mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2026-05-01 11:10:59 +02:00
b743b566b4
Strictly speaking, the comma character in authority is allowed by RFC3986. However, it is pretty ambiguous for Host header value because comma is also the value separator for headers supporting multiple value. It is also very unlikely to have comma in host header value or authority. So instead of dealing with this case with all the risks of bugs that this entails, we've decided to forbid the comma in authority and host header value during the parsing. Concretely, only http_authority_has_forbidden_char() was updated. The internal API was not updated to prevent comma to be inserted when the host header value is updated for instance. But this should be so uncommon that it is not really a concern. This patch should be backported as far as 2.8. For previous verions, http_authority_has_forbidden_char() function does not exist.