You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by di...@apache.org on 2002/09/26 01:22:34 UTC
cvs commit: apache-1.3/src/modules/standard mod_headers.c
dirkx 2002/09/25 16:22:34
Modified: src CHANGES
src/modules/standard mod_headers.c
Log:
Scratch another its - this patchs allows me to hugely simply auth modules
which use non 4xx methods for auth (such as cookies, referers ,etc).
Submitted by Sander van Zoest (for a slightly different reason) - see
explanation below.
From: Sander van Zoest
To: dev@httpd.apache.org
It is common practice to set Cookie's to pass along on HTTP
redirects for "login" authentication.
When implementing P3P <http://www.w3.org/P3P/> using
mod_headers.c the Header directive only sets r->headers_out
and does not pass the headers along for non-2XX responses
such as error pages and redirects.
To provide this functionality we added the ErrorHeader
directive which populates r->err_headers_out instead.
Below follows a patch for 1.3.X by Michael Radwin <radwin_at_yahoo-inc.com>.
I have some code that attempts to add Directive to 2.0.X, but
it seems that output_filters are shortcuted on 3XX responses.
While now by setting the Header directive it also passes the headers
along at for all non-2XX responses except 3XX responses.
Cheers,
--
Sander van Zoest
PR: 9181
Obtained from: Michael Radwin
Submitted by: Sander van Zoest
Reviewed by: Dirk-Willem van Gulik
Revision Changes Path
1.1855 +9 -0 apache-1.3/src/CHANGES
Index: CHANGES
===================================================================
RCS file: /home/cvs/apache-1.3/src/CHANGES,v
retrieving revision 1.1854
retrieving revision 1.1855
diff -u -r1.1854 -r1.1855
--- CHANGES 25 Sep 2002 22:54:16 -0000 1.1854
+++ CHANGES 25 Sep 2002 23:22:33 -0000 1.1855
@@ -1,5 +1,14 @@
Changes with Apache 1.3.27
+ *) Included a patch submitted by Sander van Zoest (#9181) and
+ written by Michael Radwin whichs is essentially a work around
+ for the adding headers to error responses. As apache does not
+ go through the proper chain for non 2xx responses. This patch
+ adds an ErrorHeader directive; which is for non 2xx replies the
+ direct analog of the existing Header directive. This is usefull
+ during 3xx redirects or more complex 4xx auth schemes. [Dirk-
+ Willem van Gulik]
+
*) Included the patch submitted by Sander van Zoest (#12712) which
prevents just 'anything' being sucked in when doing gobbeling in
complete directories - such as editor backup files and other
1.28 +15 -6 apache-1.3/src/modules/standard/mod_headers.c
Index: mod_headers.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/modules/standard/mod_headers.c,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- mod_headers.c 13 Mar 2002 21:05:33 -0000 1.27
+++ mod_headers.c 25 Sep 2002 23:22:34 -0000 1.28
@@ -116,6 +116,7 @@
hdr_actions action;
char *header;
char *value;
+ int do_err;
} header_entry;
/*
@@ -153,7 +154,6 @@
return a;
}
-
static const char *header_cmd(cmd_parms *cmd, headers_conf * dirconf, char *action, char *hdr, char *value)
{
header_entry *new;
@@ -169,6 +169,12 @@
new = (header_entry *) ap_push_array(serverconf->headers);
}
+ if (cmd->info) {
+ new->do_err = 1;
+ } else {
+ new->do_err = 0;
+ }
+
if (!strcasecmp(action, "set"))
new->action = hdr_set;
else if (!strcasecmp(action, "add"))
@@ -198,7 +204,9 @@
static const command_rec headers_cmds[] =
{
- {"Header", header_cmd, NULL, OR_FILEINFO, TAKE23,
+ {"Header", header_cmd, (void *)0, OR_FILEINFO, TAKE23,
+ "an action, header and value"},
+ {"ErrorHeader", header_cmd, (void *)1, OR_FILEINFO, TAKE23,
"an action, header and value"},
{NULL}
};
@@ -209,18 +217,19 @@
for (i = 0; i < headers->nelts; ++i) {
header_entry *hdr = &((header_entry *) (headers->elts))[i];
+ table *tbl = (hdr->do_err ? r->err_headers_out : r->headers_out);
switch (hdr->action) {
case hdr_add:
- ap_table_addn(r->headers_out, hdr->header, hdr->value);
+ ap_table_addn(tbl, hdr->header, hdr->value);
break;
case hdr_append:
- ap_table_mergen(r->headers_out, hdr->header, hdr->value);
+ ap_table_mergen(tbl, hdr->header, hdr->value);
break;
case hdr_set:
- ap_table_setn(r->headers_out, hdr->header, hdr->value);
+ ap_table_setn(tbl, hdr->header, hdr->value);
break;
case hdr_unset:
- ap_table_unset(r->headers_out, hdr->header);
+ ap_table_unset(tbl, hdr->header);
break;
}
}
Re: cvs commit: apache-1.3/src/modules/standard mod_headers.c
Posted by Sander van Zoest <sa...@yahoo-inc.com>.
On Thu, Sep 26, 2002 at 10:22:11AM -0700, Aaron Bannert wrote:
> On Thu, Sep 26, 2002 at 07:51:42AM -0500, William A. Rowe, Jr. wrote:
> > Hmmm. If it was written by Michael, I'd think;
> Was it?
Yes. Michael Radwin wrote the code.
I wanted to make sure he got credit for that.
After talking to Michael about submitting it.
I just double checked that it would work on HEAD and
submitted it, since he didn't have the time for that.
Sorry for the confusion.
--
Sander van Zoest +1 (619) 881-3000
Yahoo!, Inc. sander@yahoo-inc.com
<http://www.yahoo.com/> <http://sander.vanzoest.com/>
Re: cvs commit: apache-1.3/src/modules/standard mod_headers.c
Posted by Aaron Bannert <aa...@clove.org>.
On Thu, Sep 26, 2002 at 07:51:42AM -0500, William A. Rowe, Jr. wrote:
> Hmmm. If it was written by Michael, I'd think;
Was it?
-aaron
Re: cvs commit: apache-1.3/src/modules/standard mod_headers.c
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
At 03:03 AM 9/26/2002, Dirk-Willem van Gulik wrote:
>On Wed, 25 Sep 2002, William A. Rowe, Jr. wrote:
>
>> Why did you principally credit Sander van Zoest for submitting the
>> patch of Michael Radwin <radwin_at_yahoo-inc.com> ?
>
>Darn - not intentionally - I wanted to separate who wrote it and who
>actually submitted it to the ASF into the (bug db) - i.e. there it said
>that SvZ put it in the DB - did I mix it up ? Did Michael put it there ?
>
>So is this now wrong:
>
> PR: 9181
> Obtained from: Michael Radwin
> Submitted by: Sander van Zoest
Hmmm. If it was written by Michael, I'd think;
Submitted by: Michael Radwin
Reviewed by: Sander van Zoest, Dirk-Willem van Gulik
Obtained from: correspondence to Sander van Zoest
Obtained from implies a place [to me.] E.g. bug #4444, or
dev@httpd message id: foo<aaaa>
Bill
Re: cvs commit: apache-1.3/src/modules/standard mod_headers.c
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
At 03:03 AM 9/26/2002, Dirk-Willem van Gulik wrote:
>On Wed, 25 Sep 2002, William A. Rowe, Jr. wrote:
>
>> Why did you principally credit Sander van Zoest for submitting the
>> patch of Michael Radwin <radwin_at_yahoo-inc.com> ?
>
>Darn - not intentionally - I wanted to separate who wrote it and who
>actually submitted it to the ASF into the (bug db) - i.e. there it said
>that SvZ put it in the DB - did I mix it up ? Did Michael put it there ?
>
>So is this now wrong:
>
> PR: 9181
> Obtained from: Michael Radwin
> Submitted by: Sander van Zoest
Hmmm. If it was written by Michael, I'd think;
Submitted by: Michael Radwin
Reviewed by: Sander van Zoest, Dirk-Willem van Gulik
Obtained from: correspondence to Sander van Zoest
Obtained from implies a place [to me.] E.g. bug #4444, or
dev@httpd message id: foo<aaaa>
Bill
Re: cvs commit: apache-1.3/src/modules/standard mod_headers.c
Posted by Dirk-Willem van Gulik <di...@webweaving.org>.
On Wed, 25 Sep 2002, William A. Rowe, Jr. wrote:
> Why did you principally credit Sander van Zoest for submitting the
> patch of Michael Radwin <radwin_at_yahoo-inc.com> ?
Darn - not intentionally - I wanted to separate who wrote it and who
actually submitted it to the ASF into the (bug db) - i.e. there it said
that SvZ put it in the DB - did I mix it up ? Did Michael put it there ?
So is this now wrong:
PR: 9181
Obtained from: Michael Radwin
Submitted by: Sander van Zoest
DW
Re: cvs commit: apache-1.3/src/modules/standard mod_headers.c
Posted by Dirk-Willem van Gulik <di...@webweaving.org>.
On Wed, 25 Sep 2002, William A. Rowe, Jr. wrote:
> Why did you principally credit Sander van Zoest for submitting the
> patch of Michael Radwin <radwin_at_yahoo-inc.com> ?
Darn - not intentionally - I wanted to separate who wrote it and who
actually submitted it to the ASF into the (bug db) - i.e. there it said
that SvZ put it in the DB - did I mix it up ? Did Michael put it there ?
So is this now wrong:
PR: 9181
Obtained from: Michael Radwin
Submitted by: Sander van Zoest
DW
Re: cvs commit: apache-1.3/src/modules/standard mod_headers.c
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
Why did you principally credit Sander van Zoest for submitting the
patch of Michael Radwin <radwin_at_yahoo-inc.com> ?
Bill
At 06:22 PM 9/25/2002, dirkx@apache.org wrote:
>dirkx 2002/09/25 16:22:34
>
> Modified: src CHANGES
> src/modules/standard mod_headers.c
> Log:
> Scratch another its - this patchs allows me to hugely simply auth modules
> which use non 4xx methods for auth (such as cookies, referers ,etc).
>
> Submitted by Sander van Zoest (for a slightly different reason) - see
> explanation below.
>
> From: Sander van Zoest
> To: dev@httpd.apache.org
>
> It is common practice to set Cookie's to pass along on HTTP
> redirects for "login" authentication.
>
> When implementing P3P <http://www.w3.org/P3P/> using
> mod_headers.c the Header directive only sets r->headers_out
> and does not pass the headers along for non-2XX responses
> such as error pages and redirects.
>
> To provide this functionality we added the ErrorHeader
> directive which populates r->err_headers_out instead.
>
> Below follows a patch for 1.3.X by Michael Radwin <radwin_at_yahoo-inc.com>.
>
> I have some code that attempts to add Directive to 2.0.X, but
> it seems that output_filters are shortcuted on 3XX responses.
> While now by setting the Header directive it also passes the headers
> along at for all non-2XX responses except 3XX responses.
>
> Cheers,
>
> --
> Sander van Zoest
>
Re: cvs commit: apache-1.3/src/modules/standard mod_headers.c
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
Why did you principally credit Sander van Zoest for submitting the
patch of Michael Radwin <radwin_at_yahoo-inc.com> ?
Bill
At 06:22 PM 9/25/2002, dirkx@apache.org wrote:
>dirkx 2002/09/25 16:22:34
>
> Modified: src CHANGES
> src/modules/standard mod_headers.c
> Log:
> Scratch another its - this patchs allows me to hugely simply auth modules
> which use non 4xx methods for auth (such as cookies, referers ,etc).
>
> Submitted by Sander van Zoest (for a slightly different reason) - see
> explanation below.
>
> From: Sander van Zoest
> To: dev@httpd.apache.org
>
> It is common practice to set Cookie's to pass along on HTTP
> redirects for "login" authentication.
>
> When implementing P3P <http://www.w3.org/P3P/> using
> mod_headers.c the Header directive only sets r->headers_out
> and does not pass the headers along for non-2XX responses
> such as error pages and redirects.
>
> To provide this functionality we added the ErrorHeader
> directive which populates r->err_headers_out instead.
>
> Below follows a patch for 1.3.X by Michael Radwin <radwin_at_yahoo-inc.com>.
>
> I have some code that attempts to add Directive to 2.0.X, but
> it seems that output_filters are shortcuted on 3XX responses.
> While now by setting the Header directive it also passes the headers
> along at for all non-2XX responses except 3XX responses.
>
> Cheers,
>
> --
> Sander van Zoest
>