This works great, thank you!
A few things:
- my ACL above was wrong in that I wrote “cookies” instead of “cookie”, I fixed it in that post already
- I can confirm that with my ACL above, your script can be trimmed down to basically two lines, as you already said
- I do think we can just use the “req.fhdr_cnt(cookie) gt 1” condition, LUA should be fast enough even if static files run through this as well
- to be perfectly RFC compliant, I added a space after ; - “two-octet delimiter of 0x3B, 0x20”
I think your script will be very helpful, do you want to post it in a new thread to the LUA section, maybe rename it something more specific like fix-http2-cookies (and including instructions how to load it)?
I wrote a short standalone reproducer in PHP that sets 4 cookies to the current timestamp and then requests the browser to reload the page after 2 seconds, unless the cookies that it sees are incomplete/wrong. This shows the problem right away (in Chrome and Firefox):
The scripts runs at:
http://abrowserhasnocookie.ltri.eu/
code:
http://abrowserhasnocookie.ltri.eu/source.txt
Haproxy backend to reproduce this:
backend bk_testbk
http-request set-header Host abrowserhasnocookie.ltri.eu
server www abrowserhasnocookie.ltri.eu:80
Use HTTP2 to trigger the problem, fix it with Adrian’s LUA script:
global
lua-load /home/lukas/fix-headers.lua
frontend https
http-request lua.fix-headers if { req.fhdr_cnt(cookie) gt 1 }
@willy some backend applications may support this, but I doubt that most of them do - otherwise we would not have 2 reports here already in the -rc phase; I think the breakage because of this is quite extensive. Also see the simple php reproducer above.
I’m not saying we have to do this in 1.8, but should warn users about this when we release 1.8 (release notes and documentation). Adrian’s LUA script looks to me like a very good workaround and can be used in 1.8 to keep using HTTP2 while we don’t concatenate the cookie headers yet. Actually this script is a poster child for LUA usage 