BUG/MINOR: config: Fix parsing of accept-invalid-http-{request,response}

These options are now deprectated, but the proxy capabilities are not properly checked during the configuration parsing leading to always ignore these options. This is now fixed by checking the frontend capability for "accept-invalid-http-request" option and the backend capability for "accept-invalid-http-response" option. In addition, the messages about the deprecation of these options are now emitted with ha_warning() instead of ha_alert() because they are only warnings and not errors. This patch should fix the issue haproxy#2806. It must be backported to 3.1.
FireBurn · Dec 5, 2024 · bc453c5 · bc453c5
1 parent 7885a3b
commit bc453c5
Showing 1 changed file with 14 additions and 10 deletions.
diff --git a/src/cfgparse-listen.c b/src/cfgparse-listen.c
@@ -2409,20 +2409,24 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
 
 			if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
 				goto out;
-			if (warnifnotcap(curproxy, PR_MODE_HTTP, file, linenum, args[1], NULL)) {
-				err_code |= ERR_WARN;
-				goto out;
-			}
 
 			if (args[1][22] == 'q') {
-				ha_alert("parsing [%s:%d]: option '%s' is deprecated. please use 'option accept-unsafe-violations-in-http-request' if absolutely needed.\n",
-					 file, linenum, args[1]);
-				val = PR_O2_REQBUG_OK;
+                            if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[1], NULL)) {
+                                err_code |= ERR_WARN;
+                                goto out;
+                            }
+                            ha_warning("parsing [%s:%d]: option '%s' is deprecated. please use 'option accept-unsafe-violations-in-http-request' if absolutely needed.\n",
+                                       file, linenum, args[1]);
+                            val = PR_O2_REQBUG_OK;
 			}
 			else {
-				ha_alert("parsing [%s:%d]: option '%s' is deprecated. please use 'option accept-unsafe-violations-in-http-response' if absolutely needed.\n",
-					 file, linenum, args[1]);
-				val = PR_O2_RSPBUG_OK;
+                            if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[1], NULL)) {
+                                err_code |= ERR_WARN;
+                                goto out;
+                            }
+                            ha_warning("parsing [%s:%d]: option '%s' is deprecated. please use 'option accept-unsafe-violations-in-http-response' if absolutely needed.\n",
+                                       file, linenum, args[1]);
+                            val = PR_O2_RSPBUG_OK;
 			}
 
 			curproxy->no_options2 &= ~val;