copyProxyResHeadersToUserRes overwrites Set-Cookie headers that have already been set by previous middleware

[fabb]

We have some middlewares before the proxy middleware to handle setting cookies (like authentication and others).
We set cookies like this in previous middlewares: res.cookie('name', 'value').

Responses that are proxies do not contain these Set-Cookie headers though. Other headers seem to pass fine.

We do not use userResHeaderDecorator.

express-http-proxy should not remove any Set-Cookie headers that have already been set on the response object.

[fabb]

The problem is this line: https://github.com/villadora/express-http-proxy/blob/master/app/steps/copyProxyResHeadersToUserRes.js#L13

It looks like if the proxied backend returns Set-Cookie header, it overwrites these headers if they were already set on the user response object.

The problem is that there is no workaround using userResHeaderDecorator because copyProxyResHeadersToUserRes runs before it and already deleted the headers.

[monkpow]

@fabb Thanks for the detailed report and fix. I'll review this week.

[fabb]

@monkpow friendly reminder 🙂

[fabb]

@monkpow friendly reminder, plz review :-)