From e1583751b67704f297060afaabe87fd7d8d602a2 Mon Sep 17 00:00:00 2001 From: Joao Morais Date: Wed, 30 Oct 2019 21:04:00 -0300 Subject: [PATCH] BUG/MINOR: config: Update cookie domain warn to RFC6265 The domain option of the cookie keyword allows to define which domain or domains should use the the cookie value of a cookie-based server affinity. If the domain does not start with a dot, the user agent should only use the cookie on hosts that matches the provided domains. If the configured domain starts with a dot, the user agent can use the cookie with any host ending with the configured domain. haproxy config parser helps the admin warning about a potentially buggy config: defining a domain without an embedded dot which does not start with a dot, which is forbidden by the RFC. The current condition to issue the warning implements RFC2109. This change updates the implementation to RFC6265 which allows domain without a leading dot. Should be backported to all supported versions. The feature exists at least since 1.5. --- src/cfgparse-listen.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/src/cfgparse-listen.c b/src/cfgparse-listen.c index 09b172724..507e07173 100644 --- a/src/cfgparse-listen.c +++ b/src/cfgparse-listen.c @@ -880,11 +880,10 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm) goto out; } - if (*args[cur_arg + 1] != '.' || !strchr(args[cur_arg + 1] + 1, '.')) { - /* rfc2109, 4.3.2 Rejecting Cookies */ - ha_warning("parsing [%s:%d]: domain '%s' contains no embedded" - " dots nor does not start with a dot." - " RFC forbids it, this configuration may not work properly.\n", + if (!strchr(args[cur_arg + 1], '.')) { + /* rfc6265, 5.2.3 The Domain Attribute */ + ha_warning("parsing [%s:%d]: domain '%s' contains no embedded dot," + " this configuration may not work properly (see RFC6265#5.2.3).\n", file, linenum, args[cur_arg + 1]); err_code |= ERR_WARN; }