我有一个cookie,我需要在Javascript中阅读,所以我需要从它删除cookie的httponly部分。
这是我需要修改的cookie:
Set-Cookie: wordpress_c3d46b752402579c18e981091b8c940c=admin%7C1463963639%7CWsIehTVJh4%7C7ee6e8117b6b; expires=Mon, 23-May-2016 12:33:59 GMT; Max-Age=1252800; path=/wp-content/plugins; domain=.example.org; HttpOnly 我只需要去掉cookie尾部的HttpOnlystring
PS:我知道我在这里引入了一个潜在的安全问题。
有Nginx的Lua模块和代码片段可以做到这一点,例如:
https://github.com/cloudflare/lua-resty-cookie
先抓取cookie:
syntax: cookie_val, err = cookie_obj:get(cookie_name)
然后你可以使用httponly false来设置它:
syntax: ok, err = cookie_obj:set({ key = "Name", value = "Bob", path = "/", domain = "example.com", secure = true, httponly = false, expires = "Wed, 09 Jun 2021 10:18:14 GMT", max_age = 50, extension = "a4334aebaec" })
这可以使用Lua:
nginx.conf:
location /foo { internal; #Do normal stuff that you will do in this location } location /bar { content_by_lua_block { response = ngx.location.capture("/foo") for cookieName, cookie in pairs(response.header["Set-Cookie"]) do #Modify cookie as needed end } }