Spring Cloud Zuul does not forward cookies

C

4

13

I am facing a problem with spring cloud Zuul proxy. I hace two microservices configured, up and running. I have a cookie in my web browser and I am using Zuul as an API Gateway, When I hit Zuul to call my Backend, Zuul is not forwarding my cookie to my Backend, It seems that Zuul is ignoring the cookie sent and my Backend is not able to retrieve this.

Can you please help me with this issue?, I am using Spring cloud Brixton.RELEASE and spring boot 1.3.5

Regards.

Colic answered 23/5, 2016 at 17:20 Comment(0)

C

-3

I have solved this problem just passing the data sent in my cookie using simple http headers.

Colic answered 27/5, 2016 at 18:51 Comment(1)

Doing this with HTTP Only Headers, such as the cookies, would allow a client to spoof security checks or modify server-side cookie data. – Deflagrate 15/4, 2019 at 18:57

F

13

In Spring Cloud Netflix 1.1, "Cookies" is included in the sensitive headers list and they are not passed down.

This can be manipulated by config zuul.routes.*.sensitiveHeaders.

See documentation details here under heading "Cookies and Sensitive Headers":

http://cloud.spring.io/spring-cloud-netflix/spring-cloud-netflix.html

Flats answered 15/6, 2016 at 7:24 Comment(3)

Thanks for reply, Let me try your suggestion. – Colic 15/6, 2016 at 20:9

Take a look at ZuulProperties class. There are two ways to configure sensitive headers, one globally and for each route. Set-Cookie and Cookie are included by default. To enable them, you need to override this with something else. For example: zuul.sensitiveHeaders: Authorization – Larrigan 1/7, 2016 at 8:44

I read through the docs above, but those docs don't exactly spell out how you "override" the defaults. I didn't automatically make the assumption that if I specified a new value for sensitiveHeaders that the defaults (Cookie,Set-Cookie,Authorization) would be unset. However I can confirm that setting the value to something different does unset the default completely. Thanks @Larrigan for the helpful tip. – Hanes 21/7, 2016 at 22:14

O

2

Default Zuul sensitive headers allowing to not forward these datas are

sensitiveHeaders=Cookie,Set-Cookie,Authorization

to be able to forward cookies, you can put in your bootstrap.properties file

sensitiveHeaders=

Or if you don't need of Authorization header

sensitiveHeaders=Authorization

Oculomotor answered 12/12, 2019 at 23:0 Comment(0)

M

1

Add sensitive headers in application.yml like this:-

routes:
service:
  path: /service/**
  sensitiveHeaders: Cookie,Set-Cookie
  url: http://localhost:9001

Masseur answered 4/8, 2020 at 19:6 Comment(0)

C

-3

I have solved this problem just passing the data sent in my cookie using simple http headers.

Colic answered 27/5, 2016 at 18:51 Comment(1)

Doing this with HTTP Only Headers, such as the cookies, would allow a client to spoof security checks or modify server-side cookie data. – Deflagrate 15/4, 2019 at 18:57

Recommended topics

Hot tags