Setting Response Header Set-Cookie: Secure;HttpOnly


What's the proper way to set Reponse Header Set-Cookie: Secure;HttpOnly. I want to force all cookies to utilize secure and httponly.

I'm using traefik version 1.7.19 and docker-compose labels to set headers.

I'm using

"traefik.frontend.headers.customResponseHeaders=Set-Cookie:Secure;HttpOnly" which works but it seems to replace any cookies being set by the application with a blank cookie name and the value to be "secure"

@playermanny2 did you fix this issue. If so, could you share the solution. I'm having the same issue and would like to understand on how to append "Secure;HttpOnly" flags to the existing cookies.

@playermanny2 Were you able to solve this issue?

Hey Guys, Here is the ticket that i raised.

TL;DR - There is an open proposal to implement this. Workaround would be to configure your backend application to add the secure flag or implementing your own plugin.