I’d like to add Secure and HttpOnly to all cookies, when these securities are not already set by backend app, but I can’t find the way to do this properly.
Add is OK, but on cookies which have these notions, I have them twice (my acl doesn’t seems to work)
Even on a single cookie, I can’t figure how to do this
I’ve tried as shown in documentation
acl secured_cookie res.cook(JSESSIONID),lower -m sub secure acl httponly_cookie res.cook(JSESSIONID),lower -m sub httponly http-response replace-header Set-Cookie (.*) \1;\ Secure if !secured_cookie http-response replace-header Set-Cookie (.*) \1;\ HttpOnly if !httponly_cookie
but when I curl URL, I have this cookie in header
set-cookie: JSESSIONID=BED876AD41ED3F0367F986921AE83711; Path=/cas; Secure; HttpOnly; Secure; HttpOnly
Ideally, I’d like to do this on all cookies.
Any help would be appreciated