ignores Set-Cookie directive from nginx reverse proxy
- Nginx reverse proxy – remove “Secure” from cookies
- Nginx – Inject cookie with Nginx reverse proxy
- Nginx Proxy – Cookies Not Set Issue
- Nginx Reverse Proxy – Configuring Custom Headers from Backend to Client
Best Answer
You might be able to get your nginx proxy modify the cookies created by the backend and set the secure flag - for inspiration see How to rewrite the domain part of Set-Cookie in a nginx reverse proxy?.
However I'd imagine that getting whatever is creating the cookie on the backend to set the secure flag is going to be a better solution. How you do that is another story (or question :).