From 1db99b09d031b332072518cc16ce48082427f0f1 Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfaulet@haproxy.com>
Date: Tue, 15 Apr 2025 18:56:18 +0200
Subject: [PATCH] MINOR: h1-htx: Skip C-L and T-E headers for 1xx and 204
 messages during parsing

According to the RFC9110 and RFC9112, a server must not add 'Content-Length'
or 'Transfer-Encoding' headers into 1xx and 204 responses. So till now,
these headers were dropped from the response when it is sent to the client.

However, it seems more logical to remove it during the message parsing. In
addition to sanitize messages as early as possible, this will allow us to
apply some exception in some cases (This will be the subject of another
patch).

In this patch, 'Content-Length' and 'Transfer-Encoding' headers are removed
from 1xx and 204 responses during the parsing but the same is still
performed during the formatting stage.
---
 src/h1_htx.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/h1_htx.c b/src/h1_htx.c
index e731e8826..5845694ae 100644
--- a/src/h1_htx.c
+++ b/src/h1_htx.c
@@ -16,6 +16,7 @@
 #include <haproxy/h1.h>
 #include <haproxy/h1_htx.h>
 #include <haproxy/http.h>
+#include <haproxy/http-hdr.h>
 #include <haproxy/http_htx.h>
 #include <haproxy/htx.h>
 #include <haproxy/tools.h>
@@ -301,6 +302,11 @@ static int h1_postparse_res_hdrs(struct h1m *h1m, union h1_sl *h1sl, struct htx
 		h1m->flags &= ~(H1_MF_CONN_UPG|H1_MF_UPG_WEBSOCKET);
 
 	if (((h1m->flags & H1_MF_METH_CONNECT) && code >= 200 && code < 300) || code == 101) {
+		if (h1m->flags & H1_MF_XFER_ENC)
+			http_del_hdr(hdrs, ist("transfer-encoding"));
+		if (h1m->flags & H1_MF_CLEN)
+			http_del_hdr(hdrs, ist("content-length"));
+
 		h1m->flags &= ~(H1_MF_CLEN|H1_MF_CHNK);
 		h1m->flags |= H1_MF_XFER_LEN;
 		h1m->curr_len = h1m->body_len = 0;
@@ -310,6 +316,15 @@ static int h1_postparse_res_hdrs(struct h1m *h1m, union h1_sl *h1sl, struct htx
 	else if ((h1m->flags & H1_MF_METH_HEAD) || (code >= 100 && code < 200) ||
 		 (code == 204) || (code == 304)) {
 		/* Responses known to have no body. */
+		if ((code >= 100 && code < 200) || (code == 204)) {
+			if (h1m->flags & H1_MF_XFER_ENC)
+				http_del_hdr(hdrs, ist("transfer-encoding"));
+			if (h1m->flags & H1_MF_CLEN)
+				http_del_hdr(hdrs, ist("content-length"));
+
+			h1m->flags &= ~(H1_MF_CLEN|H1_MF_CHNK);
+		}
+
 		h1m->flags |= H1_MF_XFER_LEN;
 		h1m->curr_len = h1m->body_len = 0;
 		if (code >= 200)
-- 
2.47.3