diff options
Diffstat (limited to 'modules/caddyhttp/reverseproxy/selectionpolicies.go')
| -rw-r--r-- | modules/caddyhttp/reverseproxy/selectionpolicies.go | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/modules/caddyhttp/reverseproxy/selectionpolicies.go b/modules/caddyhttp/reverseproxy/selectionpolicies.go index b56c8074c..b6f807c16 100644 --- a/modules/caddyhttp/reverseproxy/selectionpolicies.go +++ b/modules/caddyhttp/reverseproxy/selectionpolicies.go @@ -655,12 +655,22 @@ func (s CookieHashSelection) Select(pool UpstreamPool, req *http.Request, w http if err != nil { return upstream } - http.SetCookie(w, &http.Cookie{ + cookie := &http.Cookie{ Name: s.Name, Value: sha, Path: "/", Secure: false, - }) + } + isProxyHttps := false + if trusted, ok := caddyhttp.GetVar(req.Context(), caddyhttp.TrustedProxyVarKey).(bool); ok && trusted { + xfp, xfpOk, _ := lastHeaderValue(req.Header, "X-Forwarded-Proto") + isProxyHttps = xfpOk && xfp == "https" + } + if req.TLS != nil || isProxyHttps { + cookie.Secure = true + cookie.SameSite = http.SameSiteNoneMode + } + http.SetCookie(w, cookie) return upstream } |