HAProxy community

Fix HTTP2 Cookies


HAProxy 1.8 currently does not concatinate headers so when multiple Cookie headers are sent to a HTTP/1.1 backend it can break. By default Chrome and Firefox will split the cookie header for any H2 request, Edge seems to keep it combined.

More in depth discussion can be found here: H2 + Cookie header => splitted header

The below LUA script will concatinate multiple cookie headers into one before sending to the HTTP/1.1 backend.


    core.register_action("fix-http2-cookies",{ "http-req" }, function(transaction)
        local hdr = transaction.http:req_get_headers()
        transaction.http:req_set_header("cookie",table.concat(hdr["cookie"],'; ',0,#hdr["cookie"]))

To Call the LUA

    lua-load /etc/haproxy/fix-http2-cookies.lua

frontend HTTPS-IN
    http-request lua.fix-http2-cookies if { req.fhdr_cnt(cookie) gt 1 }

H2 + Cookie header => splitted header

Nice patch @willy does this need to be reported anywhere else as well?

actually looks like it may already be fixed:

did you see: H2 + Cookie header => splitted header


Yep, that discussion lead to this script but willy decided it was worth fixing properly. Leaving this up just in case someone finds it an useful example of how to write/implement there own LUA script rather then this script being useful.


Yes, your script illustrates very well how to work around similar issues with Lua, let’s keep it online!