Apigee truncates multiple 'set-cookie' response headers

Hello,


I have the NodeJS (Trireme) application deployed to Apigee private cloud which internally uses 'express' and https://www.npmjs.com/package/express-http-proxy to forward request to the backend. Backend responds with multiple 'set-cookie' headers. But client receives only one (I believe last one in the list).

Expected: client should receive all headers without truncation.

I did the additional investigations. Added logging and tried to use 'trace tool'. In logs I see that in NodeJS layer response contains all expected cookies

But in 'trace tool' I see that response sent to client contains only last value of multiple 'set-cookie' headers. All other were truncated.

Next step in my investigations was to run this code locally using locally installed Trireme v0.8.9. Issue is not reproducible - API client receives all headers.

I believe Apigee truncates response headers if the name is not unique. At least it is related to 'set-cookie'
Could you please help with this issue?

0 6 1,571
6 REPLIES 6

Show me specifically the Set-Cookie headers please.

Thank you for reply. I'm not ignoring your question - just propose the very simple example instead.

Multiple 'if/else' is just an attempt to set multiple cookies using different variants.

In all cases when I run this on Apigee I see only 1 (the last) cookie in response. When I run this locally on Trireme I see 'set-cookie' twice as expected.

So this is a problem which I'm investigating: I expect to see both cookies in response. Any ideas what is wrong with code or Apigee?

var http = require('http');

console.log('node.js application starting...');

var svr = http.createServer(function (req, res) {

    var variant;
    if (req.url === '/write-head') {
        variant = 'res.writeHead';

        res.writeHead(200, [
            ['Set-Cookie', 'mycookie1=value1'],
            ['Set-Cookie', 'mycookie2=value2']
        ]);
    } else if (req.url === '/set-header-array') {
        variant = 'res.setHeader array';

        res.setHeader('Set-Cookie', ['mycookie1=value1', 'mycookie2=value2']);

    } 

    res.end('set cookies using: ' + variant);

});

svr.listen(9000, function () {
    console.log('Node HTTP server is listening');
});


ok, let me look.

btw, are you aware that Trireme is being deprecated?

I will try your code in a Hosted Target.

Just tested this in a hosted target.

$ curl -i https://$ORG-$ENV.apigee.net/multiple-headers/writeHead
HTTP/1.1 200 OK
Date: Fri, 30 Aug 2019 15:04:40 GMT
Content-Type: text/html
Content-Length: 28
Connection: keep-alive
Set-Cookie: mycookie1=value1
Set-Cookie: mycookie2=value2
Expires: Fri, 30 Aug 2019 15:04:40 GMT
Cache-Control: private


set cookies using: writeHead


$ curl -i https://$ORG-$ENV.apigee.net/multiple-headers/setHeader
HTTP/1.1 200 OK
Date: Fri, 30 Aug 2019 15:04:46 GMT
Content-Type: text/html
Content-Length: 28
Connection: keep-alive
Set-Cookie: mycookie1=value1
Set-Cookie: mycookie2=value2
Expires: Fri, 30 Aug 2019 15:04:46 GMT
Cache-Control: private


set cookies using: setHeader

This is the code I used

var http = require('http');
console.log('node.js application starting...');
var svr = http.createServer(function (req, res) {

    var variant = 'none';
    if (req.url === '/writeHead') {
        variant = 'writeHead';
        res.writeHead(200, [
            ['Set-Cookie', 'mycookie1=value1'],
            ['Set-Cookie', 'mycookie2=value2']
        ]);
    } else if (req.url === '/setHeader') {
        variant = 'setHeader';
        res.statusCode = 200;
        res.setHeader('Set-Cookie', ['mycookie1=value1', 'mycookie2=value2']);
    }

    res.end('set cookies using: ' + variant);

});

svr.listen(9000, function () {
    console.log('Node HTTP server is listening');
});

Not sure about trireme. Trireme runs an old version of node and possibly has an old version of http module that does not correctly handle multiple-valued headers.

If it is a problem in trireme, Because trireme is being deprecated, as of 6 weeks from now, Apigee engineering won't dedicate any resources to correcting this.

Thank you for your efforts, Dino-at-Google

Yes, I know that Trireme is deprecated but some customers still use it and need a time for migration.

Would like to clarify that it is incorrect to say that it is the Trireme issue. It is the 'Trieme in Apigee' issue. I have run Trieme 0.8.9 locally and problem is not reproducible.

Just to clarify, this is not a blocker for me anymore.

In specific case when I have the multiple 'set-cookie' from backend I just need a simple proxy. I combined Script and Http targets in one Apigee proxy. And use Http backend target for this specific case and it works as expected.

So no fix or workaround to do this with Trireme. Just avoid Trireme. Simple reverse proxy works fine.