Project

General

Profile

Bug #2108

CGI local redirect not implemented correctly

Added by oblomov over 10 years ago. Updated about 2 years ago.

Status:
Fixed
Priority:
Normal
Assignee:
-
Category:
mod_cgi
Target version:
Start date:
2009-11-26
Due date:
% Done:

100%

Estimated time:
Missing in 1.5.x:
No

Description

According to the CGI 1.1 specification http://www.ietf.org/rfc/rfc3875 section 6.2.2 Local Redirect Response, a CGI script can issue a Location: response containing an (absolute) path to a local resource, and in this case the server MUST generate the response that it would have produced in response to a request containing the URL scheme server-name ":" server-port local-pathquery"

This is currently non implemented correctly in lighttpd 1.4.24. If a CGI script issues a local redirect, this is handled by lighttpd as if it was a client redirect (6.2.3 in the CGI/1.1 spec): a 302 is returned to the client, pointing to the new location. Expected behavior would be for the server to do the redirect internally in this case instead.


Related issues

Related to Bug #2793: 1.4.40 regression: broken redirect (using Location) between url.rewrite-once URLsFixed2017-02-20

Actions
#1

Updated by gstrauss over 3 years ago

  • Status changed from New to Patch Pending
  • Target version set to 1.4.40
#2

Updated by gstrauss over 3 years ago

  • Status changed from Patch Pending to Fixed
  • % Done changed from 0 to 100
#3

Updated by Olaf-van-der-Spek about 3 years ago

Does it make sense to alter / fix / break this behavior after decades?
I've been using redirects without scheme/host part for over a decade and wasn't aware of this 'rule'. What do other web servers do?
A redirect is frequently done after a POST, silently doing the redirect server-side has quite an affect.
Maybe this should be opt-in?

#4

Updated by gstrauss about 3 years ago

Thanks for your comment. Please note that this change was released 6 months ago.

A patch was released in lighttpd 1.4.45 for better compatibility with redirects sent along with Set-Cookie.

No other issues have been reported in the past 6 months. If this change causes hardships for someone, yes, we will consider creating a config directive to disable the behavior.

#5

Updated by Olaf-van-der-Spek about 3 years ago

gstrauss wrote:

Thanks for your comment. Please note that this change was released 6 months ago.

Yes, and?
Please note that not everyone has updated to a version including this change (yet).
For example, some systems won't be updated until after the next Debian version is released.

A patch was released in lighttpd 1.4.45 for better compatibility with redirects sent along with Set-Cookie.

I know, but it sounded like that didn't cover all cases.

No other issues have been reported in the past 6 months. If this change causes hardships for someone, yes, we will consider creating a config directive to disable the behavior.

#6

Updated by gstrauss about 3 years ago

Your post provides no new information and is not helpful nor forward-looking.

Yes and?

#7

Updated by Olaf-van-der-Spek about 3 years ago

Nevermind then

#8

Updated by stbuehler about 3 years ago

  • Related to Bug #2793: 1.4.40 regression: broken redirect (using Location) between url.rewrite-once URLs added
#9

Updated by laoshaw about 2 years ago

Tested with 1.4.48 on openwrt with luci, still not working.

#10

Updated by gstrauss about 2 years ago

Yes, the feature works in lighttpd 1.4.48. However, it might not work for the specific app you reference on the specific distribution you are running, and on the specific version of the distro you are running, due to other things like PATH settings, so perhaps, as I mentioned in https://github.com/openwrt/luci/issues/922 you should stop spamming "it's broken" all over without reading the history in those other forums, where I provided working solutions, NEITHER of which were problems with lighttpd.

Also available in: Atom