Forum Discussion
Change cookie domain in HTTP::respond
My need is to redirect requests for https://foo.xxx.com/mfe to a new URL (different domain) and pass along a specific cookie (cookie name is avul_user). The redirect works and the cookie is sent, but the browser fails to load the site. Developer tools shows the message: "This attempt to set a cookie via a Set-Cookie header was blocked because its Domain attribute was invalid with regards to the current host url." Any ideas how to change the domain of the cookie and get the browser to accept it?
when HTTP_REQUEST {
if { [HTTP::path] equals "/mfe" } {
set avcookie "[HTTP::cookie value {avul_user}]"
set cookie [format "%s=%s; path=/; domain=%s" avul_user ${avcookie} ".yyy.com"]
HTTP::respond 302 Location "https://foo.yyy.com/web/login" "Set-Cookie" $cookie
}
}
When redirecting (and on cross-domain requests such as fetch()/XMLHttpRequest()) to third-party domains, the browser does not send cookies. Cookies are scoped to a specific domain (and possibly subdomains thereof), because it's a part of internet security, based on Cross-Origin Resourse Sharing (CORS).
Possible solutions for you case, their advantages/disadvantages and how to do it safely, are given on stackoverflow.
- zamroni777Nacreous
the domain part may not need "." as seen in exmaple in mozilla doc:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies - EgrantyNimbostratus
When redirecting (and on cross-domain requests such as fetch()/XMLHttpRequest()) to third-party domains, the browser does not send cookies. Cookies are scoped to a specific domain (and possibly subdomains thereof), because it's a part of internet security, based on Cross-Origin Resourse Sharing (CORS).
Possible solutions for you case, their advantages/disadvantages and how to do it safely, are given on stackoverflow.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com