git.kaiwu.me - haproxy.git/commit

author	Matthieu Guegan <mguegan@virtua.ch>
	Mon, 5 Dec 2016 10:35:54 +0000 (11:35 +0100)
committer	Willy Tarreau <w@1wt.eu>
	Mon, 5 Dec 2016 18:27:48 +0000 (19:27 +0100)
commit	35088f960de9e3331573d118adbbe956c7fbbf7d
tree	ab1361930c1b77a6f702a21359dedc19de67021e	tree \| snapshot
parent	f25e8e56b4c591df1b2dfb2421fdcd94de31c41f	commit \| diff

BUG/MINOR: http: don't send an extra CRLF after a Set-Cookie in a redirect

By investigating a keep-alive issue with CloudFlare, we[1] found that
when using the 'set-cookie' option in a redirect (302) HAproxy is adding
an extra `\r\n`.

Triggering rule :

`http-request redirect location / set-cookie Cookie=value if [...]`

Expected result :

```
HTTP/1.1 302 Found
Cache-Control: no-cache
Content-length: 0
Location: /
Set-Cookie: Cookie=value; path=/;
Connection: close
```

Actual result :

```
HTTP/1.1 302 Found
Cache-Control: no-cache
Content-length: 0
Location: /
Set-Cookie: Cookie=value; path=/;

Connection: close
```

This extra `\r\n` seems to be harmless with another HAproxy instance in
front of it (sanitizing) or when using a browser. But we confirm that
the CloudFlare NGINX implementation is not able to handle this. It
seems that both 'Content-length: 0' and extra carriage return broke RFC
(to be confirmed).

When looking into the code, this carriage-return was already present in
1.3.X versions but just before closing the connection which was ok I
think. Then, with 1.4.X the keep-alive feature was added and this piece
of code remains unchanged.

[1] all credit for the bug finding goes to CloudFlare Support Team

[wt: the bug was indeed present since the Set-Cookie was introduced
in 1.3.16, by commit 0140f25 ("[MINOR] redirect: add support for
"set-cookie" and "clear-cookie"") so backporting to all supported
versions is desired]