On 10/27/20 5:24 AM, Scott wrote: > Given that the browser <-> Squid traffic is HTTPS, is there a way to get > squid to add the "secure" attribute to cookies? At least for testing it > clarify what's going on. If Squid sees decrypted/plain HTTP messages, then it is possible to adapt HTTP response headers. The following page has a good introduction: https://wiki.squid-cache.org/SquidFaq/ContentAdaptation * Custom eCAP or ICAP services can definitely do that. * In some cases, it is also possible to adapt headers using squid.conf directives like reply_header_replace , but those features may not have enough support to add a Cookie attribute. If they do not, perhaps that is something we can improve, but I did not investigate the details. * Just for _testing_ your hypothesis, temporary hacking Squid code to add the desired attribute may be the best solution. HTH, Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
