upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-06-16 04:49:39 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 13
haproxy/src
History
Willy Tarreau b5d2b9e154 BUG/MEDIUM: h2: give :authority precedence over Host 
The wording regarding Host vs :authority in RFC7540 is ambiguous as it
says that an intermediary must produce a host header from :authority if
Host is missing, but, contrary to HTTP/1.1, doesn't say anything regarding
the possibility that Host and :authority differ, which leaves Host with
higher precedence there. In addition it mentions that clients should use
:authority *instead* of Host, and that H1->H2 should use :authority only
if the original request was in authority form. This leaves some gray
area in the middle of the chain for fully valid H2 requests arboring a
Host header that are forwarded to the other side where it's possible to
drop the Host header and use the authority only after forwarding to a
second H2 layer, thus possibly seeing two different values of Host at
a different stage. There's no such issue when forwarding from H2 to H1
as the authority is dropped only only the Host is kept.

Note that the following request is sufficient to re-normalize such a
request:

   http-request set-header host %[req.hdr(host)]

The new spec in progress (draft-ietf-httpbis-http2bis-03) addresses
this trouble by being a bit is stricter on these rules. It clarifies
that :authority must always be used instead of Host and that Host ought
to be ignored. This is much saner as it avoids to convey two distinct
values along the chain. This becomes the protocol-level equivalent of:

   http-request set-uri %[url]

So this patch does exactly this, which we were initially a bit reluctant
to do initially by lack of visibility about other implementations'
expectations. In addition it slightly simplifies the Host header field
creation by always placing it first in the list of headers instead of
last; this could also speed up the look up a little bit.

This needs to be backported to 2.0. Non-HTX versions are safe regarding
this because they drop the URI during the conversion to HTTP/1.1 so
only Host is used and transmitted.

Thanks to Tim Düsterhus for reporting that one.
2021-08-17 10:21:07 +02:00
..
acl.c CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion 2021-04-21 09:20:17 +02:00
action.c MEDIUM: global: remove dead code from nbproc/bind_proc removal 2021-06-15 16:52:42 +02:00
activity.c MINOR: activity/cli: optionally support sorting by address on "show profiling" 2021-05-13 10:00:17 +02:00
applet.c BUG/MINOR: applet: Notify the other side if data were consumed by an applet 2021-04-28 10:51:08 +02:00
arg.c BUG/MINOR: arg: free all args on make_arg_list()'s error path 2021-07-17 18:36:43 +02:00
auth.c BUILD: auth: include missing list.h 2021-05-08 12:29:51 +02:00
backend.c MEDIUM: proxy: remove long-broken 'option http_proxy' 2021-07-18 19:35:32 +02:00
base64.c MINOR: sample: add ub64dec and ub64enc converters 2021-04-13 17:28:13 +02:00
cache.c BUG/MINOR: cache: Correctly handle existing-but-empty 'accept-encoding' header 2021-06-18 15:48:20 +02:00
calltrace.c BUILD: trace: include tools.h 2020-09-25 17:54:48 +02:00
cfgcond.c CLEANUP: assorted typo fixes in the code and comments 2021-08-16 12:37:59 +02:00
cfgdiag.c CLEANUP: assorted typo fixes in the code and comments 2021-04-26 10:42:58 +02:00
cfgparse-global.c MINOR: mux_h2: define config to disable h2 websocket support 2021-07-12 10:41:45 +02:00
cfgparse-listen.c MINOR: proxy: disabled takes a stopping and a disabled state 2021-08-03 14:17:45 +02:00
cfgparse-ssl.c MINOR: ssl: support ssl keyword for dynamic servers 2021-06-18 16:42:26 +02:00
cfgparse-tcp.c MINOR: server: prepare parsing for dynamic servers 2021-03-18 15:51:12 +01:00
cfgparse-unix.c MINOR: listener: create a new struct "settings" in bind_conf 2020-09-16 20:13:13 +02:00
cfgparse.c MINOR: proxy: disable warnings for internal proxies 2021-08-13 15:34:16 +02:00
channel.c CLEANUP: channel: fix comment in ci_putblk. 2021-02-13 09:43:17 +01:00
check.c BUG/MEDIUM: check: fix leak on agent-check purge 2021-08-11 14:40:21 +02:00
chunk.c MINOR: pool: move pool declarations to read_mostly 2021-04-10 19:27:41 +02:00
cli.c MINOR: cli: delare the CLI frontend as an internal proxy 2021-08-13 15:34:10 +02:00
compression.c BUG/MINOR: compression: Missing calloc return value check in comp_append_type/algo 2021-05-31 10:51:04 +02:00
connection.c MINOR: connection: Add a connection error code sample fetch 2021-07-29 15:40:45 +02:00
cpuset.c BUG/MAJOR: fix build on musl with cpu_set_t support 2021-04-27 14:11:26 +02:00
debug.c CLEANUP: cli/tree-wide: properly re-align the CLI commands' help messages 2021-05-07 11:51:26 +02:00
dgram.c REORG: dgram: rename proto_udp to dgram 2020-06-11 10:18:59 +02:00
dict.c CLEANUP: atomic/tree-wide: replace single increments/decrements with inc/dec 2021-04-07 18:18:37 +02:00
dns.c CLEANUP: dns: Remove a forgotten debug message 2021-06-23 12:21:47 +02:00
dynbuf.c BUG/MINOR: buffer: fix buffer_dump() formatting 2021-08-12 00:51:45 +02:00
eb32sctree.c REORG: ebtree: move the include files from ebtree to include/import/ 2020-06-11 09:31:11 +02:00
eb32tree.c REORG: ebtree: move the include files from ebtree to include/import/ 2020-06-11 09:31:11 +02:00
eb64tree.c REORG: ebtree: move the include files from ebtree to include/import/ 2020-06-11 09:31:11 +02:00
ebimtree.c CLEANUP: include: tree-wide alphabetical sort of include files 2020-06-11 10:18:59 +02:00
ebistree.c REORG: ebtree: move the include files from ebtree to include/import/ 2020-06-11 09:31:11 +02:00
ebmbtree.c CLEANUP: assorted typo fixes in the code and comments 2021-08-16 12:37:59 +02:00
ebpttree.c REORG: ebtree: move the include files from ebtree to include/import/ 2020-06-11 09:31:11 +02:00
ebsttree.c REORG: ebtree: move the include files from ebtree to include/import/ 2020-06-11 09:31:11 +02:00
ebtree.c BUG/MEDIUM: ebtree: use a byte-per-byte memcmp() to compare memory blocks 2020-06-16 11:30:33 +02:00
errors.c BUG: errors: remove printf positional args for user messages context 2021-06-08 11:40:44 +02:00
ev_epoll.c MEDIUM: threads: add a stronger thread_isolate_full() call 2021-08-04 14:49:36 +02:00
ev_evports.c MEDIUM: threads: add a stronger thread_isolate_full() call 2021-08-04 14:49:36 +02:00
ev_kqueue.c MEDIUM: threads: add a stronger thread_isolate_full() call 2021-08-04 14:49:36 +02:00
ev_poll.c MEDIUM: threads: add a stronger thread_isolate_full() call 2021-08-04 14:49:36 +02:00
ev_select.c MEDIUM: threads: add a stronger thread_isolate_full() call 2021-08-04 14:49:36 +02:00
extcheck.c CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion 2021-04-21 09:20:17 +02:00
fcgi-app.c CLEANUP: assorted typo fixes in the code and comments 2021-08-16 12:37:59 +02:00
fcgi.c CLEANUP: include: tree-wide alphabetical sort of include files 2020-06-11 10:18:59 +02:00
fd.c CLEANUP: fd: remove the now unneeded fd_mig_lock 2021-08-04 16:03:36 +02:00
filters.c BUG/MINOR: filters: Always set FLT_END analyser when CF_FLT_ANALYZE flag is set 2021-08-13 17:14:47 +02:00
fix.c CLEANUP: assorted typo fixes in the code and comments 2021-08-16 12:37:59 +02:00
flt_http_comp.c BUG/MEDIUM: compression: Add a flag to know the filter is still processing data 2021-06-10 08:57:55 +02:00
flt_spoe.c BUG/MEDIUM: spoe: Fix policy to close applets when SPOE connections are queued 2021-08-05 10:07:43 +02:00
flt_trace.c CLEANUP: Use istadv(const struct ist, const size_t) whenever possible 2021-03-03 05:07:10 +01:00
freq_ctr.c BUG/MINOR: freq_ctr: use stricter barriers between updates and readings 2021-08-01 17:34:06 +02:00
frontend.c MINOR: http-ana: Simplify creation/destruction of HTTP transactions 2021-04-01 11:06:48 +02:00
h1.c MINOR: http: use http uri parser for authority 2021-07-08 17:11:17 +02:00
h1_htx.c MEDIUM: h1-htx: apply scheme-based normalization on h1 requests 2021-07-07 15:34:01 +02:00
h2.c BUG/MEDIUM: h2: give :authority precedence over Host 2021-08-17 10:21:07 +02:00
haproxy.c BUG/MEDIUM: cfgcheck: verify existing log-forward listeners during config check 2021-08-13 11:21:57 +02:00
hash.c REORG: include: move base64.h, errors.h and hash.h from common to to haproxy/ 2020-06-11 10:18:56 +02:00
hlua.c BUG/MINOR: lua/filters: Return right code when txn:done() is called 2021-08-13 17:14:47 +02:00
hlua_fcn.c MINOR: stats: pass the appctx flags to stats_fill_info() 2021-05-08 10:52:12 +02:00
hpack-dec.c CLEANUP: Use isttest(const struct ist) whenever possible 2021-03-03 05:07:10 +01:00
hpack-enc.c CLEANUP: include: tree-wide alphabetical sort of include files 2020-06-11 10:18:59 +02:00
hpack-huff.c CONTRIB: move some dev-specific tools to dev/ 2021-04-02 17:48:42 +02:00
hpack-tbl.c MINOR: pool: move pool declarations to read_mostly 2021-04-10 19:27:41 +02:00
http.c MINOR: http: add a new function http_validate_scheme() to validate a scheme 2021-08-17 10:16:22 +02:00
http_acl.c CLEANUP: acl: don't reference the generic pattern deletion function anymore 2020-11-05 19:27:09 +01:00
http_act.c MINOR: http: use http uri parser for path 2021-07-08 17:11:17 +02:00
http_ana.c CLEANUP: http_ana: Remove now unused label from http_process_request() 2021-07-19 10:32:17 +02:00
http_conv.c MINOR: http-conv: Don't check if argument list is set in sample converters 2021-01-29 13:26:02 +01:00
http_fetch.c MINOR: http: use http uri parser for path 2021-07-08 17:11:17 +02:00
http_htx.c MINOR: http: use http uri parser for path 2021-07-08 17:11:17 +02:00
http_rules.c BUG/MINOR: http: Missing calloc return value check while parsing redirect rule 2021-05-31 10:51:08 +02:00
htx.c BUG/MAJOR: htx: Fix htx_defrag() when an HTX block is expanded 2021-06-11 14:05:34 +02:00
init.c CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion 2021-04-21 09:20:17 +02:00
lb_chash.c MINOR: server: replace the pendconns-related stuff with a struct queue 2021-06-22 18:43:14 +02:00
lb_fas.c MINOR: server: replace the pendconns-related stuff with a struct queue 2021-06-22 18:43:14 +02:00
lb_fwlc.c MINOR: server: replace the pendconns-related stuff with a struct queue 2021-06-22 18:43:14 +02:00
lb_fwrr.c CLEANUP: assorted typo fixes in the code and comments 2021-08-16 12:37:59 +02:00
lb_map.c MINOR: server: replace the pendconns-related stuff with a struct queue 2021-06-22 18:43:14 +02:00
listener.c MEDIUM: global: remove dead code from nbproc/bind_proc removal 2021-06-15 16:52:42 +02:00
log.c MINOR: ssl: Define a default https log format 2021-07-29 15:40:45 +02:00
lru.c CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion 2021-04-21 09:20:17 +02:00
mailers.c MEDIUM: mailers: use "HAProxy" nor "HAproxy" in the subject of messages 2021-05-09 06:45:16 +02:00
map.c MINOR: map/acl: print the count of all the map/acl entries in "show map/acl" 2021-05-25 08:44:45 +02:00
mjson.c MINOR: sample: converter: Add mjson library. 2021-04-15 17:05:38 +02:00
mqtt.c BUG/MINOR: mqtt: Support empty client ID in CONNECT message 2021-06-28 16:29:44 +02:00
mux_fcgi.c CLEANUP: assorted typo fixes in the code and comments 2021-08-16 12:37:59 +02:00
mux_h1.c BUG/MINOR: mux-h1: Be sure to swap H1C to splice mode when rcv_pipe() is called 2021-07-26 15:14:35 +02:00
mux_h2.c BUG/MEDIUM: mux-h2: Handle remaining read0 cases on partial frames 2021-07-27 09:26:02 +02:00
mux_pt.c MINOR: trace: make trace sources read_mostly 2021-04-10 19:29:26 +02:00
mworker-prog.c BUG/MINOR: mworker: do not export HAPROXY_MWORKER_REEXEC across programs 2021-07-21 10:17:02 +02:00
mworker.c MINOR: proxy: disabled takes a stopping and a disabled state 2021-08-03 14:17:45 +02:00
namespace.c REORG: include: move the error reporting functions to from log.h to errors.h 2020-06-11 10:18:59 +02:00
pattern.c MINOR: map/acl: print the count of all the map/acl entries in "show map/acl" 2021-05-25 08:44:45 +02:00
payload.c BUILD: payload: include tools.h in payload.c 2021-05-08 13:55:40 +02:00
peers.c CLEANUP: assorted typo fixes in the code and comments 2021-08-16 12:37:59 +02:00
pipe.c CLEANUP: atomic/tree-wide: replace single increments/decrements with inc/dec 2021-04-07 18:18:37 +02:00
pool.c MEDIUM: pools: remove the locked pools implementation 2021-06-10 17:46:50 +02:00
proto_quic.c MINOR: fd: move .linger_risk into fdtab[].state 2021-04-07 18:07:49 +02:00
proto_sockpair.c MINOR: fd: move .linger_risk into fdtab[].state 2021-04-07 18:07:49 +02:00
proto_tcp.c MINOR: fd: move .linger_risk into fdtab[].state 2021-04-07 18:07:49 +02:00
proto_udp.c BUILD: udp: include tools.h from proto_udp.c 2021-05-08 13:59:56 +02:00
proto_uxdg.c BUG/MINOR: protocol: add missing support of dgram unix socket. 2021-03-18 18:30:29 +01:00
proto_uxst.c MINOR: fd: move .linger_risk into fdtab[].state 2021-04-07 18:07:49 +02:00
protocol.c MEDIUM: proxy: remove the deprecated "grace" keyword 2021-06-11 16:57:34 +02:00
proxy.c MINOR: proxy: disabled takes a stopping and a disabled state 2021-08-03 14:17:45 +02:00
qpack-tbl.c CLEANUP: qpack: Wrong comment about the draft for QPACK static header table. 2021-01-04 12:31:28 +01:00
queue.c BUG/MINOR: queue/debug: use the correct lock labels on the queue lock 2021-06-24 16:00:18 +02:00
quic_cc.c MINOR: quic: Import C source code files for QUIC protocol. 2020-12-23 11:57:26 +01:00
quic_cc_newreno.c MINOR: quic: Add traces to congestion avoidance NewReno callback. 2020-12-23 11:57:26 +01:00
quic_frame.c CLEANUP: assorted typo fixes in the code and comments 2021-01-06 16:26:50 +01:00
quic_sock.c CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion 2021-04-21 09:20:17 +02:00
quic_tls.c MINOR: quic: Update the initial salt to that of draft-29. 2020-12-23 11:57:26 +01:00
raw_sock.c MINOR: fd: move .linger_risk into fdtab[].state 2021-04-07 18:07:49 +02:00
regex.c OPTIM: regex: PCRE2 use JIT match when JIT optimisation occured. 2020-08-14 07:53:40 +02:00
resolvers.c BUG/MINOR: resolvers: Use a null-terminated string to lookup in servers tree 2021-07-22 15:03:25 +02:00
ring.c CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion 2021-04-21 09:20:17 +02:00
sample.c MEDIUM: global: remove the relative_pid from global and mworker 2021-06-15 16:52:42 +02:00
server.c BUG/MEDIUM: server: support both check/agent-check on a dynamic instance 2021-08-11 14:41:47 +02:00
server_state.c BUG/MEDIUM: resolvers: Add a task on servers to check SRV resolution status 2021-06-17 16:52:35 +02:00
session.c MINOR: log: rename 'dontloglegacyconnerr' to 'log-error-via-logformat' 2021-08-02 10:42:42 +02:00
sha1.c BUILD: use inttypes.h instead of stdint.h 2019-04-01 07:44:56 +02:00
shctx.c CLEANUP: shctx: remove the different inter-process locking techniques 2021-06-15 16:52:42 +02:00
signal.c CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion 2021-04-21 09:20:17 +02:00
sink.c CLEANUP: server: a separate function for initializing the per_thr field 2021-06-17 16:07:10 +02:00
slz.c IMPORT: slz: use inttypes.h instead of stdint.h 2021-05-14 08:44:52 +02:00
sock.c BUG/MEDIUM: sock: make sure to never miss early connection failures 2021-07-06 10:52:19 +02:00
sock_inet.c MINOR: fd: move .exported into fdtab[].state 2021-04-07 18:10:36 +02:00
sock_unix.c MINOR: fd: move .exported into fdtab[].state 2021-04-07 18:10:36 +02:00
ssl_ckch.c MINOR: ssl: fix typo in usage for 'new ssl ca-file' 2021-06-18 16:42:25 +02:00
ssl_crtlist.c MEDIUM: ssl: Chain ckch instances in ca-file entries 2021-05-17 10:50:24 +02:00
ssl_sample.c MINOR: ssl: Add new ssl_fc_hsk_err sample fetch 2021-07-29 15:40:45 +02:00
ssl_sock.c MINOR: ssl: Add new ssl_fc_hsk_err sample fetch 2021-07-29 15:40:45 +02:00
ssl_utils.c BUILD: ssl: ssl_utils requires chunk.h 2021-05-08 12:52:56 +02:00
stats.c MINOR: stats: shows proxy in a stopped state 2021-08-03 14:17:45 +02:00
stick_table.c BUILD: stick-table: shut up invalid "uninitialized" warning in gcc 8.3 2021-07-06 18:54:07 +02:00
stream.c MINOR: filters/lua: Release filters before the lua context 2021-08-12 08:57:07 +02:00
stream_interface.c CLEANUP: l7-retries: do not test the buffer before calling b_alloc() 2021-06-11 16:04:28 +02:00
task.c MEDIUM: task: implement tasklet kill 2021-08-06 11:07:48 +02:00
tcp_act.c Revert "MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules" 2021-07-06 11:44:04 +02:00
tcp_rules.c BUG/MINOR: http: Missing calloc return value check while parsing tcp-request rule 2021-05-31 10:51:02 +02:00
tcp_sample.c MINOR: tcp_samples: Be able to call bc_src/bc_dst from the health-checks 2021-04-19 08:31:05 +02:00
tcpcheck.c BUG/MINOR: tcpcheck: Properly detect pending HTTP data in output buffer 2021-08-12 07:49:23 +02:00
thread.c MEDIUM: threads: add a stronger thread_isolate_full() call 2021-08-04 14:49:36 +02:00
time.c BUG/MEDIUM: time: fix updating of global_now upon clock drift 2021-04-28 17:43:55 +02:00
tools.c BUILD: tools: get the absolute path of the current binary on NetBSD. 2021-08-17 09:54:28 +02:00
trace.c CLEANUP: cli/tree-wide: properly re-align the CLI commands' help messages 2021-05-07 11:51:26 +02:00
uri_auth.c CLEANUP: Compare the return value of XXXcmp() functions with zero 2021-01-04 10:09:02 +01:00
uri_normalizer.c MINOR: uri_normalizer: Add fragment-encode normalizer 2021-05-11 17:24:32 +02:00
vars.c BUG/MINOR: vars: Be sure to have a session to get checks variables 2021-06-02 11:55:14 +02:00
version.c BUILD: Fix build by including haproxy/global.h 2020-06-16 23:36:04 +02:00
wdt.c BUILD: wdt: include signal-t.h 2021-05-08 12:29:01 +02:00
xprt_handshake.c MEDIUM: connections: Implement a start() method for xprt_handshake. 2021-03-19 15:33:04 +01:00
xprt_quic.c CLEANUP: assorted typo fixes in the code and comments 2021-08-16 12:37:59 +02:00