Skip to content

Commit c93c368

Browse files
Fix cookies for reencrypt routes with InsecureEdgeTerminationPolicy "Allow"
currently secure cookies are always generated for reencrypt routes this changes that to correctly create unsecured cookies when InsecureEdgeTermination policy is "Allow" Bug 1428720
1 parent a7dfbda commit c93c368

File tree

1 file changed

+4
-0
lines changed

1 file changed

+4
-0
lines changed

images/router/haproxy/conf/haproxy-config.template

+4
Original file line numberDiff line numberDiff line change
@@ -448,7 +448,11 @@ backend be_secure_{{$cfgIdx}}
448448
http-request set-header X-Forwarded-Proto https if { ssl_fc }
449449
http-request set-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)]
450450
{{ if not (matchPattern "true|TRUE" (index $cfg.Annotations "haproxy.router.openshift.io/disable_cookies")) }}
451+
{{ if ne $cfg.InsecureEdgeTerminationPolicy "Allow" }}
451452
cookie {{$cfg.RoutingKeyName}} insert indirect nocache httponly secure
453+
{{ else }}
454+
cookie {{$cfg.RoutingKeyName}} insert indirect nocache httponly
455+
{{ end }}
452456
{{ end }}
453457
{{ range $serviceUnitName, $weight := $cfg.ServiceUnitNames }}
454458
{{ if ne $weight 0 }}

0 commit comments

Comments
 (0)