What we want to achieve
We want to allow our REST APIs to set cookies in response to a client call (i.e. use Set-Cookie with the domain of our website)
The API Gateway receives HTTP API calls such as https:/seek.com.au/v2/job
The API Gateway sends the API requests to a backend load balancer on https://myloadbalancer/v2/job for load balancing across our farm
The backend APIs respond with a Set-Cookie header (in this example the cookie name/value is 'mycookie=123') using the original callers domain e.g. seek.com.au
However the cookie is being stripped/rejected by the API Gateway and the following message logged
WARNING org.apache.http.client.protocol.ResponseProcessCookies: Cookie rejected: "[version: 0][name: mycookie][value: 123][domain: seek.com.au][path: /][expiry: Sun Sep 18 06:34:58 UTC 2015]". Illegal domain attribute "seek.com.au". Domain of origin: "myloadbalancer"
It appear as though the HTTPClient is rejecting the Cookie as it is setting it for our domain (seek.com.au), but that does not match the URL used to send the request (i.e. to the load balancer). I cannot see how Set-Cookie will ever work!
How can we allow backend API to set cookies on HTTP responses?