Location: header in HTTP redirects
Added by csingley over 16 years ago
I've got lighttpd serving a Django app via FastCGI. The Django app is generating redirects that have relative URLs, e.g. '/path/to/redirect/'. Lighttpd is taking these and serving HTTP redirect responses with absolute URLs in the Location: field in the HTTP header. I'm pretty sure that absolute URLs are called for here by RFC2616, so good for lighttpd.
However, I'd like to understand what algorithm lighttpd uses to fill out the scheme/host/domain when it's handed Location: header with relative URLs. How does it decide http:// vs. https://? For host/domain, does it use server.name config? What if that config is missing?
Also, I'd like to understand how I can control this field... a rewrite rule, or something like Apache's ProxyPassReverse, that will allow me to modify what redirects get served back to clients.
Thanks a lot for any help.
Replies (3)
RE: Location: header in HTTP redirects - Added by Olaf-van-der-Spek over 16 years ago
My guess is it's relative to the request. If the requests uses https, ...
RE: Location: header in HTTP redirects - Added by icy over 16 years ago
Funny. I just recently implemented that for the sandbox version. Indeed it uses the information from the request like Olaf guessed.
You are right that RFC2616 demands using absolute URLs which I personally don't see any reason why. Here's a scenario which has a little problem with that:
If the client requests something using HTTP 1.0 without a Host header and that results in a redirect - what should the webserver use a host part of the absolute URL? If the webserver is only serving one domain, then it could use that but this is rarely the case (and one would have to tell it the domain).
So it would use the IP right? This wouldn't look as nice in the browser as the domain but it's the only way possible.
Now if relative URLs would be allowed, then there wouldn't be any such problem because the client knows what domain he used for the request.
It does not break any functionality to use the IP, it just isn't as "pretty" as having the domainname.
But for compatibilities sake...
RE: Location: header in HTTP redirects - Added by csingley over 16 years ago
Thanks very much for the information, guys.
"Indeed it uses the information from the request like Olaf guessed."
Is this behavior configurable? I.e. is there any way to force lighttpd to use https or http scheme, regardless of what's coming in.
A related question: is it true that lighttpd uses server.name to turn a relative URL into an absolute URL for the Location: header? If so, is that behavior configurable?
TIA