fix: add removeSecurityFromCookie on ProxyRes to remove secure attribute from cookies

ROUSSE Kevin · ROUSSE Kevin · commit 1392af7b6f32 · 2021-11-16T16:48:46.000+01:00
diff --git a/src/proxy.ts b/src/proxy.ts
@@ -2,6 +2,7 @@ import express from 'express';
 import { createProxyServer } from 'http-proxy';
 
 import { fixRequestBody } from './fixRequestBody';
+import { removeSecurityFromCookie } from './removeSecurityFromCookie';
 import { ProxyParams } from './stubServer';
 
 const send = (
@@ -30,6 +31,7 @@ const send = (
   });
 
   proxy.on('proxyReq', fixRequestBody);
+  proxy.on('proxyRes', removeSecurityFromCookie);
   proxy.web(req, res, { target }, next);
 };
 
diff --git a/src/removeSecurityFromCookie.test.ts b/src/removeSecurityFromCookie.test.ts
@@ -0,0 +1,46 @@
+import * as http from 'http';
+import { createProxyServer } from 'http-proxy';
+
+import { removeSecurityFromCookie } from './removeSecurityFromCookie';
+
+let sourceServer: http.Server;
+let proxyServer: http.Server;
+
+const proxyPort = 2370;
+const sourcePort = 2371;
+const proxyUrl = `http://127.0.0.1:${proxyPort}`;
+const sourceUrl = `http://127.0.0.1:${sourcePort}`;
+
+afterEach(() => {
+  sourceServer.close();
+  proxyServer.close();
+});
+
+test('removeSecurityFromCookie', () => {
+  return new Promise(done => {
+    const proxy = createProxyServer({ target: sourceUrl });
+
+    proxy.on('proxyRes', (proxyRes, req, res) => {
+      removeSecurityFromCookie(proxyRes, req, res);
+      expect(proxyRes.headers['set-cookie']).toEqual(['test']);
+      res.end('Response');
+    });
+
+    function proxyRequestHandler(_req: http.IncomingMessage, _res: http.ServerResponse) {
+      proxy.web(_req, _res);
+    }
+    function sourceRequestHandler(_req: http.IncomingMessage, _res: http.ServerResponse) {
+      _res.writeHead(200, { 'Content-Type': 'text/plain', 'set-cookie': 'test; secure' });
+      _res.end('Response');
+    }
+
+    proxyServer = http.createServer(proxyRequestHandler).listen(proxyPort);
+    sourceServer = http.createServer(sourceRequestHandler).listen(sourcePort);
+
+    http
+      .request(proxyUrl, () => {
+        done(1);
+      })
+      .end();
+  });
+});
diff --git a/src/removeSecurityFromCookie.ts b/src/removeSecurityFromCookie.ts
@@ -0,0 +1,17 @@
+import { ProxyResCallback } from 'http-proxy';
+
+/**
+ * http-proxy does not support secure removal attribute from cookie.
+ * @see see https://github.com/http-party/node-http-proxy/issues/1165
+ * @param proxyReq
+ */
+const removeSecurityFromCookie: ProxyResCallback = proxyRes => {
+  if (proxyRes.headers['set-cookie']) {
+    const cookies = proxyRes.headers['set-cookie'].map(cookie => cookie.replace(/; secure/gi, ''));
+    /* eslint-disable no-param-reassign */
+    proxyRes.headers['set-cookie'] = cookies;
+    /* eslint-enable no-param-reassign */
+  }
+};
+
+export { removeSecurityFromCookie };
