JS middleware doesn't seem to set headers?

I have a few js middlewares that I’m using in both pre- and post-processing scenarios. I know they’re being called, because log messages show up successfully in the logs, but for some reason, I only seem to be able to set a single cookie, one time, in the pre-processing middleware. If I try to do request.ReturnOverrides.ResponseHeaders in the post-processing middleware, nothing ever sets, not arbitrary headers, not “Set-Cookie”, nothing. Any ideas as to what I’m doing wrong??

Hi @daisieh,

Looks like you need to set a response code since you intend to terminate the request there.

if (tokenCookie != undefined) {
            var refreshToken = tokenCookie.split("=")[1];
            result = exchangeRefreshTokenForIdToken(refreshToken, request, spec);
            if (result != undefined) {
                request.ReturnOverrides.ResponseCode = <some-code>
                request.ReturnOverrides.ResponseHeaders = {
                    "Set-Cookie": result
                }
                return frontendAuthMiddleware.ReturnData(request, session.meta_data);
            }
        }

Is setting ReturnOverrides.ResponseHeaders the best way to set a cookie value in the first place? I can’t tell if that’s my only option here.

Yes, since you intend to finish the request lifecycle and return a response with custom payload & headers to the requestor. [1]

Did setting the response code at that point work for you?
In my tests, I find that the request is not terminated if responseCode is not set, but is proxied upstream and request.ReturnOverrides.ResponseHeaders is ignored.

I think that the problem is that I do want to pass the request upstream; I just also want to update this cookie value. Is there a way to do that?

Yes certainly. Add a request header using this instead:
request.SetHeaders["Set-Cookie"] = result

ReturnOverrides are useful if you intend to finish the request lifecycle at a point

I feel like I’m going in circles! When I do that, the cookie value doesn’t update.

What’s your GW version?
Are you able to share your API definition?

We’re running 3.2.3, and the api definition is as follows:

{
    "api_id": "41",
    "name": "candig-data-portal",
    "use_openid": true,
    "active": true,
    "slug": "candig-data-portal",

    "enable_signature_checking": false,

    "jwt_issued_at_validation_skew": 0,
    "jwt_expires_at_validation_skew": 0,
    "upstream_certificates": {},
    "use_keyless": false,
    "enable_coprocess_auth": false,
    "base_identity_provided_by": "",
    
    "proxy": {
        "target_url": "http://candig-data-portal:3000",
        "strip_listen_path": true,
        "disable_strip_slash": false,
        "listen_path": "/",
        "transport": {
            "ssl_insecure_skip_verify": false,
            "ssl_ciphers": [],
            "ssl_min_version": 0,
            "proxy_url": ""
        },
        "target_list": [],
        "preserve_host_header": false
    },

    "version_data": {
        "not_versioned": true,
        "versions": {
            "Default": {
            "name": "Default",
            "use_extended_paths": true
            }
        },
        "extended_paths": {
            "ignored": [
                {
                    "path": "/auth/login",
                    "method_actions": {
                        "GET": {
                            "action": "no_action",
                            "code": 200,
                            "headers": {}
                        }
                    }
                }
            ]
        }
    },
    "custom_middleware": {
        "pre": [
                {
                "name": "frontendAuthMiddleware",
                "path": "/opt/tyk-gateway/middleware/frontendAuthMiddleware.js",
                "require_session": false
            }
            ],
        "post": [
            {
                "name": "permissionsStoreMiddleware",
                "path": "/opt/tyk-gateway/middleware/permissionsStoreMiddleware.js",
                "require_session": true
            }
        ],
        "id_extractor": {
            "extract_with": "",
            "extract_from": "",
            "extractor_config": {}
        },
        "driver": "",
        "auth_check": {
            "path": "",
            "require_session": false,
            "name": ""
        },
        "post_key_auth": [],
        "response": []
    },
    
    "config_data": {
        "SESSION_ENDPOINTS": [
            "/data-portal"
        ],
        "TYK_SERVER": "http://docker.localhost:5080",
        "KEYCLOAK_SECRET": "4214ef5b-4786-4608-826a-2c33d9c67f38",
        "KEYCLOAK_REALM": "candig",
        "KEYCLOAK_CLIENT_ID": "local_candig",
        "KEYCLOAK_PRIVATE_URL": "http://docker.localhost:8080",
        "VAULT_SERVICE_URL":"http://vault:8200",
        "VAULT_SERVICE_RESOURCE":"/v1/auth/jwt/login",
        "VAULT_ROLE":"researcher"
    },
    "openid_options": {
    "segregate_by_client": false,
    "providers": [
            {
                "issuer": "http://docker.localhost:8080/auth/realms/candig",
                "client_ids": {
                    "bG9jYWxfY2FuZGln": "candig_policy"
                }
            }
        ]
    },


    "definition": {
        "location": "header",
        "key": "x-api-version"
    },


    "internal": false,
    "jwt_skip_kid": false,
    "enable_batch_request_support": false,
    "response_processors": [],
    "use_mutual_tls_auth": false,
    "basic_auth": {
        "disable_caching": false,
        "cache_ttl": 0,
        "extract_from_body": false,
        "body_user_regexp": "",
        "body_password_regexp": ""
    },
    "use_standard_auth": false,
    "session_lifetime": 0,
    "use_oauth2": false,
    "jwt_source": "",
    "jwt_signing_method": "",
    "jwt_not_before_validation_skew": 0,
    "jwt_identity_base_field": "",

    "session_provider": {
        "name": "",
        "storage_engine": "",
        "meta": {}
    },

    "auth": {
        "use_param": false,
        "param_name": "",
        "use_cookie": false,
        "cookie_name": "",
        "auth_header_name": "",
        "use_certificate": false,
        "validate_signature": false,
        "signature": {
            "algorithm": "",
            "header": "",
            "secret": "",
            "allowed_clock_skew": 0,
            "error_code": 0,
            "error_message": ""
        }
    }
}

Apologies, the gateway logs as well, when you call the API. With log_level set to debug.

Apologies for the excess logging: I wasn’t sure how much you needed.

time="Nov 16 20:43:51" level=debug msg=Started api_id=41 api_name=candig-data-portal mw=DynamicMiddleware org_id= origin=10.10.1.1 path="/" ts=1668631431897749395
time="Nov 16 20:43:51" level=debug msg="Running: frontendAuthMiddleware" api_id=41 api_name=candig-data-portal mw=DynamicMiddleware org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:51" level=info msg="Running Frontend Authorization JSVM middleware " prefix=jsvm type=log-msg
time="Nov 16 20:43:51" level=debug msg="JSVM middleware execution took: (ns) 5318001" api_id=41 api_name=candig-data-portal mw=DynamicMiddleware org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:51" level=debug msg=Finished api_id=41 api_name=candig-data-portal code=666 mw=DynamicMiddleware ns=5671925 org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:51" level=debug msg=Started api_id=11 api_name=authentication mw=VersionCheck org_id= origin=10.10.1.1 path="/auth/login" ts=1668631431910867561
time="Nov 16 20:43:51" level=debug msg=Finished api_id=11 api_name=authentication code=200 mw=VersionCheck ns=62799 org_id= origin=10.10.1.1 path="/auth/login"
time="Nov 16 20:43:51" level=debug msg=Started api_id=11 api_name=authentication mw=RateCheckMW org_id= origin=10.10.1.1 path="/auth/login" ts=1668631431910987759
time="Nov 16 20:43:51" level=debug msg=Finished api_id=11 api_name=authentication code=200 mw=RateCheckMW ns=161962 org_id= origin=10.10.1.1 path="/auth/login"
time="Nov 16 20:43:51" level=debug msg=Started api_id=11 api_name=authentication mw=OrganizationMonitor org_id= origin=10.10.1.1 path="/auth/login" ts=1668631431911166166
time="Nov 16 20:43:51" level=debug msg="Error trying to get value:redis: nil"
time="Nov 16 20:43:51" level=debug msg="Could not get session detail, key not found" err="key not found" inbound-key=-- prefix=auth-mgr
time="Nov 16 20:43:51" level=debug msg=Finished api_id=11 api_name=authentication code=200 mw=OrganizationMonitor ns=517613 org_id= origin=10.10.1.1 path="/auth/login"
time="Nov 16 20:43:51" level=debug msg=Started api_id=11 api_name=authentication mw=VirtualEndpoint org_id= origin=10.10.1.1 path="/auth/login" ts=1668631431911801356
time="Nov 16 20:43:51" level=debug msg="Running: loginHandler" api_id=11 api_name=authentication mw=VirtualEndpoint org_id= origin=10.10.1.1 path="/auth/login"
time="Nov 16 20:43:51" level=info msg="Virtual Login Handler" prefix=jsvm type=log-msg
time="Nov 16 20:43:51" level=debug msg="JSVM Virtual Endpoint execution took: (ns) 5854978" api_id=11 api_name=authentication mw=VirtualEndpoint org_id= origin=10.10.1.1 path="/auth/login"
time="Nov 16 20:43:51" level=debug msg=Finished api_id=11 api_name=authentication code=666 mw=VirtualEndpoint ns=6108837 org_id= origin=10.10.1.1 path="/auth/login"
time="Nov 16 20:43:56" level=debug msg=Started api_id=11 api_name=authentication mw=VersionCheck org_id= origin=10.10.1.1 path="/auth/login" ts=1668631436514717198
time="Nov 16 20:43:56" level=debug msg=Finished api_id=11 api_name=authentication code=200 mw=VersionCheck ns=132059 org_id= origin=10.10.1.1 path="/auth/login"
time="Nov 16 20:43:56" level=debug msg=Started api_id=11 api_name=authentication mw=RateCheckMW org_id= origin=10.10.1.1 path="/auth/login" ts=1668631436514982121
time="Nov 16 20:43:56" level=debug msg=Finished api_id=11 api_name=authentication code=200 mw=RateCheckMW ns=161834 org_id= origin=10.10.1.1 path="/auth/login"
time="Nov 16 20:43:56" level=debug msg=Started api_id=11 api_name=authentication mw=OrganizationMonitor org_id= origin=10.10.1.1 path="/auth/login" ts=1668631436515298785
time="Nov 16 20:43:56" level=debug msg=Finished api_id=11 api_name=authentication code=200 mw=OrganizationMonitor ns=136924 org_id= origin=10.10.1.1 path="/auth/login"
time="Nov 16 20:43:56" level=debug msg=Started api_id=11 api_name=authentication mw=VirtualEndpoint org_id= origin=10.10.1.1 path="/auth/login" ts=1668631436515491125
time="Nov 16 20:43:56" level=debug msg="Running: loginHandler" api_id=11 api_name=authentication mw=VirtualEndpoint org_id= origin=10.10.1.1 path="/auth/login"
time="Nov 16 20:43:56" level=info msg="Virtual Login Handler" prefix=jsvm type=log-msg
time="Nov 16 20:43:56" level=debug msg="JSVM Virtual Endpoint execution took: (ns) 51711324" api_id=11 api_name=authentication mw=VirtualEndpoint org_id= origin=10.10.1.1 path="/auth/login"
time="Nov 16 20:43:56" level=debug msg=Finished api_id=11 api_name=authentication code=666 mw=VirtualEndpoint ns=52305596 org_id= origin=10.10.1.1 path="/auth/login"
time="Nov 16 20:43:56" level=debug msg=Started api_id=41 api_name=candig-data-portal mw=DynamicMiddleware org_id= origin=10.10.1.1 path="/" ts=1668631436573696788
time="Nov 16 20:43:56" level=debug msg="Running: frontendAuthMiddleware" api_id=41 api_name=candig-data-portal mw=DynamicMiddleware org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=info msg="Running Frontend Authorization JSVM middleware " prefix=jsvm type=log-msg
time="Nov 16 20:43:56" level=debug msg="JSVM middleware execution took: (ns) 31725020" api_id=41 api_name=candig-data-portal mw=DynamicMiddleware org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg=Finished api_id=41 api_name=candig-data-portal code=200 mw=DynamicMiddleware ns=32104527 org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg=Started api_id=41 api_name=candig-data-portal mw=VersionCheck org_id= origin=10.10.1.1 path="/" ts=1668631436605916870
time="Nov 16 20:43:56" level=debug msg=Finished api_id=41 api_name=candig-data-portal code=200 mw=VersionCheck ns=395590 org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg=Started api_id=41 api_name=candig-data-portal mw=RateCheckMW org_id= origin=10.10.1.1 path="/" ts=1668631436606433215
time="Nov 16 20:43:56" level=debug msg=Finished api_id=41 api_name=candig-data-portal code=200 mw=RateCheckMW ns=136121 org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg=Started api_id=41 api_name=candig-data-portal mw=OrganizationMonitor org_id= origin=10.10.1.1 path="/" ts=1668631436606685317
time="Nov 16 20:43:56" level=debug msg="Error trying to get value:redis: nil"
time="Nov 16 20:43:56" level=debug msg="Could not get session detail, key not found" err="key not found" inbound-key=-- prefix=auth-mgr
time="Nov 16 20:43:56" level=debug msg=Finished api_id=41 api_name=candig-data-portal code=200 mw=OrganizationMonitor ns=697562 org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg=Started api_id=41 api_name=candig-data-portal mw=OpenIDMW org_id= origin=10.10.1.1 path="/" ts=1668631436607521680
time="Nov 16 20:43:56" level=debug msg="Setting up providers: [{http://docker.localhost:8080/auth/realms/candig map[bG9jYWxfY2FuZGln:candig_policy]}]" api_id=41 api_name=candig-data-portal mw=OpenIDMW org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg="Setting up Issuer: http://docker.localhost:8080/auth/realms/candig" api_id=41 api_name=candig-data-portal mw=OpenIDMW org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg="--> Setting up client: local_candig with policy: candig_policy" api_id=41 api_name=candig-data-portal mw=OpenIDMW org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg="Generated Session ID: fdc208053164507cae38a5577d293525" api_id=41 api_name=candig-data-portal mw=OpenIDMW org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg="Querying local cache" api_id=41 api_name=candig-data-portal mw=OpenIDMW org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg="Querying keystore" api_id=41 api_name=candig-data-portal mw=OpenIDMW org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg="Could not get session detail, key not found" err="key not found" inbound-key="****3525" prefix=auth-mgr
time="Nov 16 20:43:56" level=debug msg="Querying authstore" api_id=41 api_name=candig-data-portal mw=OpenIDMW org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg="Could not get session detail, key not found" err="key not found" inbound-key="****3525" prefix=auth-mgr
time="Nov 16 20:43:56" level=debug msg="Key does not exist, creating" api_id=41 api_name=candig-data-portal mw=OpenIDMW org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg="Policy applied to key" api_id=41 api_name=candig-data-portal mw=OpenIDMW org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg=Finished api_id=41 api_name=candig-data-portal code=200 mw=OpenIDMW ns=30046257 org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg=Started api_id=41 api_name=candig-data-portal mw=KeyExpired org_id= origin=10.10.1.1 path="/" ts=1668631436637679524
time="Nov 16 20:43:56" level=debug msg=Finished api_id=41 api_name=candig-data-portal code=200 mw=KeyExpired ns=163094 org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg=Started api_id=41 api_name=candig-data-portal mw=AccessRightsCheck org_id= origin=10.10.1.1 path="/" ts=1668631436637888197
time="Nov 16 20:43:56" level=debug msg=Finished api_id=41 api_name=candig-data-portal code=200 mw=AccessRightsCheck ns=96125 org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg=Started api_id=41 api_name=candig-data-portal mw=GranularAccessMiddleware org_id= origin=10.10.1.1 path="/" ts=1668631436638009656
time="Nov 16 20:43:56" level=debug msg=Finished api_id=41 api_name=candig-data-portal code=200 mw=GranularAccessMiddleware ns=13882 org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg=Started api_id=41 api_name=candig-data-portal mw=RateLimitAndQuotaCheck org_id= origin=10.10.1.1 path="/" ts=1668631436638040656
time="Nov 16 20:43:56" level=debug msg="[QUOTA] Quota limiter key is: quota-00000000"
time="Nov 16 20:43:56" level=debug msg="Renewing with TTL: 3600"
time="Nov 16 20:43:56" level=debug msg="Incremented key: quota-00000000, val is: 1"
time="Nov 16 20:43:56" level=debug msg="--> Setting Expire"
time="Nov 16 20:43:56" level=debug msg=Finished api_id=41 api_name=candig-data-portal code=200 mw=RateLimitAndQuotaCheck ns=619009 org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg=Started api_id=41 api_name=candig-data-portal mw=DynamicMiddleware org_id= origin=10.10.1.1 path="/" ts=1668631436638726004
time="Nov 16 20:43:56" level=debug msg="Running: permissionsStoreMiddleware" api_id=41 api_name=candig-data-portal mw=DynamicMiddleware org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=info msg="Running Permissions Store JSVM middleware" prefix=jsvm type=log-msg
time="Nov 16 20:43:56" level=info msg="username=user1" prefix=jsvm type=log-msg
time="Nov 16 20:43:56" level=debug msg="JSVM middleware execution took: (ns) 17811658" api_id=41 api_name=candig-data-portal mw=DynamicMiddleware org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg=Finished api_id=41 api_name=candig-data-portal code=200 mw=DynamicMiddleware ns=18011698 org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg="Started proxy"
time="Nov 16 20:43:56" level=debug msg="Stripping: /"
time="Nov 16 20:43:56" level=debug msg="Upstream Path is: "
time="Nov 16 20:43:56" level=debug msg=Started api_id=41 api_name=candig-data-portal mw=ReverseProxy org_id= ts=1668631436656839856
time="Nov 16 20:43:56" level=debug msg="Upstream request URL: " api_id=41 api_name=candig-data-portal mw=ReverseProxy org_id=
time="Nov 16 20:43:56" level=debug msg="Outbound request URL: http://candig-data-portal:3000" api_id=41 api_name=candig-data-portal mw=ReverseProxy org_id=
time="Nov 16 20:43:56" level=debug msg="Creating new transport" api_id=41 api_name=candig-data-portal mw=ReverseProxy org_id=
time="Nov 16 20:43:56" level=debug msg="Out request url: http://candig-data-portal:3000" api_id=41 api_name=candig-data-portal mw=ReverseProxy org_id=
time="Nov 16 20:43:56" level=debug msg=Finished api_id=41 api_name=candig-data-portal mw=ReverseProxy ns=4806201 org_id=
time="Nov 16 20:43:56" level=debug msg="Upstream request took (ms): 4.923923"
time="Nov 16 20:43:56" level=debug msg="Done proxy"