使用标题过滤代理响应标题 [英] Using a Header to Filter Proxied Response Headers
问题描述
我有一个上游服务器,通常通过返回"Set-Cookie"响应标头来设置Cookie.
I have an upstream server that often sets Cookie(s) by returning the "Set-Cookie" response header.
我想在上述上游服务器前安装一个nginx代理:
I would like to have an nginx proxy in front of said upstream server:
Browser => Nginx => Upstream
如果Browser => Nginx
请求具有标头X-No-Cookies: true
,我希望来自Upstream => Nginx => Browser
的响应不包含Set-Cookie
响应标头.如果X-No-Cookies
具有任何其他值,我将撒谎Set-Cookie
响应标头,使其保持不变. 我无法更改上游服务器的响应标头行为.
If the Browser => Nginx
request had the header X-No-Cookies: true
I'd like the response from Upstream => Nginx => Browser
not to contain the Set-Cookie
response header. If X-No-Cookies
had any other value, I'd lie the Set-Cookie
response header to be returned unaltered. I'm not able to change the response header behavior of the upstream server.
当前,我的nginx配置如下,请特别注意proxy_hide_header
指令的使用.我还在X-No-Cookies
响应标头中回显了$proxy_hide_header
变量.
Currently my nginx config is as follows, pay specific attention to the use of the proxy_hide_header
directive. I've also echoed the $proxy_hide_header
variable in the X-No-Cookies
response header.
map $http_x_no_cookies $proxy_hide_header {
default "";
"true" "Set-Cookie";
}
# Homepage
server {
listen 80;
server_name example.com;
location /api {
proxy_pass https://example.com/api;
proxy_hide_header $proxy_hide_header;
add_header "X-No-Cookies" $proxy_hide_header;
}
}
当我使用cURL发出请求时:
When I make a request with cURL:
curl \
http://example.com/api \
-H 'X-No-Cookies: true' \
-I
我得到以下响应头:
Server: nginx/1.12.2
Date: Thu, 13 Dec 2018 02:26:41 GMT
Content-Type: application/json
Content-Length: 2255
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Accept,Authorization
Access-Control-Allow-Methods: GET, HEAD, POST, PUT, PATCH, DELETE, OPTIONS
Access-Control-Expose-Headers: Content-Length
Set-Cookie: foo=bar; Max-Age=2592000; Expires=Sat, 12 Jan 2019 02:26:41 GMT; Path=/; Domain=example.com; Secure
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-No-Cookies: Set-Cookie
无论何时为proxy_hide_header
提供一个nginx变量作为参数,它似乎都没有作用.如果将变量替换为字符串(用$proxy_hide_header
代替"Set-Cookie"
),则会得到所需的行为-省略了Set-Cookie
响应标头.
Whenever the proxy_hide_header
is provided an nginx variable as an argument it seems to have no effect. If I swap the variable for a string ($proxy_hide_header
substituted for "Set-Cookie"
) I get the desired behaviour - the Set-Cookie
response header is omitted.
编辑:我已将此问题的代码推送到GitHub
Edit: I've pushed the code for this question to GitHub
- 我原来的(无效的)实现是这里
- My original (non-working) implementation is here
- Ivan Shatsky's solution is here
推荐答案
多么有趣的挑战!的确,$proxy_hide_header
不接受变量作为其参数,并且不能在if
块内使用.同样,我们不能在location
块内直接使用$upstream_...
变量,因为尚未评估其值.终于我找到了解决方案.我们总是隐藏Set-Cookie
标头,然后根据需要再次设置它,该值通过map
表达式计算:
What an interesting challenge! Truly, $proxy_hide_header
does not accept variables as its parameter and cannot be used inside an if
blocks. Also we cannot use $upstream_...
variables directly inside a location
block because its values are not evaluated yet. Finally I found a solution. We always hide Set-Cookie
header and then set it again if needed, values calculating through map
expressions:
map $http_x_no_cookies $hide_cookies {
default "0";
"true" "1";
}
map $hide_cookies$upstream_http_set_cookie $cookies {
~^0(.*)$ $1;
}
upstream backend {
server example.com;
}
server {
listen 80;
server_name example.com;
location /api {
proxy_pass https://backend/api;
proxy_hide_header Set-Cookie;
add_header Set-Cookie $cookies;
}
}
这篇关于使用标题过滤代理响应标题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!