From 317f893c14d74f35963c34bedda2dbef0dee2bf5 Mon Sep 17 00:00:00 2001 From: Chris van de Steeg Date: Mon, 9 Jan 2023 07:15:16 +0100 Subject: [PATCH] Fix http/2 cookies for 1.1 requests (#1508) Co-authored-by: chris van de steeg --- .../Infrastructure/ProxyExtensions.cs | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/src/Microsoft.Tye.Hosting/Infrastructure/ProxyExtensions.cs b/src/Microsoft.Tye.Hosting/Infrastructure/ProxyExtensions.cs index 4a8deea3..f8578ca7 100644 --- a/src/Microsoft.Tye.Hosting/Infrastructure/ProxyExtensions.cs +++ b/src/Microsoft.Tye.Hosting/Infrastructure/ProxyExtensions.cs @@ -9,6 +9,7 @@ using System.Threading; using System.Threading.Tasks; using Microsoft.AspNetCore.Http; using Microsoft.Extensions.Primitives; +using Microsoft.Net.Http.Headers; namespace Microsoft.AspNetCore.Proxy { @@ -80,7 +81,16 @@ namespace Microsoft.AspNetCore.Proxy // Copy the request headers foreach (var header in request.Headers) { - if (!requestMessage.Headers.TryAddWithoutValidation(header.Key, header.Value.ToArray()) && requestMessage.Content != null) + // taken from : https://github.com/microsoft/reverse-proxy/blob/main/src/ReverseProxy/Forwarder/RequestUtilities.cs#L283 + // HttpClient wrongly uses comma (",") instead of semi-colon (";") as a separator for Cookie headers. + // To mitigate this, we concatenate them manually and put them back as a single header value. + // A multi-header cookie header is invalid, but we get one because of + // https://github.com/dotnet/aspnetcore/issues/26461 + if (string.Equals(header.Key, HeaderNames.Cookie, StringComparison.OrdinalIgnoreCase)) + { + requestMessage.Headers.TryAddWithoutValidation(header.Key, string.Join("; ", header.Value.ToArray())); + } + else if (!requestMessage.Headers.TryAddWithoutValidation(header.Key, header.Value.ToArray()) && requestMessage.Content != null) { requestMessage.Content?.Headers.TryAddWithoutValidation(header.Key, header.Value.ToArray()); }