You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/09/19 11:17:15 UTC

[GitHub] [apisix] LiteSun opened a new issue, #7943: feat: response-rewrite plugin fine-grained cookie control

LiteSun opened a new issue, #7943:
URL: https://github.com/apache/apisix/issues/7943

   ### Description
   
   The `response-rewrite` plugin headers feature is currently overridden, resulting in cookies returned upstream being overridden by APISIX.
   
   The add function in the last version of the `response-rewrite` plugin can also only append the new header to the upstream header.
   
   We need to have more granular control over cookies to meet different user scenarios.
   
   For example, parsing the key-value structure in the upstream set-cookie so that only the value of the key with the same name is overwritten and the upstream cookie is retained.
   
   After talking to @spacewander, the following changes can be made to our plugin.
   
   ```
   We can add a new cookie configuration to the response-rewrite plugin to allow cookies to be modified.
   
   The configuration is as follows.
   cookies = {
       properties = {
           set = {
               type = "object",
               minProperties = 1,
               patternProperties = {
                   ["^.*$"] = {
                       properties = {
                           value = {type = "string"},
                           samesite = {enum = {"None", "Lax", "Strict"}},
                           ...
                       },
                   }
               },
           },
           remove = {
               type = "array",
               minItems = 1,
               items = {
                   type = "string",
                   minLength = 1,
               }
           },
       },
   },
   
   The set operation modifies or adds a cookie with the given name, where value is the value of the cookie and parameters such as SameSite are additional options.
   The remove operation removes the cookie with the given name.
   The order of execution is set followed by remove.
   
   For example, the following configuration would set the cookie named id to a3fWa and delete the cookie idx.
   "plugins": {
       "response-rewrite": {
           "cookies": {
               "set": {
                   "id": {
                       "value": "a3fWa",
                       "samesite": "Lax"
                   }
               },
               "remove": [
                   "idx"
               ]
           }
       }
   },
   
   The cookie manipulation will take place after the header modification, so the original header configuration is not affected.
   
   We can implement the cookie modification function based on the following PR.
   https://github.com/cloudflare/lua-resty-cookie/pull/35/files
   
   To delete a cookie, you need to get the current Set-Cookie header, remove the one to be removed and set it back.
   
   ```
   
   Thanks for @spacewander 's support.
   
   Feel free to comment here 😊


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] LiteSun commented on issue #7943: feat: response-rewrite plugin fine-grained cookie control

Posted by GitBox <gi...@apache.org>.

LiteSun commented on issue #7943:
URL: https://github.com/apache/apisix/issues/7943#issuecomment-1254412225

   
   
   
   > > For example, parsing the key-value structure in the upstream set-cookie so that only the value of the key with the same name is overwritten and the upstream cookie is retained.
   > 
   > This sentence confuses me. What's the point to mention the upstream cookie? Cookie is a request header, but what you were describing is the response rewrite plugin.
   
   oh, it should be  ..... the upstream set-cookie is retained


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tokers commented on issue #7943: feat: response-rewrite plugin fine-grained cookie control

Posted by GitBox <gi...@apache.org>.

tokers commented on issue #7943:
URL: https://github.com/apache/apisix/issues/7943#issuecomment-1252099814

   > For example, parsing the key-value structure in the upstream set-cookie so that only the value of the key with the same name is overwritten and the upstream cookie is retained.
   
   This sentence confuses me. What's the point to mention the upstream cookie? Cookie is a request header, but what you were describing is the response rewrite plugin.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org