主页 / server / 问题 / 775544
Accepted
IAmJulianAcosta
Asked: 2016-05-09 16:04:27 +0800 CST

在 nginx 中修改 PHP 发送的 cookie

  • 772

我有一个需要用 Javascript 读取的 cookie,所以我需要从中删除 cookie 的 httponly 部分。

这是我需要修改的 cookie:

Set-Cookie: wordpress_c3d46b752402579c18e981091b8c940c=admin%7C1463963639%7CWsIehTVJh4%7C7ee6e8117b6b; expires=Mon, 23-May-2016 12:33:59 GMT; Max-Age=1252800; path=/wp-content/plugins; domain=.example.org; HttpOnly

我只需要在 cookie 的末尾剥离 HttpOnly 字符串

PS:我知道我在这里引入了一个潜在的安全问题。

nginx

2 个回答

  1. 有 Nginx Lua 模块和代码片段可以做到这一点,例如:

    https://github.com/cloudflare/lua-resty-cookie

    首先抓取cookie:

    syntax: cookie_val, err = cookie_obj:get(cookie_name)

    然后,您可以将其设置为 httponly false:

    syntax: ok, err = cookie_obj:set({
    key = "Name",
    value = "Bob",
    path = "/",
    domain = "example.com",
    secure = true, httponly = false,
    expires = "Wed, 09 Jun 2021 10:18:14 GMT",
    max_age = 50,
    extension = "a4334aebaec"
})
    • 2
  2. Best Answer

    使用 Lua 可以做到这一点:

    nginx.conf:

    location /foo {
    internal;
    #Do normal stuff that you will do in this location
}

location /bar {
    content_by_lua_block {
        response = ngx.location.capture("/foo")
        for cookieName, cookie in pairs(response.header["Set-Cookie"]) do
            #Modify cookie as needed
        end
    }
}
    • 1

相关问题