You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Masanari Iida <st...@gmail.com> on 2006/01/16 11:09:19 UTC

Fwd: [users@httpd] Bug or feature?

Hello,

Current apache allow CGI to overwrite status code inside of the packet,
which can create a packet with Status code 200 without BODY in worst case.
Is this expected? or bug?

FYI, I entered this bug in bugzilla
http://issues.apache.org/bugzilla/show_bug.cgi?id=38070

Regards,
Masanari Iida

---------- Forwarded message ----------
From: Nick Kew <ni...@webthing.com>
Date: Jan 15, 2006 4:26 AM
Subject: Re: [users@httpd] Bug or feature?
To: users@httpd.apache.org


On Saturday 14 January 2006 18:04, Masanari Iida wrote:
> Hi,
>
> I would like to ask the list members if following are
> bug or feature of apache.
>
> Use following sample script,
> Apache version: ANY  (1.3, 2.0 and 2.2)
>
> #!/bin/sh
> cat <<EOT
> Status: 200 OK
> Last-Modified: Tue, 15 Feb 2005 15:00:00 GMT
> Content-Type: text/html
>
> Hello world
> EOT

Interesting.  I can confirm that your CGI script with an If-Modified-Since
header later than the Last-Modified date supplied by the script does
indeed return 200 with no body.  That's broken, but is it Apache or
the script that's at fault[1]?

RFC2616 says of If-Modified-Since:

      c) If the variant has not been modified since a valid If-^M
         Modified-Since date, the server SHOULD return a 304 (Not^M
         Modified) response.^M

That makes sense: the script is stupid but technically within its rights
to send the 200 unconditionally.  So Apache should presumably
accommodate it by ignoring the If-Modified-Since header and
returning 200 with the full body.

If that's not already in bugzilla, you might consider entering it there.

[1] It's both, of course.

--
Nick Kew

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org