This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Removing "Set-Cookie" response header

Posted on 02-09-2017 01:55 AM
gauravjain_59
New Member
Reply posted on --/--/---- --:-- AM

I'm trying to remove the "Set-Cookie" : header from the response.

I tried removing it using an Assign Message Policy in the Proxy Endpoints' PreFlow but it didn't do it.

Then tried the same in PostFlow and then in TargetEndPoints' pre/post flow - still didn't work.

Also see the screenshot where I want the policy to be executed

removeheaderfromresponse.png

Here's the policy I have in place:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage async="false" continueOnError="false" enabled="true" name="AM-RemoveResponseSetCookieHeader">
    <DisplayName>AM-RemoveResponseSetCookieHeader</DisplayName>
    <AssignTo createNew="false" transport="http" type="response"/>
    <Properties/>
    <Remove>
        <Headers>
            <Header name="Set-Cookie"/>
        </Headers>
    </Remove>
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
</AssignMessage>
Solved Solved
0 1 7,013
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
omidt
Staff
Reply posted on --/--/---- --:-- AM

Hi @GAURAV. A few suggestions...

  1. Please could you ensure this AM policy is attached as a step inside the <Response> element of your Proxy Endpoint. The screenshot you've shared unfortunately does not show the attachment. FWIW, you're fine attaching this particular policy to either the Proxy or Target endpoint; it just has to be in the response flow.
  2. In the interests of troubleshooting only, please try removing this header using a JS policy. I'm not suggesting this as your permanent fix. The snippet below should do the trick.
  3. Please note that, according to the defined standards specification of Cookies (RFC 6265), a server may respond with multiple Set-Cookie headers. In this case, please see this page of the documentation for a note regarding multiple headers and how they can be handled.
// remove Set-Cookie header from response
context.removeVariable('response.header.Set-Cookie');

// in the case of multiple Set-Cookie headers, specify which instance
context.removeVariable('response.header.Set-Cookie.1');
context.removeVariable('response.header.Set-Cookie.2'); // etc.

Based on the information you've provided so far, everything else appears to be fine.

View solution in original post

Jump to Solution
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
omidt
Staff
Reply posted on --/--/---- --:-- AM

Hi @GAURAV. A few suggestions...

  1. Please could you ensure this AM policy is attached as a step inside the <Response> element of your Proxy Endpoint. The screenshot you've shared unfortunately does not show the attachment. FWIW, you're fine attaching this particular policy to either the Proxy or Target endpoint; it just has to be in the response flow.
  2. In the interests of troubleshooting only, please try removing this header using a JS policy. I'm not suggesting this as your permanent fix. The snippet below should do the trick.
  3. Please note that, according to the defined standards specification of Cookies (RFC 6265), a server may respond with multiple Set-Cookie headers. In this case, please see this page of the documentation for a note regarding multiple headers and how they can be handled.
// remove Set-Cookie header from response
context.removeVariable('response.header.Set-Cookie');

// in the case of multiple Set-Cookie headers, specify which instance
context.removeVariable('response.header.Set-Cookie.1');
context.removeVariable('response.header.Set-Cookie.2'); // etc.

Based on the information you've provided so far, everything else appears to be fine.

Jump to Solution
0 Likes