You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Ruediger Pluem <rp...@apache.org> on 2020/08/26 08:16:09 UTC
Re: svn commit: r1873762 - in /httpd/httpd/trunk: CHANGES
docs/manual/mod/mod_rewrite.xml docs/manual/rewrite/flags.xml
modules/mappers/mod_rewrite.c
On 2/8/20 2:14 AM, covener@apache.org wrote:
> Author: covener
> Date: Sat Feb 8 01:14:28 2020
> New Revision: 1873762
>
> URL: http://svn.apache.org/viewvc?rev=1873762&view=rev
> Log:
> add SameSite to RewriteRule ... ... [CO]
>
>
> Modified:
> httpd/httpd/trunk/CHANGES
> httpd/httpd/trunk/docs/manual/mod/mod_rewrite.xml
> httpd/httpd/trunk/docs/manual/rewrite/flags.xml
> httpd/httpd/trunk/modules/mappers/mod_rewrite.c
>
> Modified: httpd/httpd/trunk/modules/mappers/mod_rewrite.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/mappers/mod_rewrite.c?rev=1873762&r1=1873761&r2=1873762&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/mappers/mod_rewrite.c (original)
> +++ httpd/httpd/trunk/modules/mappers/mod_rewrite.c Sat Feb 8 01:14:28 2020
> @@ -2654,6 +2656,11 @@ static void add_cookie(request_rec *r, c
> "; HttpOnly" : NULL,
> NULL);
>
> + if (samesite && !strcasecmp(samesite, "0")) {
Doesn't it need to be strcmp(samesite, "0") instead of !strcasecmp(samesite, "0") ?
I mean the above will set samesite to '0' in the cookie if samesite is '0'.
> + cookie = apr_pstrcat(rmain->pool, cookie, "; SameSite=",
> + samesite, NULL);
> + }
> +
Any particular reason why we don't accept 'false' in a case insensitive way along with 0 as the flag
not being set? This would be inline with the other flags.
I think the second apr_pstrcat can waste some memory as we nearly need the memory for the cookie twice in case samesite is set.
Is it worth converting both apr_pstrcat sections to fill an iovec struct and doing one apr_pstrcatv afterwards?
Regards
RĂ¼diger
Re: svn commit: r1873762 - in /httpd/httpd/trunk: CHANGES
docs/manual/mod/mod_rewrite.xml docs/manual/rewrite/flags.xml modules/mappers/mod_rewrite.c
Posted by Eric Covener <co...@gmail.com>.
On Wed, Aug 26, 2020 at 4:16 AM Ruediger Pluem <rp...@apache.org> wrote:
>
>
>
> On 2/8/20 2:14 AM, covener@apache.org wrote:
> > Author: covener
> > Date: Sat Feb 8 01:14:28 2020
> > New Revision: 1873762
> >
> > URL: http://svn.apache.org/viewvc?rev=1873762&view=rev
> > Log:
> > add SameSite to RewriteRule ... ... [CO]
> >
> >
> > Modified:
> > httpd/httpd/trunk/CHANGES
> > httpd/httpd/trunk/docs/manual/mod/mod_rewrite.xml
> > httpd/httpd/trunk/docs/manual/rewrite/flags.xml
> > httpd/httpd/trunk/modules/mappers/mod_rewrite.c
> >
>
> > Modified: httpd/httpd/trunk/modules/mappers/mod_rewrite.c
> > URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/mappers/mod_rewrite.c?rev=1873762&r1=1873761&r2=1873762&view=diff
> > ==============================================================================
> > --- httpd/httpd/trunk/modules/mappers/mod_rewrite.c (original)
> > +++ httpd/httpd/trunk/modules/mappers/mod_rewrite.c Sat Feb 8 01:14:28 2020
>
> > @@ -2654,6 +2656,11 @@ static void add_cookie(request_rec *r, c
> > "; HttpOnly" : NULL,
> > NULL);
> >
> > + if (samesite && !strcasecmp(samesite, "0")) {
>
> Doesn't it need to be strcmp(samesite, "0") instead of !strcasecmp(samesite, "0") ?
> I mean the above will set samesite to '0' in the cookie if samesite is '0'.
Yep, I see what you mean.
>
> > + cookie = apr_pstrcat(rmain->pool, cookie, "; SameSite=",
> > + samesite, NULL);
> > + }
> > +
>
> Any particular reason why we don't accept 'false' in a case insensitive way along with 0 as the flag
> not being set? This would be inline with the other flags.
It is certainly weird but I have no memory of it. Added "false" w/
a test in 1881263/1881264
Thanks!
>
> I think the second apr_pstrcat can waste some memory as we nearly need the memory for the cookie twice in case samesite is set.
> Is it worth converting both apr_pstrcat sections to fill an iovec struct and doing one apr_pstrcatv afterwards?
>
> Regards
>
> RĂ¼diger
--
Eric Covener
covener@gmail.com