For the sake of development I need to make NGINX drop "Secure" flag from cookie headers.
Set-Cookie:XSRF-TOKEN=zzzzzzzz-zzzz-zzzz-zzzz-zzzzzzz; Path=/; Secure
should become
Set-Cookie:XSRF-TOKEN=zzzzzzzz-zzzz-zzzz-zzzz-zzzzzzz; Path=/;
For each Set-Cookie header. I am creating a reverse-proxy configuration to decouple development server from the UI and since upstream is running behind HTTPS while NGINX is running on plain HTTP, browser refuses to send cookies back.