Project

General

Profile

Actions

Bug #849

closed

output sent to stdout by fastcgi process is inserted into page headers

Added by Anonymous over 18 years ago. Updated over 16 years ago.

Status:
Invalid
Priority:
High
Category:
core
Target version:
-
ASK QUESTIONS IN Forums:

Description

Output intended to be sent to stdout is instead appended to the headers lighttpd sends with the page.

I have observed this with a lighttpd / fastcgi / rails application. Output from "pp" or "p" (or anything that prints to stdout, rather than to the log) shows up in the page headers. (Can be observed with wget --save-headers).

For example, we observe the following:


HTTP/1.0 200 OK
Connection: close
"BLAH BLAH BLAH OUTPUT BY PP TO STDOUT" 
Content-Type: text/html
Set-Cookie: _session_id=8ea0243cb36192199bada9d5940ee67a; path=/; expires=Sun, 0
1 Jan 2012 05:00:00 GMT
Cache-Control: no-cache
Date: Fri, 15 Sep 2006 18:29:48 GMT
Server: lighttpd/1.4.11
This is serious because:
  1. debugging info intended to be printed to stdout is often sensitive, and should not be sent to clients.
  2. Gecko based browsers appear to have a max header size, after which the browser simply fails to do anything with the page. When loading pages that had a lot of debug info shoved into the headers, these browsers make it appear the page was never sent by the server.

-- dan

Actions #1

Updated by jan over 18 years ago

please attach a strace or a code-snippet to reproduce this behaviour.

Actions #2

Updated by Anonymous over 18 years ago

The code to reproduce would depend on what lighttpd is fronting. If it was a rails application, the following imaginary controller would do:


class FooController < ApplicationController
  require 'pp'

  def bar
    pp "This text normally goes to STDOUT.  Watch it appear in the lighttpd HTTP Headers." 
  end
end

Then view the page headers by requesting:


wget localhost:3000/foo/bar --save-headers

-- dan

Actions #3

Updated by jan over 18 years ago

  • Status changed from New to Fixed
  • Resolution set to invalid

This is a problem on the ruby side that 'pp' doesn't know about FastCGI.

Actions #4

Updated by stbuehler over 16 years ago

  • Status changed from Fixed to Invalid
Actions

Also available in: Atom