httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <>
Subject Re: unresolved internal redirect bug
Date Mon, 18 Nov 1996 20:28:55 GMT

I'm not sure I follow how this prevents "401 redirects" from working.  I tried
putting in

  ErrorDocument 401

And when accessing a private area without proper authorization I got a 302
response with a Location: field.  Sure, this means that effectively, *no one*
will be able to get into a 401-protected area, unless they sent the
correct authorization in with the first access, i.e. by having properly
authenticated in another area previously.  But what would be the correct
behavior?  Send a 401 with a Location: header? 

So, it does appear that the status, at least in that situation, gets promoted.
Why wouldn't it in a mod_dir -> index.html redirect?  I don't know.  Is it a
show-stopper?  Not if the only error is that it's returning a 200 instead of a
304 for mod_dir redirected pages.  In my opinion.

Could you refine your "prevents 401 redirects from working", and the "hides bad
things" too?


On Sun, 17 Nov 1996, Roy T. Fielding wrote:
> I consider this to be a showstopper bug because it hides bad things
> from being seen, prevents 401 redirects from working, and possibly
> other things which would be really hard for a user to diagnose.
> At the least, I'd like someone familiar with internal redirects to say
> why it isn't a showstopper bug, since it is giving me the heebie-geebies.
> .....Roy
> > Ok, so here's the bug
> > 
> >     void internal_redirect (const char *new_uri, request_rec *r)
> >     {
> >         request_rec *new = internal_internal_redirect(new_uri, r);
> >         process_request_internal (new);
> >     }
> > 
> > The problem is that a request on /dir/ is internally redirected to
> > /dir/index.html, which properly results in a 304 Not Modified.  However,
> > the r->status is not updated to reflect new->status (and anything else
> > that might need to be promoted).  My first inclination was to add
> > 
> >         r->status = new->status;
> > 
> > as the last line of the above routine, but I haven't the slightest idea
> > what effect (if any) this would have on the other routines using
> > internal_redirect(), and there may be other parts of new that should be
> > promoted to r as well.  Furthermore, given that this might get messy
> > if the request_rec structure includes (or is extended to include) more
> > response-applicable information, it would be nice is we had a procedure
> > 
> >     promote_response_status(r, new);
> > 
> > which updated r for us in general.  Since I'm not confidant enough with
> > the internal_redirect purpose(s), would someone else like to do it?
> > 
> > .....Roy


View raw message