caddy-frontend: Implemented disabled_cookie_list

software/caddy-frontend/TODO.rst

@@ -13,11 +13,6 @@ Generally things to be done with ``caddy-frontend``:
 
    * **Jérome Perrin**: *For event source, if I understand https://github.com/mholt/caddy/issues/1355 correctly, we could use caddy as a proxy in front of nginx-push-stream . If we have a "central shared" caddy instance, can it handle keeping connections opens for many clients ?*
  * ``ssl_ca_crt``
- * ``disabled-cookie-list`` (requires writing middleware plugin for Caddy)::
-
-    RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie)  }}
-
-   * there is already `MR <https://github.com/mholt/caddy/pull/2144>`_ which will allow regexp modification of headers, thus cookies
  * ``ssl_proxy_ca_crt`` for ``ssl_proxy_verify``, this is related to bug `#1550 <https://github.com/mholt/caddy/issues/1550>`_, proposed solution `just adding your CA to the system's trust store`
  * ``check-error-on-caddy-log`` like ``check-error-on-apache-log``
  * cover test suite like resilient tests for KVM and prove it works the same way as Caddy

software/caddy-frontend/buildout.hash.cfg

@@ -58,7 +58,7 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
 
 [template-default-slave-virtualhost]
 filename = templates/default-virtualhost.conf.in
-md5sum = 8ed87061b9e20e2ad74aae9f80d1b53d
+md5sum = d9269cc085752e09f4acce37a18e160c
 
 [template-cached-slave-virtualhost]
 filename = templates/cached-virtualhost.conf.in

software/caddy-frontend/instance-slave-caddy-input-schema.json

@@ -49,8 +49,8 @@
     },
     "disabled-cookie-list": {
       "default": "",
-      "description": "[NOT Implemented] List of Cookies separated by space that will not be sent to cache and backend servers. This is especially useful to discard analytics tracking cookies when using Vary: Cookie cache headers",
-      "title": "[NOT Implemented] Disabled Cookies",
+      "description": "List of Cookies separated by space that will not be sent to cache and backend servers. This is especially useful to discard analytics tracking cookies when using Vary: Cookie cache headers",
+      "title": "Disabled Cookies",
       "type": "string"
     },
     "enable-http2": {

software/caddy-frontend/templates/default-virtualhost.conf.in

@@ -45,9 +45,6 @@
   log / {{ slave_parameter.get('access_log') }} "{remote} {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}"
   errors {{ slave_parameter.get('error_log') }}
 
-{%- for disabled_cookie in disabled_cookie_list %}
-{%- endfor %} {#- for disabled_cookie in disabled_cookie_list #}
-
 {%- if prefer_gzip %}
   rewrite {
     if {>Accept-Encoding} match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
@@ -66,6 +63,10 @@
 {%-     endif %} {#-     if proxy_name == 'prefer-gzip' #}
     # As backend is trusting REMOTE_USER header unset it always
     header_upstream -REMOTE_USER
+{%- for disabled_cookie in disabled_cookie_list %}
+    # Remove cookie {{ disabled_cookie }} from client Cookies
+    header_upstream Cookie "(.*)(^{{ disabled_cookie }}=[^;]*; |; {{ disabled_cookie }}=[^;]*|^{{ disabled_cookie }}=[^;]*$)(.*)" "$1 $3"
+{%- endfor %} {#- for disabled_cookie in disabled_cookie_list #}
 
 {%-   if disable_via_header %}
     header_downstream -Via
@@ -119,6 +120,10 @@
 {%-     endif %} {#-     if proxy_name == 'prefer-gzip' #}
     # As backend is trusting REMOTE_USER header unset it always
     header_upstream -REMOTE_USER
+{%- for disabled_cookie in disabled_cookie_list %}
+    # Remove cookie {{ disabled_cookie }} from client Cookies
+    header_upstream Cookie "(.*)(^{{ disabled_cookie }}=[^;]*; |; {{ disabled_cookie }}=[^;]*|^{{ disabled_cookie }}=[^;]*$)(.*)" "$1 $3"
+{%- endfor %} {#- for disabled_cookie in disabled_cookie_list #}
 
 {%-     if disable_via_header %}
     header_downstream -Via
@@ -154,9 +159,6 @@
   log / {{ slave_parameter.get('access_log') }} "{remote} {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}"
   errors {{ slave_parameter.get('error_log') }}
 
-{%- for disabled_cookie in disabled_cookie_list %}
-{%- endfor %} {#- for disabled_cookie in disabled_cookie_list #}
-
 {%- if prefer_gzip %}
   rewrite {
     if {>Accept-Encoding} match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
@@ -183,6 +185,10 @@
 {%-     endif %} {#-     if proxy_name == 'prefer-gzip' #}
     # As backend is trusting REMOTE_USER header unset it always
     header_upstream -REMOTE_USER
+{%- for disabled_cookie in disabled_cookie_list %}
+    # Remove cookie {{ disabled_cookie }} from client Cookies
+    header_upstream Cookie "(.*)(^{{ disabled_cookie }}=[^;]*; |; {{ disabled_cookie }}=[^;]*|^{{ disabled_cookie }}=[^;]*$)(.*)" "$1 $3"
+{%- endfor %} {#- for disabled_cookie in disabled_cookie_list #}
 
 {%-   if disable_via_header %}
     header_downstream -Via
@@ -230,6 +236,10 @@
 {%-     endif %} {#-     if proxy_name == 'prefer-gzip' #}
     # As backend is trusting REMOTE_USER header unset it always
     header_upstream -REMOTE_USER
+{%- for disabled_cookie in disabled_cookie_list %}
+    # Remove cookie {{ disabled_cookie }} from client Cookies
+    header_upstream Cookie "(.*)(^{{ disabled_cookie }}=[^;]*; |; {{ disabled_cookie }}=[^;]*|^{{ disabled_cookie }}=[^;]*$)(.*)" "$1 $3"
+{%- endfor %} {#- for disabled_cookie in disabled_cookie_list #}
 
 {%-     if disable_via_header %}
     header_downstream -Via

software/caddy-frontend/test/test.py

@@ -2191,7 +2191,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
     self.assertEqual(
       result.json()['Incoming Headers']['accept-encoding'], 'deflate')
 
-  @skipIf(IS_CADDY, 'Feature postponed')
   def test_disabled_cookie_list(self):
     parameter_dict = self.slave_connection_parameter_dict_dict[
       'disabled-cookie-list']