Is there a way to modify the cookies before it gets proxied?

[florianwachs]

Hi there, first, thanks for YARP, this is such an awesome project!

I`m quite new to working with reverse proxies so please forgive my mistakes describing my "issue".

I have a working implementation of my usecase using YARP. The destination has problems with cookies, so I used the "RequestHeaderRemove" to remove the cookie header. This works. Finally my question:

instead of removing the Cookie Header all together, I would love to inspect the cookies and remove only certain cookies (in the concrete case I want to remove only ASP.NET Auth cookies). Is there a way to do that? I looked at a CustomTransformer from the direct forwarding example and inspected the HttpRequestMessage proxyRequest, but there is no way to set or modify cookies.

Any hint that points me in a direction to check on my own would be great.

Thank you very much and have a great day.

[Tratcher]

You're on the right track with the CustomTransformer. A similar sample is here:

reverse-proxy/samples/ReverseProxy.Transforms.Sample/Startup.cs

Lines 48 to 55 in ad6ee6a

	transformBuilderContext.AddRequestTransform(async transformContext =>
	{
	// AuthN and AuthZ will have already been completed after request routing.
	var ticket = await transformContext.HttpContext.AuthenticateAsync("token");
	var tokenService = transformContext.HttpContext.RequestServices.GetRequiredService<TokenService>();
	var token = await tokenService.GetAuthTokenAsync(ticket.Principal);
	transformContext.ProxyRequest.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);
	});

but there is no way to set or modify cookies.

The cookies are just a non-special header in the request headers collection, you can call TryGetValues to get the current cookies, Remove("Cookies") to drop everything, and Add or TryAddWithoutValidation to re-set the header with your modified cookies.

[florianwachs]

Thanks just what I need, thanks so much for this details answer! have a great day.