Please help me save our internal app from cookies set at subdomains in our company!

Our Nodejs Express application is seeing 400 bad request responses and 413 request header too large because of cookies that it does not create. These errors can create really unexpected app behavior for users. These cookies were created by other applications i.e. otherapp.mycompany.com sometimes that have domains .company.com but sometimes have domains like otherapp.mycompany.com. These cookies are tagging along in my applications header and wreaking havoc. What is the best practice here? I don't have the ability to get them to change their same-site settings or set CORS. Theres too many of them. This is a app with ~4-10k internal users. It runs on two 2 gb mem load balanced nodes. Should I set up a middleware to basically parse each request to manually remove cookies set by sites different from origin save for a few select cookies we actually need? Is there a more elegant solution?
1 Reply
sparksupwardsfly
sparksupwardsflyOP8mo ago
I'm also not sure why cookies are being added from otherapp-company.com Thank you that's a good idea We have an express server rn that serves the react app. I was thinking to write a Middleware to strip the cookies. Do you think adding an nginx layer in front of my express server is worth it just for this purpose of cookie stripping?
Want results from more Discord servers?
Add your server