How to change multiples set-cookie using custom javascript policy.

Hi everyone,

I have a response from my service with a couple set-cookie attributes.

set-cookie: auth_code=abc123456789_; Path=/; Secure; SameSite=Strict
\43236+43240+43251+43260+43266+43268+43270-43272+43279+43287+43291; path=/; secure; HttpOnly
set-cookie: email=gustavo25%40gmail.com; Path=/; Secure; SameSite=Strict
set-cookie: ROUTE=.accstorefront-57d1223vpxk2; Path=/; Secure; HttpOnly; SameSite=None
set-cookie: uuid=abc123456789; Max-Age=43199; Expires=Wed, 10 Jan 2024 06:08:32 GMT; Path=/; Secure; SameSite=Strict

What I need to do is replace where I have SameSite=Strict with SameSite=None, as far as I know, the best approach is using a custom JS policy, so I did this below and added in the target postflow response.

var responseHeaders = response.headers;

if (responseHeaders["Set-Cookie"]) {
    var cookies = responseHeaders["Set-Cookie"].split("; ");

    for (var i = 0; i < cookies.length; i++) {
        cookies[i] = cookies[i].replace("SameSite=Strict", "SameSite=None");
    }

    responseHeaders["Set-Cookie"] = cookies.join("; ");
}

However, this code only changes the first set-cookie in my list, It’s as if it did not find a list from responseHeaders[“Set-Cookie”], but a single attribute.

Does someone know how to do this on Apigee? Thank you.

Why are you trying to subvert the Cookie security policy? Can you explain your real purpose?

Also Apigee is not a good tool to use for a web proxy. It’s an API Gateway. Sending regular web requests through Apigee is an antipattern. There are better tools out there to act as web proxies.

Explain what you really are trying to do, and maybe we can help further.