sparksupwardsfly
TTCTheo's Typesafe Cult
•Created by sparksupwardsfly on 4/28/2024 in #questions
Please help me save our internal app from cookies set at subdomains in our company!
Our Nodejs Express application is seeing 400 bad request responses and 413 request header too large because of cookies that it does not create. These errors can create really unexpected app behavior for users.
These cookies were created by other applications i.e. otherapp.mycompany.com sometimes that have domains .company.com but sometimes have domains like otherapp.mycompany.com. These cookies are tagging along in my applications header and wreaking havoc.
What is the best practice here?
I don't have the ability to get them to change their same-site settings or set CORS. Theres too many of them.
This is a app with ~4-10k internal users. It runs on two 2 gb mem load balanced nodes. Should I set up a middleware to basically parse each request to manually remove cookies set by sites different from origin save for a few select cookies we actually need?
Is there a more elegant solution?
5 replies