www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Frank Griffin <fgrif...@maine.rr.com>
Subject mod_cgi/9751: Status 200 erroneously converted to 302 if Location: present
Date Thu, 07 Feb 2002 13:36:01 GMT

>Number:         9751
>Category:       mod_cgi
>Synopsis:       Status 200 erroneously converted to 302 if Location: present
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Thu Feb 07 05:40:00 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     fgriffin@maine.rr.com
>Release:        1.3.23
>Organization:
apache
>Environment:
Various Unixes (Linux, HP, Sun, AIX)
>Description:
We have a CGI which takes an HTTP response from another server, and feeds it 
back to Apache as CGI output.  As part of this, the HTTP response line is parsed,
the status code captured, and a "Status:" header written to Apache.  I mention 
this only to indicate that a "Status:" header is ALWAYS written.

We have encountered a bug in Velocity's ESAWEB server which results in 
"Location:" headers being sent erroneously on normal-response requests.
We are reporting this to them, but the test case has also pointed up what
appears to be a bug in mod_cgi.c.

According to the CGI 1.1 RFC draft at 
http://CGI-Spec.Golux.Com/draft-coar-cgi-v11-03.txt:

   The Location value is either an absolute URI with optional
   fragment, as defined in RFC 1630 [1], or an absolute path
   within the server's URI space (i.e., omitting the scheme and
   network-related fields) and optional query-string. If an
   absolute URI is returned by the script, then the server MUST
   generate a '302 redirect' HTTP response message unless the
   script has supplied an explicit Status response header field.

In the case in question, we have an explicit "Status: 200" combined with a
Location: header.  The relevant code in mod_cgi.c is at line 564 in the
1.3.23 version:

	else if (location && r->status == 200) {
	    /* XX Note that if a script wants to produce its own Redirect
	     * body, it now has to explicitly *say* "Status: 302"
	     */
	    return REDIRECT;

My read of this is that the code is reacting to a "Location:" header 
combined with a status 200 without regard for whether the status was explcitly 
supplied via a "Status:" header, in which case it should not redirect.
In other words, the redirect is only appropriate if the 200 status was 
supplied by the server itself as a default because no "Status:" was written
by the CGI.
>How-To-Repeat:
A simple CGI that writes a "Status: 200" and a "Location: absolute-URI" should do it.
>Fix:
I'm not too familiar with Apache code, but based on the way the "Location:" 
header is checked for, i.e.
	location = ap_table_get(r->headers_out, "Location");
maybe the test should read
        else if ( location && !ap_table_get(r_headers_out, "Status") &&
                  r->status == 200 )
This would work if the default (no "Status" given) processing just sets
r->status without physically inserting a "Status:" header in the table.
>Release-Note:
>Audit-Trail:
>Unformatted:
 [In order for any reply to be added to the PR database, you need]
 [to include <apbugs@Apache.Org> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]
 
 


Mime
View raw message