Actions
Bug #849
closedoutput sent to stdout by fastcgi process is inserted into page headers
Status:
Invalid
Priority:
High
Category:
core
Target version:
-
ASK QUESTIONS IN Forums:
Description
Output intended to be sent to stdout is instead appended to the headers lighttpd sends with the page.
I have observed this with a lighttpd / fastcgi / rails application. Output from "pp" or "p" (or anything that prints to stdout, rather than to the log) shows up in the page headers. (Can be observed with wget --save-headers).
For example, we observe the following:
HTTP/1.0 200 OK Connection: close "BLAH BLAH BLAH OUTPUT BY PP TO STDOUT" Content-Type: text/html Set-Cookie: _session_id=8ea0243cb36192199bada9d5940ee67a; path=/; expires=Sun, 0 1 Jan 2012 05:00:00 GMT Cache-Control: no-cache Date: Fri, 15 Sep 2006 18:29:48 GMT Server: lighttpd/1.4.11This is serious because:
- debugging info intended to be printed to stdout is often sensitive, and should not be sent to clients.
- Gecko based browsers appear to have a max header size, after which the browser simply fails to do anything with the page. When loading pages that had a lot of debug info shoved into the headers, these browsers make it appear the page was never sent by the server.
-- dan
Updated by jan over 18 years ago
please attach a strace or a code-snippet to reproduce this behaviour.
Updated by Anonymous over 18 years ago
The code to reproduce would depend on what lighttpd is fronting. If it was a rails application, the following imaginary controller would do:
class FooController < ApplicationController
require 'pp'
def bar
pp "This text normally goes to STDOUT. Watch it appear in the lighttpd HTTP Headers."
end
end
Then view the page headers by requesting:
wget localhost:3000/foo/bar --save-headers
-- dan
Updated by jan over 18 years ago
- Status changed from New to Fixed
- Resolution set to invalid
This is a problem on the ruby side that 'pp' doesn't know about FastCGI.
Actions
Also available in: Atom