Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id D87D3200B51 for ; Mon, 1 Aug 2016 22:18:00 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id D6FD0160A6C; Mon, 1 Aug 2016 20:18:00 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 07E4D160A66 for ; Mon, 1 Aug 2016 22:17:59 +0200 (CEST) Received: (qmail 40350 invoked by uid 500); 1 Aug 2016 20:17:59 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 40340 invoked by uid 99); 1 Aug 2016 20:17:59 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 01 Aug 2016 20:17:59 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 8F69CC0D67 for ; Mon, 1 Aug 2016 20:17:58 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.279 X-Spam-Level: * X-Spam-Status: No, score=1.279 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd1-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=rowe-clan-net.20150623.gappssmtp.com Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id uQq415n4Az7u for ; Mon, 1 Aug 2016 20:17:51 +0000 (UTC) Received: from mail-it0-f49.google.com (mail-it0-f49.google.com [209.85.214.49]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 80D155FB50 for ; Mon, 1 Aug 2016 20:17:50 +0000 (UTC) Received: by mail-it0-f49.google.com with SMTP id f6so181572819ith.0 for ; Mon, 01 Aug 2016 13:17:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rowe-clan-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=nbg94iZpQvbCQttAouKWNt1Q6WjhiDGFrydOP0JQInA=; b=ForEnpcexalcWUj+euzpy99Bm8jHJsaRhNVDh/ci1ldir0aRpH74W5mjw8xUydLBYJ kiHn8Iv10yqSMOI9XC1PHtmWBkR3YnsMnEyAXIJNLaY4lddZxvBk39/fXgv8kJXw4S/J X1sixpFYLZcn3vgVxVkCayIdpVcWDBXmPTTfF6+Qq8YzsYiyRLw3R2TuRL7MGJh3yYrs Rlh14kW3PLb9A6QODckEnsAisjNOHgBIbbfgpYYUb/tacVnMjOOW07UVkL5PiuvI75+o P5tbl661RwJ9Am+/eh9HQKtZy+Jco3RKkzetjQlmArf0sdey/ZXd52qHUZUzlcZsEEGC 37WQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=nbg94iZpQvbCQttAouKWNt1Q6WjhiDGFrydOP0JQInA=; b=a4Fv5WLrCBCyIRchb00Uc7CMlQ7Gm8aYAJEs1ZFI66GGp9xol7mPlHsRJ6owhCta+r OGr5ySftccw25X08ia6t9h0SfkWhdo9K2EfK1uZwm6u8OFi+eeSkYhCpsFjwmHiEQHig hbimwOh3jbo1fs6qyYeApVAK3mMcNdxhCp6lv7zXWsRibMkZhdjZazGL5AJS+KHAPEwy /5RvaOAaa18hhXTrELAPFpfDUDOHxcQpaHWlgRHF5WMR4Zh1PBNDsq232K8UZJB/h8MZ SRLzR8ph2nKWZZxXMJB8hxCKifD3HkqH81VGRdLYjw8ors7inyTANXqzpE/4+oPwYpkq y0JQ== X-Gm-Message-State: AEkoouvjLCdxwC/A2/6viKOV12uYVxf9/krPeQJAK/RHEyG9AlSO2nY+5uNHnrX+jeLY6eefZ6x2gUtohWPrCaQC X-Received: by 10.36.192.9 with SMTP id u9mr59048710itf.86.1470082669341; Mon, 01 Aug 2016 13:17:49 -0700 (PDT) MIME-Version: 1.0 Received: by 10.107.6.85 with HTTP; Mon, 1 Aug 2016 13:17:48 -0700 (PDT) In-Reply-To: References: <20160701150043.006B13A01DD@svn01-us-west.apache.org> <20295b01-7ba0-516c-9e4f-1561bc86f048@gmail.com> <2AD2DD6E-56DA-431D-853B-8D2B552D847A@greenbytes.de> From: William A Rowe Jr Date: Mon, 1 Aug 2016 15:17:48 -0500 Message-ID: Subject: Re: svn commit: r1750953 - /httpd/httpd/trunk/server/util_script.c To: httpd Content-Type: multipart/alternative; boundary=94eb2c05aa2a4c25420539084b45 archived-at: Mon, 01 Aug 2016 20:18:01 -0000 --94eb2c05aa2a4c25420539084b45 Content-Type: text/plain; charset=UTF-8 On Mon, Aug 1, 2016 at 3:03 PM, Jacob Champion wrote: > On 08/01/2016 12:38 PM, William A Rowe Jr wrote: > >> I'll review the rest of your comments shortly, but you might want to >> review >> https://tools.ietf.org/html/rfc3875 before claiming CGI isn't an HTTP >> input :-) >> > > I suspect we're talking past each other at this point. I'm aware of 3875 > (though I don't claim to be an expert), and I quoted it in my response. I > am using the term "HTTP input" in response to your much earlier statement > that > > (We aren't talking about non-HTTP sources.) >> > > We *are* talking about non-HTTP sources. CGI is *not* HTTP. It obviously > shares a great deal of syntax, but a CGI application is neither an HTTP > client nor an HTTP server, and it does not speak HTTP to our server. > Therefore CGI is not an "HTTP input" and we are not bound by 723x's > requirements for parsing date-stamps that originate from it -- which, IIUC, > was your argument. The wisdom of doing so (or not) is a completely separate > issue, outside the bounds of the spec. > We are bound by RFC 3875, which says... 6.3.4. Protocol-Specific Header Fields The script MAY return any other header fields that relate to the response message defined by the specification for the SERVER_PROTOCOL (HTTP/1.0 [1] or HTTP/1.1 [4]). The server MUST translate the header data from the CGI header syntax to the HTTP header syntax if these differ. For example, the character sequence for newline (such as UNIX's US-ASCII LF) used by CGI scripts may not be the same as that used by HTTP (US-ASCII CR followed by LF). E.g. no accommodation of non-HTTP input as header fields, other than to avoid hop-by-hop server <> client header fields, which httpd is required to dodge. --94eb2c05aa2a4c25420539084b45 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
On M= on, Aug 1, 2016 at 3:03 PM, Jacob Champion <champion.p@gmail.com>= ; wrote:
On 08/01/2016 12:38 PM, William A Rowe Jr wrote:
I'll review the rest of your comments shortly, but you might want to re= view
https://tools.ietf.org/html/rfc3875 before claiming CGI isn= 't an HTTP
input :-)

 I suspect we're talking past each other at this point. I'm aware of= 3875 (though I don't claim to be an expert), and I quoted it in my res= ponse. I am using the term "HTTP input" in response to your much = earlier statement that

(We aren't talking about non-HTTP sources.)

 We *are* talking about non-HTTP sources. CGI is *not* HTTP. It obviously sh= ares a great deal of syntax, but a CGI application is neither an HTTP clien= t nor an HTTP server, and it does not speak HTTP to our server. Therefore C= GI is not an "HTTP input" and we are not bound by 723x's requ= irements for parsing date-stamps that originate from it -- which, IIUC, was= your argument. The wisdom of doing so (or not) is a completely separate is= sue, outside the bounds of the spec.

We= are bound by RFC 3875, which says...

=C2=A06.3.4.= =C2=A0 Protocol-Specific Header Fields

=C2=A0 =C2= =A0The script MAY return any other header fields that relate to the
=C2=A0 =C2=A0response message defined by the specification for the SERVE= R_PROTOCOL
=C2=A0 =C2=A0(HTTP/1.0 [1] or HTTP/1.1 [4]).=C2=A0 The= server MUST translate the header
=C2=A0 =C2=A0data from the CGI = header syntax to the HTTP header syntax if these
=C2=A0 =C2=A0dif= fer.=C2=A0 For example, the character sequence for newline (such as
=C2=A0 =C2=A0UNIX's US-ASCII LF) used by CGI scripts may not be the = same as that
=C2=A0 =C2=A0used by HTTP (US-ASCII CR followed by L= F).

E.g. no accommodation o= f non-HTTP input as header fields, other than
to avoid hop-by-hop server <> client header fields, which httpd is= required
to dodge.



--94eb2c05aa2a4c25420539084b45--