[core] combine Cookie request headers with ';'

(thx avij) clients should send a single Cookie header with multiple cookie values separated with ';'. https://tools.ietf.org/html/rfc6265#section-4.2.1 However, HTTP/2 loosens this requirement for Cookie. https://tools.ietf.org/html/rfc7540#section-8.1.2 Section 8.1.2.5 Compressing the Cookie Header Field and some HTTP/2 clients (Chrome, Firefox) send multiple 'cookie:' headers in a HEADERS frame.
2 years ago · 05ff9c570e
1 changed files with 13 additions and 1 deletions
--- a/src/http_header.c
+++ b/src/http_header.c
@ -138,6 +138,15 @@ static inline void http_header_token_append(buffer * const vb, const char * cons
    buffer_append_string_len(vb, v, vlen);
 }

+__attribute_cold__
+static inline void http_header_token_append_cookie(buffer * const vb, const char * const v, const uint32_t vlen) {
+    /* Cookie request header must be special-cased to use ';' separator
+     * instead of ',' to combine multiple headers (if present) */
+    if (!buffer_string_is_empty(vb))
+        buffer_append_string_len(vb, CONST_STR_LEN("; "));
+    buffer_append_string_len(vb, v, vlen);
+}
+
 __attribute_pure__
 static inline buffer * http_header_generic_get_ifnotempty(const array * const a, const char * const k, const uint32_t klen) {
    data_string * const ds =
@ -224,7 +233,10 @@ void http_header_request_append(request_st * const r, enum http_header_e id, con
    if (0 == vlen) return;
    if (id > HTTP_HEADER_OTHER) r->rqst_htags |= id;
    buffer * const vb = array_get_buf_ptr(&r->rqst_headers, k, klen);
-    http_header_token_append(vb, v, vlen);
+    if (id != HTTP_HEADER_COOKIE)
+        http_header_token_append(vb, v, vlen);
+    else
+        http_header_token_append_cookie(vb, v, vlen);
 }