Fix HTTP2 Cookies


#1

HAProxy 1.8 currently does not concatinate headers so when multiple Cookie headers are sent to a HTTP/1.1 backend it can break. By default Chrome and Firefox will split the cookie header for any H2 request, Edge seems to keep it combined.

More in depth discussion can be found here: H2 + Cookie header => splitted header

The below LUA script will concatinate multiple cookie headers into one before sending to the HTTP/1.1 backend.

fix-http2-cookies.lua

    core.register_action("fix-http2-cookies",{ "http-req" }, function(transaction)
        local hdr = transaction.http:req_get_headers()
        transaction.http:req_set_header("cookie",table.concat(hdr["cookie"],'; ',0,#hdr["cookie"]))
    end)

To Call the LUA

global
    lua-load /etc/haproxy/fix-http2-cookies.lua

frontend HTTPS-IN
    http-request lua.fix-http2-cookies if { req.fhdr_cnt(cookie) gt 1 }

H2 + Cookie header => splitted header
#2

Nice patch @willy does this need to be reported anywhere else as well?

actually looks like it may already be fixed:

did you see: H2 + Cookie header => splitted header


#3

Yep, that discussion lead to this script but willy decided it was worth fixing properly. Leaving this up just in case someone finds it an useful example of how to write/implement there own LUA script rather then this script being useful.


#4

Yes, your script illustrates very well how to work around similar issues with Lua, let’s keep it online!