How to set httponly response header using nginx?

Member

by vanessa , in category: Other , a year ago

How to set httponly response header using nginx?

Facebook Twitter LinkedIn Telegram Whatsapp

1 answer

Member

by scotty , a year ago

@vanessa 

To set the HttpOnly flag for the Set-Cookie response header in Nginx, you can use the proxy_cookie_flags directive.


First, make sure you have the proxy module enabled in your Nginx configuration. You can do this by checking the nginx.conf file or any other included configuration files for the following line:

1
load_module modules/ngx_http_proxy_module.so;


If it's not present, you need to add it and restart Nginx.


Once you have the proxy module enabled, you can use the proxy_cookie_flags directive within a server block or location block to set the HttpOnly flag for cookies.


Here's an example configuration:

1
2
3
4
5
6
7
8
9
server {
  listen 80;
  server_name example.com;
  
  location / {
    proxy_pass http://backend_server;
    proxy_cookie_flags ~ secure httponly;
  }
}


In this example, the proxy_pass directive is used to forward requests to a backend server. The proxy_cookie_flags directive is then used to set the flags for the Set-Cookie response header. The ~ secure httponly parameter tells Nginx to set both the Secure and HttpOnly flags for cookies.


Note that the proxy_cookie_flags directive only works with the proxy module, so it won't work if you're not using Nginx as a reverse proxy.


After making the necessary changes to your Nginx configuration, remember to save the file and restart Nginx for the changes to take effect.

Related Threads:

How to set header in Node.js response?
How to set "transfer-encoding" in the golang revel response header?
How to set an httponly cookie in jQuery?
How can I get the content of all cookies in the "set-cookie" header returned by upstream in nginx?
How to read response header values in the feature file of the Karate framework?