Fix HTTP2 Cookies

adrianw · November 20, 2017, 9:58pm

HAProxy 1.8 currently does not concatinate headers so when multiple Cookie headers are sent to a HTTP/1.1 backend it can break. By default Chrome and Firefox will split the cookie header for any H2 request, Edge seems to keep it combined.

More in depth discussion can be found here: H2 + Cookie header => splitted header

The below LUA script will concatinate multiple cookie headers into one before sending to the HTTP/1.1 backend.

fix-http2-cookies.lua

    core.register_action("fix-http2-cookies",{ "http-req" }, function(transaction)
        local hdr = transaction.http:req_get_headers()
        transaction.http:req_set_header("cookie",table.concat(hdr["cookie"],'; ',0,#hdr["cookie"]))
    end)

To Call the LUA

global
    lua-load /etc/haproxy/fix-http2-cookies.lua

frontend HTTPS-IN
    http-request lua.fix-http2-cookies if { req.fhdr_cnt(cookie) gt 1 }

sam · November 27, 2017, 12:21am

Nice patch @willy does this need to be reported anywhere else as well?

actually looks like it may already be fixed:

did you see: H2 + Cookie header => splitted header

adrianw · November 27, 2017, 1:55am

Yep, that discussion lead to this script but willy decided it was worth fixing properly. Leaving this up just in case someone finds it an useful example of how to write/implement there own LUA script rather then this script being useful.

willy · November 27, 2017, 4:45am

Yes, your script illustrates very well how to work around similar issues with Lua, let’s keep it online!

Topic		Replies	Views
H2 + Cookie header => splitted header Help!	17	4592	November 27, 2017
Haproxy Cookie Encryption Set Header Help!	0	605	July 6, 2018
Getting all raw http request headers and values in lua Help!	1	1426	April 6, 2024
Making a separate HTTP Request from Lua ("http-req" action) Help!	3	3198	June 9, 2022
Compare two variables without lua? Help!	0	607	July 24, 2020

Fix HTTP2 Cookies

Related Topics