Spring Cloud Zuul does not forward cookies

cookies spring-boot netflix-zuul spring-cloud-netflix
13,660

Solution 1

I have solved this problem just passing the data sent in my cookie using simple http headers.

Solution 2

In Spring Cloud Netflix 1.1, "Cookies" is included in the sensitive headers list and they are not passed down.

This can be manipulated by config zuul.routes.*.sensitiveHeaders.

See documentation details here under heading "Cookies and Sensitive Headers":

http://cloud.spring.io/spring-cloud-netflix/spring-cloud-netflix.html

Solution 3

Default Zuul sensitive headers allowing to not forward these datas are

sensitiveHeaders=Cookie,Set-Cookie,Authorization

to be able to forward cookies, you can put in your bootstrap.properties file 

sensitiveHeaders=

Or if you don't need of Authorization header

sensitiveHeaders=Authorization

Solution 4

Add sensitive headers in application.yml like this:-

routes:
service:
  path: /service/**
  sensitiveHeaders: Cookie,Set-Cookie
  url: http://localhost:9001
Share:
13,660
Erikson Murrugarra
Author by

Erikson Murrugarra

Software Engineer, Traveler And Musician.

Updated on June 08, 2022

Comments

  • Erikson Murrugarra
    Erikson Murrugarra about 2 years

    I am facing a problem with spring cloud Zuul proxy. I hace two microservices configured, up and running. I have a cookie in my web browser and I am using Zuul as an API Gateway, When I hit Zuul to call my Backend, Zuul is not forwarding my cookie to my Backend, It seems that Zuul is ignoring the cookie sent and my Backend is not able to retrieve this.

    Can you please help me with this issue?, I am using Spring cloud Brixton.RELEASE and spring boot 1.3.5

    Regards.

  • Erikson Murrugarra
    Erikson Murrugarra about 8 years
    Thanks for reply, Let me try your suggestion.
  • qza
    qza almost 8 years
    Take a look at ZuulProperties class. There are two ways to configure sensitive headers, one globally and for each route. Set-Cookie and Cookie are included by default. To enable them, you need to override this with something else. For example: zuul.sensitiveHeaders: Authorization
  • Privateer
    Privateer almost 8 years
    I read through the docs above, but those docs don't exactly spell out how you "override" the defaults. I didn't automatically make the assumption that if I specified a new value for sensitiveHeaders that the defaults (Cookie,Set-Cookie,Authorization) would be unset. However I can confirm that setting the value to something different does unset the default completely. Thanks @qza for the helpful tip.
  • Kieveli
    Kieveli about 5 years
    Doing this with HTTP Only Headers, such as the cookies, would allow a client to spoof security checks or modify server-side cookie data.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

When to configure zuul routes
How to create a custom Spring PropertySource that depends on a Spring Bean
Zuul with web socket
Modify request header in zuul filter
Why WireMock says that the Request not matches? Spring cloud contract
com.netflix.zuul.exception.ZuulException: Hystrix Readed time out
Config server and eureka server in same application: tries to connect to localhost:8761
Zuul route from root path
How to exclude or ignore special paths or routes from zuul routing
How to set SameSite and Secure attribute to JSESSIONID cookie