Project

General

Profile

Actions

Bug #2108

closed

CGI local redirect not implemented correctly

Added by oblomov about 15 years ago. Updated almost 7 years ago.

Status:
Fixed
Priority:
Normal
Category:
mod_cgi
Target version:
ASK QUESTIONS IN Forums:

Description

According to the CGI 1.1 specification http://www.ietf.org/rfc/rfc3875 section 6.2.2 Local Redirect Response, a CGI script can issue a Location: response containing an (absolute) path to a local resource, and in this case the server MUST generate the response that it would have produced in response to a request containing the URL scheme server-name ":" server-port local-pathquery"

This is currently non implemented correctly in lighttpd 1.4.24. If a CGI script issues a local redirect, this is handled by lighttpd as if it was a client redirect (6.2.3 in the CGI/1.1 spec): a 302 is returned to the client, pointing to the new location. Expected behavior would be for the server to do the redirect internally in this case instead.


Related issues 1 (0 open1 closed)

Related to Bug #2793: 1.4.40 regression: broken redirect (using Location) between url.rewrite-once URLsFixed2017-02-20Actions
Actions #1

Updated by gstrauss over 8 years ago

  • Status changed from New to Patch Pending
  • Target version set to 1.4.40
Actions #2

Updated by gstrauss over 8 years ago

  • Status changed from Patch Pending to Fixed
  • % Done changed from 0 to 100
Actions #3

Updated by Olaf-van-der-Spek almost 8 years ago

Does it make sense to alter / fix / break this behavior after decades?
I've been using redirects without scheme/host part for over a decade and wasn't aware of this 'rule'. What do other web servers do?
A redirect is frequently done after a POST, silently doing the redirect server-side has quite an affect.
Maybe this should be opt-in?

Actions #4

Updated by gstrauss almost 8 years ago

Thanks for your comment. Please note that this change was released 6 months ago.

A patch was released in lighttpd 1.4.45 for better compatibility with redirects sent along with Set-Cookie.

No other issues have been reported in the past 6 months. If this change causes hardships for someone, yes, we will consider creating a config directive to disable the behavior.

Actions #5

Updated by Olaf-van-der-Spek almost 8 years ago

gstrauss wrote:

Thanks for your comment. Please note that this change was released 6 months ago.

Yes, and?
Please note that not everyone has updated to a version including this change (yet).
For example, some systems won't be updated until after the next Debian version is released.

A patch was released in lighttpd 1.4.45 for better compatibility with redirects sent along with Set-Cookie.

I know, but it sounded like that didn't cover all cases.

No other issues have been reported in the past 6 months. If this change causes hardships for someone, yes, we will consider creating a config directive to disable the behavior.

Actions #6

Updated by gstrauss almost 8 years ago

Your post provides no new information and is not helpful nor forward-looking.

Yes and?

Actions #7

Updated by Olaf-van-der-Spek almost 8 years ago

Nevermind then

Actions #8

Updated by stbuehler almost 8 years ago

  • Related to Bug #2793: 1.4.40 regression: broken redirect (using Location) between url.rewrite-once URLs added
Actions #9

Updated by laoshaw almost 7 years ago

Tested with 1.4.48 on openwrt with luci, still not working.

Actions #10

Updated by gstrauss almost 7 years ago

Yes, the feature works in lighttpd 1.4.48. However, it might not work for the specific app you reference on the specific distribution you are running, and on the specific version of the distro you are running, due to other things like PATH settings, so perhaps, as I mentioned in https://github.com/openwrt/luci/issues/922 you should stop spamming "it's broken" all over without reading the history in those other forums, where I provided working solutions, NEITHER of which were problems with lighttpd.

Actions

Also available in: Atom