From 05ff9c570eecd7af9f42ecd58549a155178f1b0c Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Mon, 7 Sep 2020 09:11:58 -0400 Subject: [PATCH] [core] combine Cookie request headers with ';' (thx avij) clients should send a single Cookie header with multiple cookie values separated with ';'. https://tools.ietf.org/html/rfc6265#section-4.2.1 However, HTTP/2 loosens this requirement for Cookie. https://tools.ietf.org/html/rfc7540#section-8.1.2 Section 8.1.2.5 Compressing the Cookie Header Field and some HTTP/2 clients (Chrome, Firefox) send multiple 'cookie:' headers in a HEADERS frame. --- src/http_header.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/src/http_header.c b/src/http_header.c index 0a218c95..5f206692 100644 --- a/src/http_header.c +++ b/src/http_header.c @@ -138,6 +138,15 @@ static inline void http_header_token_append(buffer * const vb, const char * cons buffer_append_string_len(vb, v, vlen); } +__attribute_cold__ +static inline void http_header_token_append_cookie(buffer * const vb, const char * const v, const uint32_t vlen) { + /* Cookie request header must be special-cased to use ';' separator + * instead of ',' to combine multiple headers (if present) */ + if (!buffer_string_is_empty(vb)) + buffer_append_string_len(vb, CONST_STR_LEN("; ")); + buffer_append_string_len(vb, v, vlen); +} + __attribute_pure__ static inline buffer * http_header_generic_get_ifnotempty(const array * const a, const char * const k, const uint32_t klen) { data_string * const ds = @@ -224,7 +233,10 @@ void http_header_request_append(request_st * const r, enum http_header_e id, con if (0 == vlen) return; if (id > HTTP_HEADER_OTHER) r->rqst_htags |= id; buffer * const vb = array_get_buf_ptr(&r->rqst_headers, k, klen); - http_header_token_append(vb, v, vlen); + if (id != HTTP_HEADER_COOKIE) + http_header_token_append(vb, v, vlen); + else + http_header_token_append_cookie(vb, v, vlen); }