When a request is forwarded through a post-function plugin, the Cookie header passed from the browser is not retained, causing authorization errors on the upstream service.
How to retain the browser Cookie header when forwarding requests through the Post-Function plugin
How can I ensure that a request forwarded through a Kong Gateway Post-Function plugin retains the cookie passed from the browser?
The Cookie header isn’t propagated to the upstream service automatically.
Use a Pre-Function plugin to capture it into kong.ctx.shared, then a Post-Function plugin to set it on the upstream request.
Problem
Cause
The request handling does not propagate the Cookie header to the upstream service.
Solution
Use a Pre-Function plugin and a Post-Function plugin together to capture and forward the Cookie header.
-
Use the Pre-Function plugin to store the
Cookiein a shared context (kong.ctx.shared).Capture the
Cookieheader from the incoming request and store it in the shared context. This makes theCookieavailable across different phases of request processing.kong.ctx.shared.cookie = kong.request.get_header("Cookie")Or, to capture a specific cookie by name instead of the entire header:
kong.ctx.shared.session_cookie = ngx.var.cookie_session -
Retrieve the
Cookiefrom the shared context in the Post-Function plugin and set it as a header on the upstream request.In the Post-Function plugin, retrieve the
Cookiefrom the shared context and set it as a header in the request being forwarded to the upstream service.kong.service.request.set_header("Cookie", kong.ctx.shared.cookie)
This approach ensures that the Cookie passed from the browser is retained and forwarded correctly through the Post-Function plugin, allowing the upstream service to authenticate and authorize the request.
Because kong.ctx.shared is scoped to the current request, cookies from concurrent requests are handled without interference.
Warning: This code snippet is a basic example and requires review before you implement it in any environment. Do not use this code as-is; review and test this code thoroughly before using it in any environment. Depending on your requirements, you may need to add error handling or additional logic.