How can I handle cross-origin cookies within the Apigee proxy?

Not applicable

Here’s the setup of my scenario.

  • I have an Apigee proxy hosted in the domain .domainabc.net for one of my services, Service1.
  • Service1 is hosted in .domainxyz.com.
  • Service1 generates a cookie in /create request and expects it to be passed in subsequent requests.

Problem:

The client of Service1 stores the cookie for domain .domainxyz.com, hence does not send back the cookie when making the API call to the Apigee proxy on .domainabc.net. This causes the backend call to Service1 to fail.

Can this problem be handled within the Apigee proxy?

Solved Solved
0 1 2,569
1 ACCEPTED SOLUTION

Not applicable

This can be handled within the Apigee proxy by rewriting the Set-Cookie header so that it sets the Domain equal to the domain of the Apigee proxy, .domainabc.net. There may be more than one way to modify the Set-Cookie header, but here's one such way using a JavaScript Callout policy.

Using a JavaScript Callout policy within the Target Endpoint PostFlow, try the following.

var setCookie = context.getVariable("response.header.set-cookie");
setCookie = setCookie.replace(/(D|d)omain=.domainxyz.com($|;)/,"Domain=.domainabc.net");
context.setVariable("response.header.set-cookie", setCookie);

View solution in original post

1 REPLY 1

Not applicable

This can be handled within the Apigee proxy by rewriting the Set-Cookie header so that it sets the Domain equal to the domain of the Apigee proxy, .domainabc.net. There may be more than one way to modify the Set-Cookie header, but here's one such way using a JavaScript Callout policy.

Using a JavaScript Callout policy within the Target Endpoint PostFlow, try the following.

var setCookie = context.getVariable("response.header.set-cookie");
setCookie = setCookie.replace(/(D|d)omain=.domainxyz.com($|;)/,"Domain=.domainabc.net");
context.setVariable("response.header.set-cookie", setCookie);