Cross-Domain Cookie Proxy Service

Build a proxy middleware service that forwards requests to a backend API and ensures that cookies returned from the backend can be properly set in the browser, regardless of domain differences.

Requirements

Create a proxy middleware that:

1. Forwards all requests matching /api/* to a backend server
2. Intercepts responses from the backend server
3. Modifies response headers to remove domain restrictions from cookies so they work across different domains
4. Returns the modified response to the client

The solution should handle:

• Responses with a single Set-Cookie header
• Responses with multiple Set-Cookie headers (as an array)
• Cookie headers that contain Domain= attributes that need to be removed

Test Cases

Single cookie with domain attribute

• Given a backend response with Set-Cookie: session=abc123; Domain=backend.com; Path=/, when proxied, the domain attribute should be removed resulting in Set-Cookie: session=abc123; Path=/ @test

Multiple cookies with domain attributes

• Given a backend response with multiple Set-Cookie headers each containing domain attributes, when proxied, all domain attributes should be removed from all cookies @test

Cookie without domain attribute

• Given a backend response with Set-Cookie: token=xyz789; Path=/; HttpOnly (no domain), when proxied, the cookie should remain unchanged @test

Implementation

@generates

API

/**
 * Creates a proxy middleware that forwards requests and removes domain
 * attributes from response cookies.
 *
 * @param {object} options - Configuration options
 * @param {string} options.target - The backend server URL to proxy requests to
 * @returns {Function} Express/Connect middleware function
 */
function createCookieProxy(options) {
  // Implementation here
}

module.exports = { createCookieProxy };

Dependencies { .dependencies }

http-proxy-middleware { .dependency }

Provides HTTP proxy middleware functionality with response interception support.