Leading dot cookie are stripped

Found that cookies from upstream server (which us under CloudFlare protection) are stripped if their name starts with leading dot, for example .app-id=12345 .

CF doc says that: Cloudflare strips any header that contains dots (.) from origin web server responses. For example, the origin web server header test.header:data is removed by Cloudflare’s proxy., https://support.cloudflare.com/hc/en-us/articles/200170986-How-does-Cloudflare-handle-HTTP-Request-headers-

I am aware the leading dot cookies have been deprecated by RFC 6265 however is there any way to allow them in CloudFlare? I am using Free Plan.

Were you able to figure it out? I’m also having the same issue.

Hi @noitidart

We had to rewrite the cookie scheme: no dots inside names and values. CF support was busy and I got no reply besides the automatic ones. Maybe this is the best solution as we better conform to RFCs.

This topic was automatically closed after 30 days. New replies are no longer allowed.