使用标题过滤代理响应标题 [英] Using a Header to Filter Proxied Response Headers

问题描述

我有一个上游服务器，通常通过返回"Set-Cookie"响应标头来设置Cookie.

I have an upstream server that often sets Cookie(s) by returning the "Set-Cookie" response header.

我想在上述上游服务器前安装一个nginx代理:

I would like to have an nginx proxy in front of said upstream server:

Browser => Nginx => Upstream

如果Browser => Nginx请求具有标头X-No-Cookies: true，我希望来自Upstream => Nginx => Browser的响应不包含Set-Cookie响应标头.如果X-No-Cookies具有任何其他值，我将撒谎Set-Cookie响应标头，使其保持不变. 我无法更改上游服务器的响应标头行为.

If the Browser => Nginx request had the header X-No-Cookies: true I'd like the response from Upstream => Nginx => Browser not to contain the Set-Cookie response header. If X-No-Cookies had any other value, I'd lie the Set-Cookie response header to be returned unaltered. I'm not able to change the response header behavior of the upstream server.

当前，我的nginx配置如下，请特别注意proxy_hide_header指令的使用.我还在X-No-Cookies响应标头中回显了$proxy_hide_header变量.

Currently my nginx config is as follows, pay specific attention to the use of the proxy_hide_header directive. I've also echoed the $proxy_hide_header variable in the X-No-Cookies response header.

map $http_x_no_cookies $proxy_hide_header {
  default "";
  "true"  "Set-Cookie";
}

# Homepage
server {
  listen 80;
  server_name example.com;

  location /api {
    proxy_pass        https://example.com/api;
    proxy_hide_header $proxy_hide_header;
    add_header        "X-No-Cookies" $proxy_hide_header;
  }
}

当我使用cURL发出请求时:

When I make a request with cURL:

curl \
  http://example.com/api \
  -H 'X-No-Cookies: true' \
  -I

我得到以下响应头:

Server: nginx/1.12.2
Date: Thu, 13 Dec 2018 02:26:41 GMT
Content-Type: application/json
Content-Length: 2255
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Accept,Authorization
Access-Control-Allow-Methods: GET, HEAD, POST, PUT, PATCH, DELETE, OPTIONS
Access-Control-Expose-Headers: Content-Length
Set-Cookie: foo=bar; Max-Age=2592000; Expires=Sat, 12 Jan 2019 02:26:41 GMT; Path=/; Domain=example.com; Secure
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-No-Cookies: Set-Cookie

无论何时为proxy_hide_header提供一个nginx变量作为参数，它似乎都没有作用.如果将变量替换为字符串(用$proxy_hide_header代替"Set-Cookie")，则会得到所需的行为-省略了Set-Cookie响应标头.

Whenever the proxy_hide_header is provided an nginx variable as an argument it seems to have no effect. If I swap the variable for a string ($proxy_hide_header substituted for "Set-Cookie") I get the desired behaviour - the Set-Cookie response header is omitted.

编辑:我已将此问题的代码推送到GitHub

Edit: I've pushed the code for this question to GitHub

• 我原来的(无效的)实现是这里

• My original (non-working) implementation is here
• Ivan Shatsky's solution is here

推荐答案

多么有趣的挑战！的确，$proxy_hide_header不接受变量作为其参数，并且不能在if块内使用.同样，我们不能在location块内直接使用$upstream_...变量，因为尚未评估其值.终于我找到了解决方案.我们总是隐藏Set-Cookie标头，然后根据需要再次设置它，该值通过map表达式计算:

What an interesting challenge! Truly, $proxy_hide_header does not accept variables as its parameter and cannot be used inside an if blocks. Also we cannot use $upstream_... variables directly inside a location block because its values are not evaluated yet. Finally I found a solution. We always hide Set-Cookie header and then set it again if needed, values calculating through map expressions:

map $http_x_no_cookies $hide_cookies {
    default "0";
    "true"  "1";
}

map $hide_cookies$upstream_http_set_cookie $cookies {
    ~^0(.*)$ $1;
}

upstream backend {
    server example.com;
}

server {
    listen 80;
    server_name example.com;

    location /api {
        proxy_pass        https://backend/api;
        proxy_hide_header Set-Cookie;
        add_header Set-Cookie $cookies;
    }
}

这篇关于使用标题过滤代理响应标题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！