Forum Discussion
Lee_Sutcliffe
Jul 25, 2017Nacreous
Try this... HTTP::cookie secure should return "enable" if it's been set according to the Wiki but I've not tested the output myself
https://devcentral.f5.com/Wiki/iRules.HTTP__cookie.ashx
when HTTP_RESPONSE {
set unsafe_cookie_headers [HTTP::header values "Set-Cookie"]
if { not ([string tolower [HTTP::cookie value]] starts_with "XSRF-TOKEN") && ([HTTP::cookie secure] eq "enable" )} {
HTTP::header remove "Set-Cookie"
foreach set_cookie_header $unsafe_cookie_headers {
HTTP::header insert "Set-Cookie" "${set_cookie_header}; Secure; HttpOnly"
} else {
return
}
}
}