Hello,
I've found strange behaviour with this rewrite method.
When :
- there are space (%20) in the URI
And
- a cookie match regexp (and is removed)
Nginx replace ";" and " " in Cookie header with %3B%20
For example:
I want to remove "Testy" cookie.
Here is nginx sample config :
server {
set $
Oops: this is the correct link: https://regex101.com/r/RZltB6/1
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,252944,270942#msg-270942
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Hi,
Thanks for this; it is pretty close to what I need. I just tried it out in
the regex101.com editor and I think there might be a vulnerability:
https://regex101.com/delete/ypHV2Yw6o3wHqGDQTHRPZw3r
The client could include the same cookie name in twice. This regexp would
only strip out one of t
Yep, works like a charm, thank you! And two consecutive ifs to strip two
cookies works as well:
set $stripped_cookie $http_cookie;
if ($http_cookie ~ "(.*)(?:^|;)\s*sessionid=[^;]+(.*)$") {
set $stripped_cookie $1$2;
}
if ($stripped_cookie ~ "(.*)(?:^|;)\s*csrftoken=[^;]+(.
Hello!
On Fri, Aug 29, 2014 at 11:55:08AM -0400, gthb wrote:
> Hi,
>
> is it possible to hide one request cookie (but not all, so proxy_set_header
> Cookie "" is not the way) when proxying to an upstream server?
>
> The use case is:
>
> * website foo.com uses a hosted service on a subdomain, e
Hi,
is it possible to hide one request cookie (but not all, so proxy_set_header
Cookie "" is not the way) when proxying to an upstream server?
The use case is:
* website foo.com uses a hosted service on a subdomain, e.g. blog.foo.com
hosted by Wordpress.com
* horror: MSIE will send all foo.com
