vcl broken after upgrade from 4.1 to 5.0
Dridi Boukelmoune
dridi at varni.sh
Tue Aug 7 18:10:07 UTC 2018
On Tue, Aug 7, 2018 at 3:27 PM, Stefan Priebe - Profihost AG
<s.priebe at profihost.ag> wrote:
> Hello,
>
> our varnish vcl is broken after upgrading from 4.1 to 5.0 but i can't
> find any documentation hint and i also do not find any solution.
>
> The old varnish conf uses std.collect to concatenate alls Set-Cookies
> header from the backend.
>
> Then does a lot of "magic" using regsuball.
>
> At the end it uses the following Code to split the header into multiple
> headers again:
>
> rebsuball(cookies, ", ", {"
> Set-Cookies: "})
>
> { allows \n / new lines so every new line starts with Set-Cookies: do
> have multiple Set-Cookies headers.
Wow, that's like evil clever!
> This does not seem to work anymore with 5.0 the Set-Cookies Header is
> still a one line. I was also not able to find the opposite of
> std.collect to split the line again into multiple headers.
That's a nice trick, and technically illegal although, well... Good
job for such a hack!
Some time after 4.1 std.collect grew support for an optional separator
other than ", " especially for brain-dead cookie use cases. FYI
cookies are such a mess because they contain a date formatted with a
comma followed by a space, but not quoted, so they can't be split like
other headers such as the Accept* headers.
To add insult to the injury, HTTP/2 requires cookies to be individual
headers nevertheless [1] to help HPACK compression effectiveness.
Since 5.0 is the first release with experimental h2 support, we may
have tightened headers handling and broken your (illegal but oh so
clever) hack.
I don't have time to look [2] closer now, but it would indeed be nice
to have the reciprocal operation to std.collect, so you could use a
safe [3] separator to collect, make your changes and then split using
the same separator.
std.collect(beresp.http.set-cookie, "~SEP~");
/* do stuff to beresp.http.set-cookie */
std.split(beresp.http.set-cookie, "~SEP~");
Dridi
[1] remember, impossible for h1
[2] but I'll find time to review a patch ;-)
[3] if you also control the backend in that regard
More information about the varnish-misc
mailing list