You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2010/03/23 06:51:29 UTC
DO NOT REPLY [Bug 48964] New: FcgidPassHeader Expected Usage
https://issues.apache.org/bugzilla/show_bug.cgi?id=48964
Summary: FcgidPassHeader Expected Usage
Product: Apache httpd-2
Version: 2.3-HEAD
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: mod_fcgid
AssignedTo: bugs@httpd.apache.org
ReportedBy: dude@zaplabs.com
FcgidPassHeader does not convert headers to the expected environment variable.
Example:
Apache directive: FcgidPassHeader Authorization
Expected CGI environment variable: HTTP_AUTHORIZATION
Actual CGI environment variable: Authorization
Reasons I think it's a bug:
1. Apache provides request headers (fastcgi or not) through environment
variables (http2env), uppercased, dash converted to underscore, and prefixed by
HTTP_.
2. It is a common practice (dare I say standard) for web applications to
expect request headers be provided through environment variables with a HTTP_
prefix.
3. FcgidPassHeader and -pass-header (mod_fastcgi equivalent) do not provide
the same functionality, which is very important for anyone converting to
mod_fcgid. mod_fastcgi even goes so far to call mod_fcgid's current behavior
"broken".
http://www.fastcgi.com/cvs/mod_fastcgi/fcgi_protocol.c
(see #ifndef USE_BROKEN_PASS_HEADER)
http://www.fastcgi.com/archives/fastcgi-developers/2008-September/000057.html
Other:
Looking through the pre-ASF mod_fcgid mailing list shows this has been proposed
before (see
http://www.mail-archive.com/mod-fcgid-users@lists.sourceforge.net/msg00163.html),
but went nowhere. I believe the original arguments presented by Christian
Seiler sum up the problem quite nicely.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 48964] FcgidPassHeader Expected Behavior
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=48964
--- Comment #8 from Jeff Trawick <tr...@apache.org> 2010-03-25 11:40:28 UTC ---
Created an attachment (id=25182)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=25182)
proposed patch for PR48964
This patch follows wrowe's suggestion: just add the header twice, once in
legacy form and once with the generally-expected munging.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 48964] FcgidPassHeader Expected Behavior
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=48964
--- Comment #9 from Jeff Trawick <tr...@apache.org> 2010-04-14 10:07:37 EDT ---
For those in this mini-discussion, do you have interesting use cases that
aren't satisfied by Will Rowe's suggestion, which is implemented by
https://issues.apache.org/bugzilla/attachment.cgi?id=25182, and which requires
no configuration changes?
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 48964] FcgidPassHeader Expected Behavior
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=48964
--- Comment #2 from Jeff Clark <du...@zaplabs.com> 2010-03-23 17:36:18 UTC ---
(In reply to comment #1)
> Meanwhile, mod_fcgid users somehow have working configs/apps currently, and any
> change could break an application.
I agree. Preserving the current expected behavior is a must.
> This probably needs to be resolved with a directive like FcgidPassHeaderOptions
> with keywords like CasePreserve/UpCase and HttpPrefix/NoPrefix, with defaults
> which preserve the current behavior. At some major release boundary in the
> future the defaults can change to something more appropriate (definitely
> fold-to-uppercase, possibly add "HTTP_" prefix).
Would adding a conditional argument to FcgiPassHeader which specifies the
environment variable be an acceptable solution?
FcgiPassHeader Authorization
* define env var 'Authorization', as it currently does.
FcgiPassHeader Authorization X-HTTP_AUTHORIZATION
* define env var 'X-HTTP_AUTHORIZATION' with Authorization request header
value.
This would allow fcgi spawned applications to be passed any header as it sees
fit, without resorting to the additional overhead of mod_rewrite rules.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 48964] FcgidPassHeader Expected Behavior
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=48964
--- Comment #5 from erno.kovacs@freemail.hu 2010-03-24 23:02:19 UTC ---
(In reply to comment #4)
> >FcgiPassHeader Authorization X-HTTP_AUTHORIZATION
> Thoughts from the crowd?
I like this either, I think this optimal 2nd parameter would fit everyone's
needs.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 48964] FcgidPassHeader Expected Behavior
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=48964
Jeff Clark <du...@zaplabs.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|FcgidPassHeader Expected |FcgidPassHeader Expected
|Usage |Behavior
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 48964] FcgidPassHeader Expected Behavior
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=48964
--- Comment #1 from Jeff Trawick <tr...@apache.org> 2010-03-23 13:00:35 UTC ---
FWLIW, the current behavior is fully documented at
http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html#fcgidpassheader
Not all "standard" environment variables are prefixed with "HTTP_"
(CONTENT_TYPE is one example) so it isn't abundantly clear to me that
non-standard environment variables should be prefixed with "HTTP_".
Interestingly, according to that mod_fastcgi post/patch, mod_fastcgi had
similar behavior until 2008.
It is certainly bad that the header names aren't folded to uppercase when
creating the envvar name.
Meanwhile, mod_fcgid users somehow have working configs/apps currently, and any
change could break an application.
This probably needs to be resolved with a directive like FcgidPassHeaderOptions
with keywords like CasePreserve/UpCase and HttpPrefix/NoPrefix, with defaults
which preserve the current behavior. At some major release boundary in the
future the defaults can change to something more appropriate (definitely
fold-to-uppercase, possibly add "HTTP_" prefix).
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 48964] FcgidPassHeader Expected Behavior
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=48964
Jeff Trawick <tr...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |erno.kovacs@freemail.hu
--- Comment #3 from Jeff Trawick <tr...@apache.org> 2010-03-24 22:52:05 UTC ---
*** Bug 48982 has been marked as a duplicate of this bug. ***
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 48964] FcgidPassHeader Expected Behavior
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=48964
--- Comment #7 from Jeff Trawick <tr...@apache.org> 2010-03-25 00:23:11 UTC ---
How true... (+1)
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 48964] FcgidPassHeader Expected Behavior
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=48964
Jeff Trawick <tr...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #10 from Jeff Trawick <tr...@apache.org> 2010-04-23 14:43:25 EDT ---
the proposed patch has been committed for future mod_fcgid 2.3.6
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 48964] FcgidPassHeader Expected Behavior
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=48964
--- Comment #6 from Will Rowe <wr...@apache.org> 2010-03-24 23:13:56 UTC ---
This sort of overlooks the obvious, passing both Authorization and
HTTP_AUTHORIZATION at once?
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 48964] FcgidPassHeader Expected Behavior
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=48964
--- Comment #4 from Jeff Trawick <tr...@apache.org> 2010-03-24 22:57:49 UTC ---
>FcgiPassHeader Authorization X-HTTP_AUTHORIZATION
I like that idea, though providing the separate processing option allows easy
tweaking of all such envvars at once to match mod_fastcgi behavior (and
apparently PHP expectations -- see 48982) (and easy revert to current behavior
if mod_fcgid defaults change in the future).
Thoughts from the crowd?
Is there a case where we need to support something other than
a) current mod_fcgid behavior
b) recent mod_fastcgi behavior plus PHP expectation
?
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org