From: Christopher Faulet <cfaulet@haproxy.com>
Date: Wed, 4 Dec 2024 09:47:35 +0000 (+0100)
Subject: BUG/MINOR: config: Fix parsing of accept-invalid-http-{request,response}
X-Git-Tag: v3.2-dev1~40
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bc453c51066beb8ed05baa6636fcb471b9d103ca;p=thirdparty%2Fhaproxy.git

BUG/MINOR: config: Fix parsing of accept-invalid-http-{request,response}

These options are now deprectated, but the proxy capabilities are not
properly checked during the configuration parsing leading to always ignore
these options. This is now fixed by checking the frontend capability for
"accept-invalid-http-request" option and the backend capability for
"accept-invalid-http-response" option.

In addition, the messages about the deprecation of these options are now
emitted with ha_warning() instead of ha_alert() because they are only
warnings and not errors.

This patch should fix the issue #2806. It must be backported to 3.1.
---

diff --git a/src/cfgparse-listen.c b/src/cfgparse-listen.c
index 6167f596e5..5d7f8f2795 100644
--- a/src/cfgparse-listen.c
+++ b/src/cfgparse-listen.c
@@ -2409,20 +2409,24 @@ stats_error_parsing:
 
 			if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
 				goto out;
-			if (warnifnotcap(curproxy, PR_MODE_HTTP, file, linenum, args[1], NULL)) {
-				err_code |= ERR_WARN;
-				goto out;
-			}
 
 			if (args[1][22] == 'q') {
-				ha_alert("parsing [%s:%d]: option '%s' is deprecated. please use 'option accept-unsafe-violations-in-http-request' if absolutely needed.\n",
-					 file, linenum, args[1]);
-				val = PR_O2_REQBUG_OK;
+                            if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[1], NULL)) {
+                                err_code |= ERR_WARN;
+                                goto out;
+                            }
+                            ha_warning("parsing [%s:%d]: option '%s' is deprecated. please use 'option accept-unsafe-violations-in-http-request' if absolutely needed.\n",
+                                       file, linenum, args[1]);
+                            val = PR_O2_REQBUG_OK;
 			}
 			else {
-				ha_alert("parsing [%s:%d]: option '%s' is deprecated. please use 'option accept-unsafe-violations-in-http-response' if absolutely needed.\n",
-					 file, linenum, args[1]);
-				val = PR_O2_RSPBUG_OK;
+                            if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[1], NULL)) {
+                                err_code |= ERR_WARN;
+                                goto out;
+                            }
+                            ha_warning("parsing [%s:%d]: option '%s' is deprecated. please use 'option accept-unsafe-violations-in-http-response' if absolutely needed.\n",
+                                       file, linenum, args[1]);
+                            val = PR_O2_RSPBUG_OK;
 			}
 
 			curproxy->no_options2 &= ~val;