[1759] Ingress affinity session cookie with Secure flag for HTTPS

Signed-off-by: Fabian Topfstedt <topfstedt@schneevonmorgen.com>
2018-12-04 10:51:52 +01:00 · 2018-12-04 10:51:52 +01:00 · 1e31767b51
commit 1e31767b51
parent 184eef84d5
2 changed files with 3 additions and 2 deletions
--- a/rootfs/etc/nginx/lua/balancer/sticky.lua
+++ b/rootfs/etc/nginx/lua/balancer/sticky.lua
@ -54,6 +54,7 @@ local function set_cookie(self, value)
    path = cookie_path,
    domain = ngx.var.host,
    httponly = true,
+    secure = ngx.var.https == "on",
  }

  if self.cookie_expires and self.cookie_expires ~= "" then
--- a/rootfs/etc/nginx/lua/test/balancer/sticky_test.lua
+++ b/rootfs/etc/nginx/lua/test/balancer/sticky_test.lua
@ -40,7 +40,7 @@ end

 describe("Sticky", function()
  before_each(function()
-    mock_ngx({ var = { location_path = "/", host = "test.com" } })
+    mock_ngx({ var = { location_path = "/", host = "test.com", https = "on" } })
  end)

  after_each(function()
@ -102,7 +102,6 @@ describe("Sticky", function()
      cookie.new = mocked_cookie_new
    end)

-
    context("when client doesn't have a cookie set and location is in cookie_locations", function()
      it("picks an endpoint for the client", function()
        local sticky_balancer_instance = sticky:new(test_backend)
@ -122,6 +121,7 @@ describe("Sticky", function()
              assert.equal(payload.path, ngx.var.location_path)
              assert.equal(payload.domain, ngx.var.host)
              assert.equal(payload.httponly, true)
+              assert.equal(payload.secure, true)
              return true, nil
            end,
            get = function(k) return false end,