For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

krisdames's avatar
krisdames
Icon for Cirrus rankCirrus
Jan 05, 2024
Solved

Change cookie domain in HTTP::respond

My need is to redirect requests for https://foo.xxx.com/mfe to a new URL (different domain) and pass along a specific cookie (cookie name is avul_user). The redirect works and the cookie is sent, but...
application delivery
irule
  • Egranty's avatar
    Egranty
    Jan 06, 2024

    When redirecting (and on cross-domain requests such as fetch()/XMLHttpRequest()) to third-party domains, the browser does not send cookies. Cookies are scoped to a specific domain (and possibly subdomains thereof), because it's a part of internet security, based on Cross-Origin Resourse Sharing (CORS).

    Possible solutions for you case, their advantages/disadvantages and how to do it safely, are given on stackoverflow.

Egranty's avatar
Egranty
Icon for Nimbostratus rankNimbostratus
Jan 06, 2024

When redirecting (and on cross-domain requests such as fetch()/XMLHttpRequest()) to third-party domains, the browser does not send cookies. Cookies are scoped to a specific domain (and possibly subdomains thereof), because it's a part of internet security, based on Cross-Origin Resourse Sharing (CORS).

Possible solutions for you case, their advantages/disadvantages and how to do it safely, are given on stackoverflow.