Module for Nginx which allows to set the flags "HttpOnly", "secure" and "SameSite" for cookies.
The Nginx module for adding cookie flag
Earlier versions is not tested.
git clone git://github.com:AirisX/nginx_cookie_flag_module.git
Add the module to the build configuration by adding
--add-module=/path/to/nginx_cookie_flag_module
or
--add-dynamic-module=/path/to/nginx_cookie_flag_module
Build the nginx binary.
Install the nginx binary.
location / {
set_cookie_flag Secret HttpOnly secure SameSite;
set_cookie_flag * HttpOnly;
set_cookie_flag SessionID SameSite=Lax secure;
set_cookie_flag SiteToken SameSite=Strict;
}
This module for Nginx allows to set the flags "HttpOnly", "secure" and "SameSite" for cookies in the "Set-Cookie" upstream response headers. The register of letters for the flags doesn't matter as it will be converted to the correct value. The order of cookie declaration among multiple directives doesn't matter too. It is possible to set a default value using symbol "*". In this case flags will be added to the all cookies if no other value for them is overriden.
- | - |
---|---|
Syntax | set_cookie_flag <cookie_name|*> [HttpOnly] [secure] [SameSite|SameSite=[Lax|Strict]]; |
Default | - |
Context | server, location |
Description: Add flag to desired cookie.
Anton Saraykin [[email protected]]