Fail to create cookies while using ngrok with header rewrite

Question

I use docker as my local dev environment and use the dinghy-http-proxy which adds a new TLD .docker to map request to a nginx-proxy container.

My websites are typically reached through an URL like http://devel.domain.com.docker.

I want to use ngrok to develop locally while accessing remote webhooks.

I successfully launched ngrok with the command:

ngrok http -host-header=rewrite devel.domain.com.docker 80

I can access the login form of my web application through the address http://randomsubdomain.ngrok.io.

However, I can't log in because it looks like the cookie session can't be set.

Indeed, cookies sessions are tried to be set for the domain devel.domain.com.docker but as we use randomsubdomain.ngrok.io in the browser they are blocked for security reasons.

How can I bypass this problem? Am I missing something in my configuration? Is ngrok the right tool for what I want to achieve?

Answer 1

Asked directly to ngrok.io support and got this answer:

No, you're not missing anything, that's just an unfortunate side effect of rewriting the host header. Host header rewriting only works for some applications because of complications like this (and others that involve javascript and cross-origin, etc). If possible, it's always much better to reconfigure your website to accept the ngrok.io host header.

However, I found a solution by checking if the request contains in the header x-original-host the domain ngrok.io, and then I alter the session mechanism (in PHP session_set_cookie_params) to use the x-original-host domain instead.