We started using a new affiliate partner that is setting cookies that contain unencoded JSON, so what we receive looks like this:
Cookie: [other cookies]; _aw_j_29283={"id":"2f44a001-378b-436d-89a2-93672703c238-1","expiration":1693705859}; [other cookies]
Our backend rejects these (properly, imho) as a 400, but this has been causing substantial support workload of people complaining our site is broken.
I tried filtering these out in my haproxy config, but the comma in the JSON semantically breaks the one Cookie header into multiple headers.
The closest I got was this:
http-request replace-value Cookie ([^{]*)[{][^;]+? \1OBJECT
http-request replace-value Cookie ^[\"][^;]+}(.*) BUG=CONTINUES\1
but that yielded: [other cookies]; _aw_j_29283=OBJECT,BUG=CONTINUES; [other cookies]
i.e. the comma persists, and our backend still coughs up a 400. I can turn strict headers off, but that will involve touching dozens of services. I’m stuck on haproxy 1.8. Is there any way I can just selectively nuke a cookie containing a comma in haproxy?
Thanks!
1 post - 1 participant