Home > Enterprise >  Setting multiple cookies using nginx subrequest authentication
Setting multiple cookies using nginx subrequest authentication

Time:08-26

I am using nginx-ingress in my cluster to expose certain services. I have an "auth" service that handles authentication, which I am trying to setup through nginx. Currently the service has a very simple GET endpoint, that always responds with a UserId header and tries to set two cookies:

// This is implemented on Nest.js which uses express.js

@Get('*')
auth(@Res() res: Response): void {
  res.header('UserId', '1')

  res.cookie('key', 'value')
  res.cookie('x', 'y')

  res.status(200).send('hello')
}

I can confirm that both cookies are being set when I manually send a request to that endpoint, but when I set it as an annotation to the ingress:

nginx.ingress.kubernetes.io/auth-url: http://auth.dev.svc.cluster.local

and send a request through the ingress, only one of the cookies is forwarded to the Response (the first one key=value). I am not familiar with the nginx configuration, is there something I am supposed to change to make this work, so that both cookies are set?

I found this issue on GitHub, but it seems to be about OAuth2 there is no clear explanation on what I am supposed to change.

CodePudding user response:

I couldn't find a way to make this work with the Set-Cookie header. Not sure if there is a better way, but here is a workaround:

I added a snippet for the location block that converts two headers to cookies:

nginx.ingress.kubernetes.io/configuration-snippet: |
  auth_request_set    $auth_cookie1 $upstream_http_x_header1;
  auth_request_set    $auth_cookie2 $upstream_http_x_header2;
  add_header          Set-Cookie $auth_cookie1;
  add_header          Set-Cookie $auth_cookie2;

And the auth() endpoint now responds with the X-Header1 and X-Header2 headers:

import { serialize } from 'cookie'

@Get('*')
auth(@Res() res: Response): void {
  res.header('UserId', '1')

  res.header('X-Header1', serialize('key', 'value'))
  res.header('X-Header2', serialize('x', 'y'))

  res.status(200).send('hello')
}

Everything seems to be working well and this solution is similar to how nginx is adding the Set-Cookie header which doesn't support multiple cookies. The code below is copied from the nginx.conf file in the nginx-controller pod that nginx-ingress creates.

auth_request_set    $auth_cookie $upstream_http_set_cookie;
add_header          Set-Cookie $auth_cookie;

Page link:https//www.codepudding.com/Enterprise/523979.html

Prev:NextJs: Nginx returning 404 on API routes
Next:Find out all java code places where a blocking operation happens
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding