Hi Apollon,
On Sun, Apr 06, 2014 at 02:46:00AM +0300, Apollon Oikonomopoulos wrote:
> RFC 1945 (ยง4.1) defines an HTTP/0.9 request ("Simple-Request") as:
>
> Simple-Request = "GET" SP Request-URI CRLF
>
> HAProxy tries to automatically upgrade HTTP/0.9 requests to
> to HTTP/1.0, by appending "HTTP/1.0" to the request and setting the
> Request-URI to "/" if it was not present. The latter however is
> RFC-incompatible, as HTTP/0.9 requests must already have a Request-URI
> according to the definition above. Additionally,
> http_upgrade_v09_to_v10() does not check whether the request method is
> indeed GET (the mandatory method for HTTP/0.9).
>
> As a result, any single- or double-word request line is regarded as a
> valid HTTP request. We fix this by failing in http_upgrade_v09_to_v10()
> if the request method is not GET or the request URI is not present.
In fact I intentionally made this choice because Apache does the same and
wanted to ensure the least possible breakage by inserting haproxy in front
of it (you can't imagine how users are picky when something does not work
anymore after they install your product). But I agree that the URI is
mandatory according to the RFC, and even according to Tim BL's original
WWWDaemon (which used to only process GET requests containing a URI).
These days we don't need to prove that we don't break anything, so I think
it's fine to change this behaviour. So I have merged your patch into 1.5.
I don't intend to backport it into 1.4-stable however.
Thanks!
Willy
