diff options
author | Glenn Strauss <gstrauss@gluelogic.com> | 2017-01-06 18:03:02 -0500 |
---|---|---|
committer | Glenn Strauss <gstrauss@gluelogic.com> | 2017-01-09 22:27:53 -0500 |
commit | f57d8c54b418c1b770c221896dcfb6051cb24c3d (patch) | |
tree | 549d2f9435cb46a88482cfba29c377c47fe5c167 /tests/docroot | |
parent | 656f9e454dc5a4ea8f6319dfbaa06d289e046641 (diff) | |
download | lighttpd-git-f57d8c54b418c1b770c221896dcfb6051cb24c3d.tar.gz |
[mod_cgi] skip local-redir handling if to self (fixes #2779, #2108)
Loosen local redirect handling in mod_cgi to skip handling as local
redirect if the Location matches con->uri.path, since if the request
is intended to redirect back to the same CGI using the same request
method, path info, and query string, the CGI would logically just
return the final intended response. Loosening this handling avoids a
problem with applications (potentially) accessible through multiple
gateways, where the application is not aware of this specific handling
of Location in the Common Gateway Interface (CGI/1.1), the application
sends abs-path in the Location response header instead of absoluteURI,
and the application expects the client to receive this Location response
header instead of the server to process as a CGI local redirect.
One example of such an application is LuCI,
which sends Set-Cookie with Location: /abs-path
https://github.com/openwrt/luci
(Note that this loose check for matching con->uri.path is not perfect
and might not match if the CGI returned a path with a different case
and the server is on a case-insensitive filesystem, or if the path
returned by the CGI is rewritten elsewhere to a different con->uri.path
before getting to mod_cgi.)
RFC3875 CGI 1.1 specification section 6.2.2 Local Redirect Response
http://www.ietf.org/rfc/rfc3875
x-ref:
"CGI local-redir handling conflicts with LuCI redirect w/ Set-Cookie"
https://redmine.lighttpd.net/issues/2779
"CGI local redirect not implemented correctly"
https://redmine.lighttpd.net/issues/2108
Diffstat (limited to 'tests/docroot')
-rwxr-xr-x | tests/docroot/www/cgi.pl | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/tests/docroot/www/cgi.pl b/tests/docroot/www/cgi.pl index 096d509e..f7296f8b 100755 --- a/tests/docroot/www/cgi.pl +++ b/tests/docroot/www/cgi.pl @@ -1,7 +1,7 @@ #!/usr/bin/env perl if ($ENV{"QUERY_STRING"} eq "internal-redir") { - print "Location: /cgi.pl\r\n\r\n"; + print "Location: /cgi-pathinfo.pl/foo\r\n\r\n"; exit 0; } |