diff options
author | Glenn Strauss <gstrauss@gluelogic.com> | 2020-09-07 09:11:58 -0400 |
---|---|---|
committer | Glenn Strauss <gstrauss@gluelogic.com> | 2020-10-11 12:19:26 -0400 |
commit | 05ff9c570eecd7af9f42ecd58549a155178f1b0c (patch) | |
tree | b40f367276c1391840b306ecd1182f289de5fad9 /src/http_header.c | |
parent | 37e04510c42e4b117d5c0abd100be4841044e671 (diff) | |
download | lighttpd-git-05ff9c570eecd7af9f42ecd58549a155178f1b0c.tar.gz |
[core] combine Cookie request headers with ';'
(thx avij)
clients should send a single Cookie header with multiple cookie values
separated with ';'.
https://tools.ietf.org/html/rfc6265#section-4.2.1
However, HTTP/2 loosens this requirement for Cookie.
https://tools.ietf.org/html/rfc7540#section-8.1.2
Section 8.1.2.5 Compressing the Cookie Header Field
and some HTTP/2 clients (Chrome, Firefox) send multiple
'cookie:' headers in a HEADERS frame.
Diffstat (limited to 'src/http_header.c')
-rw-r--r-- | src/http_header.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/src/http_header.c b/src/http_header.c index 0a218c95..5f206692 100644 --- a/src/http_header.c +++ b/src/http_header.c @@ -138,6 +138,15 @@ static inline void http_header_token_append(buffer * const vb, const char * cons buffer_append_string_len(vb, v, vlen); } +__attribute_cold__ +static inline void http_header_token_append_cookie(buffer * const vb, const char * const v, const uint32_t vlen) { + /* Cookie request header must be special-cased to use ';' separator + * instead of ',' to combine multiple headers (if present) */ + if (!buffer_string_is_empty(vb)) + buffer_append_string_len(vb, CONST_STR_LEN("; ")); + buffer_append_string_len(vb, v, vlen); +} + __attribute_pure__ static inline buffer * http_header_generic_get_ifnotempty(const array * const a, const char * const k, const uint32_t klen) { data_string * const ds = @@ -224,7 +233,10 @@ void http_header_request_append(request_st * const r, enum http_header_e id, con if (0 == vlen) return; if (id > HTTP_HEADER_OTHER) r->rqst_htags |= id; buffer * const vb = array_get_buf_ptr(&r->rqst_headers, k, klen); - http_header_token_append(vb, v, vlen); + if (id != HTTP_HEADER_COOKIE) + http_header_token_append(vb, v, vlen); + else + http_header_token_append_cookie(vb, v, vlen); } |