Roy T. Fielding wrote:
>
> Apache is currently schizo in terms of how it treats CGI. On the one hand,
> it tries to treat CGI scripts as idiot children and protect them from
> HTTP/1.1 improvements, which prevents new CGI scripts from using HTTP/1.1.
> On the other hand, it does so in a way which is no longer compliant with
> CGI/1.1. We need to choose one of the following for the existing mod_cgi:
>
> a) Assume it is only for old scripts. This requires changing mod_cgi
> so that it rejects anything without a Content-Length (411 Length
> Required) even if it is chunked, or at least anything that cannot
> be read into a single buffer before execing the script.
>
> b) Assume it is for new scripts and that old scripts will just never
> see the HTTP/1.1 input (after all, no sane client would chunk an
> x-www-url-encoded form). This requires changing get_client_block
> so that it passes the chunk size and footer to the script. Does anyone
> know whether Netscape is including a Content-Length with a
> multipart/form-data POST? If not, then we should also handle multipart
> delimited input.
>
I vote +1 for (b)
--
====================================================================
Jim Jagielski | jaguNET Access Services
jim@jaguNET.com | http://www.jaguNET.com/
"Not the Craw... the CRAW!"
|