Skip to content Skip to sidebar Skip to footer

Removing Header From Cached Response With Nginx

I have NGINX running as a reverse proxy in front of a few Flask apps. I want to implement caching for logged out users. Flask-login adds a Set-Cookie header for every response, eve

Solution 1:

Update: After trying a million things I have a solution that’s working for multiple cookies, I would like your opinions. On Debian 10 I installed apt-get install libnginx-mod-http-lua I think this is not the complete OpenResty lua-nginx-module, isn’t it?

map $upstream_bytes_received $hide_cookie {
   default '';
   '' Set-Cookie;
}

Inside location:

header_filter_by_lua_block {
   ngx.header[ngx.var.hide_cookie] = nil;
}

And it works, I will do more testing...


Previous answer, for 1 cookie, without Lua:

I've been working on a solution for this, but for now it works for ONLY ONE cookie.

First I faced the following problems: $proxy_hide_header does not accept variables, and cannot be used inside if(). I finally found an answer that contained a viable solution to that: Using a Header to Filter Proxied Response Headers.

So this is my code for now , that I will test more, because is a delicate matter:

map $upstream_bytes_received $cookies {
default $upstream_http_set_cookie;
'''';
}

And then inside location:

    proxy_hide_header Set-Cookie;
    add_header Set-Cookie $cookies;

Maybe I would make the default: No cookies, that will be noticeable if fails, and less problematic regarding privacy.

But this solution I think cannot be improved for multiple cookies, I have to look elsewhere, if I could force the use of variables at $proxy_hide_header would be the end solution.

Post a Comment for "Removing Header From Cached Response With Nginx"