httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Prud'hommeaux" <e...@w3.org>
Subject Re: sub requests are all "GET"s
Date Wed, 05 Sep 2001 18:39:23 GMT
On Wed, Sep 05, 2001 at 09:47:04AM -0700, Rasmus Lerdorf wrote:
> Whoa, deja vu...  I could have sworn I fixed something very similar to
> this more than 5 years ago now.  In fact, here is the patch for Apache
> 1.2.x:
> 
> Fri Mar 1 03:01:06 1996 UTC (66 months, 1 week ago)
> http://cvs.apache.org/viewcvs.cgi/apache-1.2/src/http_request.c.diff?r1=1.2&r2=1.3
> 
> Not exactly the same issue, I know, but very close.

>From inspecting the patch:
 That patch affected two functions, internal_redirect and die. The die
 patch was for responses with a 200 and a custom_response and was
 therefor forced to always be a GET. The internal_redirect patch is
 pretty much what I want to do with sub requests.

 I haven't traced through an internally redirected POST but
 mod_rewrite seems to rely on concocted r->filenames
 (method://server:port/localpath) rather than the method in a sub
 request. I wonder if POST://localhost/foo.php3 will chain
 appropriately.

Can anybody suggest a reason that sub request methods would _not_
default to the parent requests method?

> On Wed, 5 Sep 2001, Eric Prud'hommeaux wrote:
> 
> > Can anybody explain why ap_set_sub_req_protocol does
> >     rnew->method          = "GET";
> >     rnew->method_number   = M_GET;
> > instead of
> >     rnew->method          = r->method;
> >     rnew->method_number   = r->method_number;
> > ? The consequence is that functions like negotiation
> >     sub_req = ap_sub_req_lookup_file(dirent.name, r, NULL);
> > check auth on the wrong method. You can check this by POSTing to
> > foo and having a limit on POST for foo.php3 (as opposed to the
> > whole directory). A quick way to check is to set a breakpoint in
> > ap_set_sub_req_protocol and
> >   telnet localhost 80
> >   POST /Overview HTTP/1.0
> >   Content-Length: 5
> >
> >   abcd
> > Any calls to the auth modules will have a method of GET despite
> > the POST action they will eventually execute.
> >
> > All auth modules and the like could check for this:
> >   int method = r->main ? r->main->method_number : r->method_number;
> > but it seems better to have the sub request default to the method
> > of the request that inspired it. There may be some modules that
> > may count on the default behavior, like mod_include, but I think
> > they should specifically make the new method be a GET as they are
> > not duplicating the parent request's behaviour.
> >
> >

-- 
-eric

(eric@w3.org)
Feel free to forward this message to any list for any purpose other than
email address distribution.

Mime
View raw message