BUG/MINOR: config: Update cookie domain warn to RFC6265

The domain option of the cookie keyword allows to define which domain or domains should use the the cookie value of a cookie-based server affinity. If the domain does not start with a dot, the user agent should only use the cookie on hosts that matches the provided domains. If the configured domain starts with a dot, the user agent can use the cookie with any host ending with the configured domain. haproxy config parser helps the admin warning about a potentially buggy config: defining a domain without an embedded dot which does not start with a dot, which is forbidden by the RFC. The current condition to issue the warning implements RFC2109. This change updates the implementation to RFC6265 which allows domain without a leading dot. Should be backported to all supported versions. The feature exists at least since 1.5.
2024-12-17 17:04:35 +00:00 · 2019-10-30 21:04:00 -03:00 · 2019-10-30 21:04:00 -03:00 · e1583751b6
commit e1583751b6
parent 1dccfbeb5b
1 changed files with 4 additions and 5 deletions
--- a/src/cfgparse-listen.c
+++ b/src/cfgparse-listen.c
@ -880,11 +880,10 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
 					goto out;
 				}

-				if (*args[cur_arg + 1] != '.' || !strchr(args[cur_arg + 1] + 1, '.')) {
-					/* rfc2109, 4.3.2 Rejecting Cookies */
-					ha_warning("parsing [%s:%d]: domain '%s' contains no embedded"
-						   " dots nor does not start with a dot."
-						   " RFC forbids it, this configuration may not work properly.\n",
+				if (!strchr(args[cur_arg + 1], '.')) {
+					/* rfc6265, 5.2.3 The Domain Attribute */
+					ha_warning("parsing [%s:%d]: domain '%s' contains no embedded dot,"
+						   " this configuration may not work properly (see RFC6265#5.2.3).\n",
 						   file, linenum, args[cur_arg + 1]);
 					err_code |= ERR_WARN;
 				}