Forum Discussion

Altostratus

Jul 25, 2017

Exclude specific cookie from set_cookie_header iRule

We currently apply "Secure" and "HttpOnly" via the iRule below. We now need to exclude any cookie that starts with "XSRF-TOKEN" from the "HttpOnly" portion of this iRule. Any help in syntax would b...

Nacreous

Jul 25, 2017

Try this... HTTP::cookie secure should return "enable" if it's been set according to the Wiki but I've not tested the output myself

https://devcentral.f5.com/Wiki/iRules.HTTP__cookie.ashx

 when HTTP_RESPONSE { 
  set unsafe_cookie_headers [HTTP::header values "Set-Cookie"] 

  if { not ([string tolower [HTTP::cookie value]] starts_with "XSRF-TOKEN") && ([HTTP::cookie secure] eq "enable" )} {
    HTTP::header remove "Set-Cookie" 
      foreach set_cookie_header $unsafe_cookie_headers { 
        HTTP::header insert "Set-Cookie" "${set_cookie_header}; Secure; HttpOnly" 
    } else {
        return       
      }
    }
  }

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)