git.ipfire.org Git - thirdparty/haproxy.git/commit

author	Christopher Faulet <cfaulet@haproxy.com>
	Wed, 11 Sep 2024 13:02:07 +0000 (15:02 +0200)
committer	Christopher Faulet <cfaulet@haproxy.com>
	Thu, 12 Sep 2024 07:21:57 +0000 (09:21 +0200)
commit	1900ca475fa005b8000c4652457fedf282fa864d
tree	ad421a1e3b8bdcf2789b6b826e5fdc8de8b5482a	tree \| snapshot
parent	2b95c77c084932e654d8e21c868ebbf7325a98b6	commit \| diff

MEDIUM: h1: Accept invalid T-E values with accept-invalid-http-response option

Since the 2.6, A parsing error is reported when the chunked encoding is
found twice. As stated in RFC9112, A sender must not apply the chunked
transfer coding more than once to a message body. It means only one chunked
coding must be found. In addition, empty values are also rejected becaues it
is forbidden by RFC9110.

However, in both cases, it may be useful to relax the rules for trusted
legacy servers when accept-invalid-http-response option is set. Especially
because it was accepted on 2.4 and older. In addition, T-E header is now
sanitized before sending it. It is not a problem Because it is a hop-by-hop
header

Note that it remains invalid on client side because there is no good reason
to relax the parsing on this side. We can argue a server is trusted so we
can decide to support some legacy behavior. It is not true on client side
and it is highly suspicious if a client is sending an invalid T-E header.

Note also we continue to reject unsupported T-E values (so all codings except
"chunked"). Because the "TE" header is sanitized and cannot contain other value
than "Trailers", there is absolutely no reason for a server to use something
else.

This patch should fix the issue #2677. It could probably be backported as
far as 2.6 if necessary.

src/h1.c		diff \| blob \| blame \| history
src/mux_h1.c		diff \| blob \| blame \| history