Menu
I am new to Nginx server. recently started working nginx project. I have task to set security headers through nginx.conf file. I set some header correctly but not able to set for Set-cookie. My requirement is, in response header Set-Cookie should have Secure and HTTPOnly attributes. Added below two directives in nginx.conf file
set_cookie_flag HttpOnly Secure;
proxy_cookie_path / "/; HTTPOnly; Secure";
Tried with each one and both also, but only HttpOnly coming. Please look into below for my conf file snippet
server {
listen 80;
server_tokens off;
server_name http://{{ getenv "PROXY_URL" }};
set_cookie_flag HttpOnly Secure;
proxy_cookie_path / "/; HTTPOnly; Secure";
include routes;
}
Please help me, what I need to add here or anything I missed.
Thanks in Advance.
823
Launch Google Chrome and go to either WEB or CAWEB portal website. Press F12 (from Keyboard) to launch Developer Tools. Go to Application tab -> Cookies ( left Panel) and ensure the Secure column was ticked.
Remember to do add SameSite=none as well:
location /foo {
proxy_pass http://localhost:4000;
proxy_cookie_path /foo "/; SameSite=None; HTTPOnly; Secure";
}
Sources:
67
I had a look at this article https://geekflare.com/httponly-secure-cookie-nginx/
In order to use set_cookie_flag HttpOnly Secure; you need to build nginx from sources and while adding the path of the secure cookie additional module --add-module=/path/to/nginx_cookie_flag_module.
If you don't want to build nginx from sources, you can add only proxy_cookie_path / "/; HTTPOnly; Secure"; to your configuration.
Following the article, it should be enough.
30
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
