NGINX as Proxy: Rewrite Set-Cookie to Secure and HttpOnly

As I have to deal with nginx lately (Which is quite a nice piece of software, but not easy to configure), I was faced with the problem of securing a backend application. One of this goals was to add the Cookie attributes "secure" and "HttpOnly". 

My solution assumes that the path of the cookie equals "/". So if it does not in your case, you might want to adapt it. Put this just next to your proxy configuration.

proxy_cookie_path / "/; secure; HttpOnly";

Leave a Comment

comments powered by Disqus