BUG/MINOR: config: Update cookie domain warn to RFC6265
The domain option of the cookie keyword allows to define which domain or
domains should use the the cookie value of a cookie-based server
affinity. If the domain does not start with a dot, the user agent should
only use the cookie on hosts that matches the provided domains. If the
configured domain starts with a dot, the user agent can use the cookie
with any host ending with the configured domain.
haproxy config parser helps the admin warning about a potentially buggy
config: defining a domain without an embedded dot which does not start
with a dot, which is forbidden by the RFC.
The current condition to issue the warning implements RFC2109. This
change updates the implementation to RFC6265 which allows domain without
a leading dot.
Should be backported to all supported versions. The feature exists at least
since 1.5.
diff --git a/src/cfgparse-listen.c b/src/cfgparse-listen.c
index 09b1727..507e071 100644
--- a/src/cfgparse-listen.c
+++ b/src/cfgparse-listen.c
@@ -880,11 +880,10 @@
goto out;
}
- if (*args[cur_arg + 1] != '.' || !strchr(args[cur_arg + 1] + 1, '.')) {
- /* rfc2109, 4.3.2 Rejecting Cookies */
- ha_warning("parsing [%s:%d]: domain '%s' contains no embedded"
- " dots nor does not start with a dot."
- " RFC forbids it, this configuration may not work properly.\n",
+ if (!strchr(args[cur_arg + 1], '.')) {
+ /* rfc6265, 5.2.3 The Domain Attribute */
+ ha_warning("parsing [%s:%d]: domain '%s' contains no embedded dot,"
+ " this configuration may not work properly (see RFC6265#5.2.3).\n",
file, linenum, args[cur_arg + 1]);
err_code |= ERR_WARN;
}