HTTP/1.1 compliance: Stop using Proxy-Connection header

The Proxy-Connection header is not part of any HTTP standard. It was added
by Netscape to differentiate persistent connections to intermediary proxies
but that duty has been formally superceded by the Connection: header.

This compliance update makes Squid stop sending Proxy-Connection on outbound
requests. Starts consistently using Connection: header instead.

The Proxy-Connection header is also ignored on HTTP-strict builds.
For compatibility we must do a small violation and drop it as a hop-by-hop
header despite strict-mode technically being required to pass it through.

For origin server connections the non-strict builds will retain the
status-quo: interpret it, but treat it as an HTTP/0.9 thing to be
upgraded to HTTP/1.1 Connection: header.

squidclient is also fixed not to send it.

diff --git a/src/HttpHeaderTools.cc b/src/HttpHeaderTools.cc
index 8f5a35c68404cca63a99d49e9e757ba32d6a2d73..5227902b0d86663045504ee88f2ae08aeec4d3d5 100644 (file)
--- a/src/HttpHeaderTools.cc
+++ b/src/HttpHeaderTools.cc
@@ -145,19 +145,19 @@ int
 httpHeaderHasConnDir(const HttpHeader * hdr, const char *directive)
 {
     String list;
-    http_hdr_type ht;
     int res;
     /* what type of header do we have? */
 
+#if HTTP_VIOLATIONS
     if (hdr->has(HDR_PROXY_CONNECTION))
-        ht = HDR_PROXY_CONNECTION;
-    else if (hdr->has(HDR_CONNECTION))
-        ht = HDR_CONNECTION;
+        list = hdr->getList(HDR_PROXY_CONNECTION);
+    else
+#endif
+    if (hdr->has(HDR_CONNECTION))
+        list = hdr->getList(HDR_CONNECTION);
     else
         return 0;
 
-    list = hdr->getList(ht);
-
     res = strListIsMember(&list, directive, ',');
 
     list.clean();

diff --git a/src/cf.data.pre b/src/cf.data.pre
index 0dd38a19ec79841d101c07a9c53ce8cc123aa611..3a4bc557d1cb3a72905405f2db211a986acce280 100644 (file)
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -3747,7 +3747,6 @@ DOC_START
                request_header_access Retry-After allow all
                request_header_access Title allow all
                request_header_access Connection allow all
-               request_header_access Proxy-Connection allow all
                request_header_access All deny all
 
        although many of those are HTTP reply headers, and so should be
@@ -3823,7 +3822,6 @@ DOC_START
                reply_header_access Retry-After allow all
                reply_header_access Title allow all
                reply_header_access Connection allow all
-               reply_header_access Proxy-Connection allow all
                reply_header_access All deny all
 
        although the HTTP request headers won't be usefully controlled

diff --git a/src/client_side_reply.cc b/src/client_side_reply.cc
index 4e7243ae7dc82dda5999ad9ba66cf6c17f47e495..f3b01c7f036c7e268d22dd51286e6b52c27926e0 100644 (file)
--- a/src/client_side_reply.cc
+++ b/src/client_side_reply.cc
@@ -1405,9 +1405,8 @@ clientReplyContext::buildReplyHeader()
         hdr->delById(HDR_VIA);
         hdr->putStr(HDR_VIA, strVia.termedBuf());
     }
-    /* Signal keep-alive if needed */
-    hdr->putStr( (http->flags.accel || http->flags.intercepted)? HDR_CONNECTION : HDR_PROXY_CONNECTION,
-                 request->flags.proxy_keepalive ? "keep-alive" : "close");
+    /* Signal keep-alive or close explicitly */
+    hdr->putStr(HDR_CONNECTION, request->flags.proxy_keepalive ? "keep-alive" : "close");
 
 #if ADD_X_REQUEST_URI
     /*

diff --git a/src/http.cc b/src/http.cc
index 6f8b5b45d482bdd7897b465c57e24663a1a696eb..3c93e53150ca0b7cc0bc83265aebfac296af82b4 100644 (file)
--- a/src/http.cc
+++ b/src/http.cc
@@ -1720,11 +1720,7 @@ HttpStateData::httpBuildRequestHeader(HttpRequest * request,
 
     /* maybe append Connection: keep-alive */
     if (flags.keepalive) {
-        if (flags.proxying) {
-            hdr_out->putStr(HDR_PROXY_CONNECTION, "keep-alive");
-        } else {
-            hdr_out->putStr(HDR_CONNECTION, "keep-alive");
-        }
+        hdr_out->putStr(HDR_CONNECTION, "keep-alive");
     }
 
     /* append Front-End-Https */
@@ -1870,12 +1866,13 @@ copyOneHeaderFromClientsideRequestToUpstreamRequest(const HttpHeaderEntry *e, co
 
         break;
 
-    case HDR_PROXY_CONNECTION:
+    case HDR_PROXY_CONNECTION: // SHOULD ignore. But doing so breaks things.
+        break;
 
     case HDR_X_FORWARDED_FOR:
 
     case HDR_CACHE_CONTROL:
-        /** \par Proxy-Connaction:, X-Forwarded-For:, Cache-Control:
+        /** \par X-Forwarded-For:, Cache-Control:
          * handled specially by Squid, so leave off for now.
          * append these after the loop if needed */
         break;

diff --git a/tools/squidclient.cc b/tools/squidclient.cc
index 479de4daadfe8f592187d0e0f8612596148e6fa2..200891516d1dfa059f5647001b8b223125d34c53 100644 (file)
--- a/tools/squidclient.cc
+++ b/tools/squidclient.cc
@@ -434,17 +434,11 @@ main(int argc, char *argv[])
             strcat(msg, buf);
         }
 
-        /* HTTP/1.0 may need keep-alive */
-        if (strcmp(version, "1.0") == 0) {
-            if (keep_alive) {
-                if (strchr(url, ':')) {
-                    snprintf(buf, BUFSIZ, "Proxy-Connection: keep-alive\r\n");
-                    strcat(msg, buf);
-                } else
-                    strcat(msg, "Connection: keep-alive\r\n");
-            }
-        }
-        /* HTTP/1.1 may need close */
+        /* HTTP/1.0 may need keep-alive explicitly */
+        if (strcmp(version, "1.0") == 0 && keep_alive)
+            strcat(msg, "Connection: keep-alive\r\n");
+
+        /* HTTP/1.1 may need close explicitly */
         if (!keep_alive)
             strcat(msg, "Connection: close\r\n");