For the sake of development I need to make NGINX drop "Secure" flag from cookie headers.
Set-Cookie:XSRF-TOKEN=zzzzzzzz-zzzz-zzzz-zzzz-zzzzzzz; Path=/; Secure
should become
Set-Cookie:XSRF-TOKEN=zzzzzzzz-zzzz-zzzz-zzzz-zzzzzzz; Path=/;
For each Set-Cookie header. I am creating a reverse-proxy configuration to decouple development server from the UI and since upstream is running behind HTTPS while NGINX is running on plain HTTP, browser refuses to send cookies back.
Best Answer
Since nginx 1.19.3 you can use http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cookie_flags. For example:
To remove the
Secure
flag from all cookies: