Is it possible to modify cookies when using nginx as a reverse proxy similar to what Set-Cookie does in apache?
I have a web application that sets session cookies and I wish to append the HttpOnly flag to them before they are served by nginx. Unfortunatly I cannot modify the source code of the application to do it there.
You can always use add_header to add one, but even if you parse cookies coming down from backend looking at the http_cookie variable, you won't be able to modify them using vanilla nginx.
What you could use however is the 3rd-party Lua module. The link provided by Kyle Sith has an answer containg a small code snippet manipulating cookies (https://serverfault.com/a/448887/140131).
