https://bz.apache.org/bugzilla/show_bug.cgi?id=63771
Bug ID: 63771
Summary: A way to strip 'Secure' From the cookie
Product: Tomcat 8
Version: 8.5.46
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: a...@gentoo.org
Target Milestone: ----
Hello,
we have the following situations:
nginx listen on port 80 and 443, and there is a proxy_pass to tomcat. Tomcat is
not on the same machine so the traffic between nginx and tomcat is encrypted by
using tomcat on ssl.
We need to leave nginx listen on 80 because there are some embebbed devices
that do not support SSL, so they will fail on 443.
The issue, for us, is that if you try to connect to 80 with a browser, the
'set-cookie' header contains 'Secure' added by tomcat, so it will fail in plain
text.
We were able to fix the issue as described here:
https://serverfault.com/questions/853228/nginx-reverse-proxy-remove-secure-from-cookies
Would be great to have a feature to strip the 'Secure' object added to the
header (unless I failed to search and already exists)
Thanks in advance
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
