feat(dev-proxy): isolate local auth cookies by target (#36371)

2026-06-05 23:50:06 +08:00 · 2026-05-19 13:59:55 +08:00
parent 2031d31ee8
commit 674cdc3521
7 changed files with 275 additions and 22 deletions
@@ -187,6 +187,22 @@ export default defineDevProxyConfig({

 Set `cookieRewrite: false` to disable cookie rewriting for a route.

+When one local proxy can point to multiple online targets, use `localCookieScope: 'target-origin'`
+for auth cookies. The proxy stores configured cookies under target-specific local names,
+forwards only the active target's cookies upstream, and can override a stale frontend CSRF
+header from the active scoped cookie:
+
+```ts
+const cookieRewrite: CookieRewriteOptions = {
+  hostPrefixCookies: ['access_token', 'csrf_token', 'refresh_token'],
+  localCookieScope: 'target-origin',
+  csrfHeader: {
+    cookieName: 'csrf_token',
+    headerName: 'X-CSRF-Token',
+  },
+}
+```
+
 ## Behavior

 - The proxy preserves the matched path prefix when forwarding requests.