Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sanitize cookie names. #2216

Merged
merged 1 commit into from
Oct 5, 2017
Merged

Sanitize cookie names. #2216

merged 1 commit into from
Oct 5, 2017

Conversation

timoreimann
Copy link
Contributor

According to RFC 2616 section 2.2 and this StackOverflow response, only a certain subset of characters is permitted in cookie names. Specifically, slashes contained may cause the cookie to not get set by certain browsers.

This change makes sure that the backend name embedded in the cookie name is sanitized accordingly.

@traefiker traefiker added this to the 1.4 milestone Oct 4, 2017
@timoreimann timoreimann force-pushed the sanitize-sticky-cookie-backend-name branch from ea7f3b1 to 4af7e48 Compare October 4, 2017 23:07
ldez
ldez approved these changes Oct 5, 2017
View reviewed changes
Copy link
Contributor

@ldez ldez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

mmatur
mmatur reviewed Oct 5, 2017
View reviewed changes
Copy link
Member

@mmatur mmatur left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

emilevauge
emilevauge approved these changes Oct 5, 2017
View reviewed changes
Copy link
Member

@emilevauge emilevauge left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @timoreimann
LGTM

juliens
juliens approved these changes Oct 5, 2017
View reviewed changes
Copy link
Member

@juliens juliens left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@timoreimann @traefiker
Sanitize cookie names.
c63408d 
According to RFC 2616 section 2.2 and [1], only a certain subset of
characters is permitted in cookie names. Specifically, slashes contained
may cause the cookie to not get set by certain browsers.

This change makes sure that the backend name embedded in the cookie name
is sanitized accordingly.

[1] https://stackoverflow.com/a/1969339
@traefiker traefiker force-pushed the sanitize-sticky-cookie-backend-name branch from 4af7e48 to c63408d Compare October 5, 2017 10:02
@traefiker traefiker merged commit 8a67434 into traefik:v1.4 Oct 5, 2017
@timoreimann timoreimann deleted the sanitize-sticky-cookie-backend-name branch October 5, 2017 12:09
@ldez ldez mentioned this pull request Oct 5, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mmatur mmatur mmatur left review comments

@emilevauge emilevauge emilevauge approved these changes

@ldez ldez ldez approved these changes

@juliens juliens juliens approved these changes

Assignees
No one assigned
Labels
area/sticky-session kind/bug/fix a bug fix size/S
Projects
None yet
Milestone
1.4
Development

Successfully merging this pull request may close these issues.
6 participants
@timoreimann @juliens @mmatur @ldez @emilevauge @traefiker