httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <br...@organic.com>
Subject Re: unresolved internal redirect bug
Date Mon, 18 Nov 1996 20:28:55 GMT

I'm not sure I follow how this prevents "401 redirects" from working.  I tried
putting in

  ErrorDocument 401 http://some-other-host.com/membershipform.html

And when accessing a private area without proper authorization I got a 302
response with a Location: field.  Sure, this means that effectively, *no one*
will be able to get into a 401-protected area, unless they sent the
correct authorization in with the first access, i.e. by having properly
authenticated in another area previously.  But what would be the correct
behavior?  Send a 401 with a Location: header? 

So, it does appear that the status, at least in that situation, gets promoted.
Why wouldn't it in a mod_dir -> index.html redirect?  I don't know.  Is it a
show-stopper?  Not if the only error is that it's returning a 200 instead of a
304 for mod_dir redirected pages.  In my opinion.

Could you refine your "prevents 401 redirects from working", and the "hides bad
things" too?

	Brian

On Sun, 17 Nov 1996, Roy T. Fielding wrote:
> I consider this to be a showstopper bug because it hides bad things
> from being seen, prevents 401 redirects from working, and possibly
> other things which would be really hard for a user to diagnose.
> At the least, I'd like someone familiar with internal redirects to say
> why it isn't a showstopper bug, since it is giving me the heebie-geebies.
> 
> .....Roy
> 
> > Ok, so here's the bug
> > 
> >     void internal_redirect (const char *new_uri, request_rec *r)
> >     {
> >         request_rec *new = internal_internal_redirect(new_uri, r);
> >         process_request_internal (new);
> >     }
> > 
> > The problem is that a request on /dir/ is internally redirected to
> > /dir/index.html, which properly results in a 304 Not Modified.  However,
> > the r->status is not updated to reflect new->status (and anything else
> > that might need to be promoted).  My first inclination was to add
> > 
> >         r->status = new->status;
> > 
> > as the last line of the above routine, but I haven't the slightest idea
> > what effect (if any) this would have on the other routines using
> > internal_redirect(), and there may be other parts of new that should be
> > promoted to r as well.  Furthermore, given that this might get messy
> > if the request_rec structure includes (or is extended to include) more
> > response-applicable information, it would be nice is we had a procedure
> > 
> >     promote_response_status(r, new);
> > 
> > which updated r for us in general.  Since I'm not confidant enough with
> > the internal_redirect purpose(s), would someone else like to do it?
> > 
> > .....Roy
> 
> 

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@organic.com  www.apache.org  hyperreal.com  http://www.organic.com/JOBS




Mime
View raw message