httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Pane <brian.p...@cnet.com>
Subject Re: cvs commit: httpd-2.0/modules/proxy proxy_http.c
Date Fri, 08 Nov 2002 20:25:20 GMT
I agree: it probably should be at a higher level.  For now,
I made the change as localized as possible, in order to get
the proxy problem fixed quickly without breaking anything
else.  But eventually the fix should probably be in the core.
The only problem is that I'm not sure where it's safe to
put it.  We don't necessarily want to reset the request
Content-Length whenever we create a subrequest, because
somebody might have a legitimate need to read the form
post data within a server-side-included subrequest.

Brian

On Fri, 2002-11-08 at 08:53, William A. Rowe, Jr. wrote:
> It seems like this patch should be at a higher level.  Don't we also
> have problems with POST to any other sort of included subrequest 
> being transformed into a GET but retaining the content-length 
> or other irrelevant (nasty) headers? 
> 
> Is there a more appropriate place to make this correction for the
> benefit of all sorts of subrequest includes?
> 
> Bill
> 
> At 03:24 AM 11/8/2002, brianp@apache.org wrote:
> >brianp      2002/11/08 01:24:00
> >
> >  Modified:    .        CHANGES
> >               modules/proxy proxy_http.c
> >  Log:
> >  When doing a GET of a proxied URL as a subrequest within
> >  a POSTed request, don't send the original POST's Content-Length
> >  as part of the header for the GET.
> >  
> >  Revision  Changes    Path
> >  1.971     +4 -0      httpd-2.0/CHANGES
> >  
> >  Index: CHANGES
> >  ===================================================================
> >  RCS file: /home/cvs/httpd-2.0/CHANGES,v
> >  retrieving revision 1.970
> >  retrieving revision 1.971
> >  diff -u -r1.970 -r1.971
> >  --- CHANGES   7 Nov 2002 23:11:09 -0000       1.970
> >  +++ CHANGES   8 Nov 2002 09:24:00 -0000       1.971
> >  @@ -1,5 +1,9 @@
> >   Changes with Apache 2.0.44
> >   
> >  +  *) Fix a bug in which mod_proxy sent an invalid Content-Length
> >  +     when a proxied URL was invoked as a server-side include within
> >  +     a page generated in response to a form POST.  [Brian Pane]
> >  +
> >     *) Added code to process min and max file size directives and to
> >        init the expirychk flag in mod_disk_cache. Added a clarifying
> >        comment to cache_util.   [Paul J. Reder]
> >  
> >  
> >  
> >  1.164     +19 -0     httpd-2.0/modules/proxy/proxy_http.c
> >  
> >  Index: proxy_http.c
> >  ===================================================================
> >  RCS file: /home/cvs/httpd-2.0/modules/proxy/proxy_http.c,v
> >  retrieving revision 1.163
> >  retrieving revision 1.164
> >  diff -u -r1.163 -r1.164
> >  --- proxy_http.c      25 Oct 2002 20:58:55 -0000      1.163
> >  +++ proxy_http.c      8 Nov 2002 09:24:00 -0000       1.164
> >  @@ -597,7 +597,26 @@
> >                        || !apr_strnatcasecmp(headers_in[counter].key, "If-None-Match"))
{
> >                       continue;
> >                   }
> >  +
> >  +                /* If you POST to a page that gets server-side parsed
> >  +                 * by mod_include, and the parsing results in a reverse
> >  +                 * proxy call, the proxied request will be a GET, but
> >  +                 * its request_rec will have inherited the Content-Length
> >  +                 * of the original request (the POST for the enclosing
> >  +                 * page).  We can't send the original POST's request body
> >  +                 * as part of the proxied subrequest, so we need to avoid
> >  +                 * sending the corresponding content length.  Otherwise,
> >  +                 * the server to which we're proxying will sit there
> >  +                 * forever, waiting for a request body that will never
> >  +                 * arrive.
> >  +                 */
> >  +                if ((r->method_number == M_GET) && headers_in[counter].key
&&
> >  +                    !apr_strnatcasecmp(headers_in[counter].key,
> >  +                                       "Content-Length")) {
> >  +                    continue;
> >  +                }
> >           }
> >  +
> >   
> >           buf = apr_pstrcat(p, headers_in[counter].key, ": ",
> >                             headers_in[counter].val, CRLF,
> >  
> >  
> >  



Mime
View raw message