You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/12/07 08:04:19 UTC

[GitHub] [apisix] rampagecong commented on issue #8463: bug: The BUG that was created when the response header was modified using the plugin

rampagecong commented on issue #8463:
URL: https://github.com/apache/apisix/issues/8463#issuecomment-1340550705

   > > I called 'r.R.header ().Add("Set-Cookie", v)' in a browser with a runner,
   > 
   > I think you should be careful with `("Set-Cookie", v)`, here is how to modify the response cookie in APISIX:
   > 
   > https://github.com/apache/apisix/blob/1da09bf4442e2a2cafd309ecd6297551342a4cb8/apisix/plugins/cas-auth.lua#L64-L66
   > 
   > As you can see, only the cookie with a specific name will be modified here.
   
   I see.
   
   https://github.dev/apache/apisix/blob/edb8edfd42943c1e112b259f1c1c29bd41136512/apisix/plugins/ext-plugin/init.lua#L658-L673
   
   This is the code that I brought up PR to modify the response header.
   
   The use of set-cookie in core.response.add_header will affect both the current browser and the cookie in the browser accessing the route. I think it should not be so. Should be a cookie that only affects the currently accessed browser.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org