You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by "Roy T. Fielding" <fi...@gbiv.com> on 2005/10/15 21:40:59 UTC

[PATCH] remove block on OPTIONS from mod_cgi

I objected to this code when it was first added (13 Aug 1996)
as part of Alexei's huge HTTP/1.1 patch and for some unknown
reason I forgot to remove it.

<http://mail-archives.apache.org/mod_mbox/httpd-dev/199608.mbox/ 
%3c9608132318.aa12603@paris.ics.uci.edu%3e>

It has been featured in multiple PRs since then for both GNATS (4490)
and Bugzilla (PR 15242).  Are there any objections to removing it now,
both here and in mod_cgid?  It is currently preventing folks from
implementing new services (WEBDAV and Atom, among others) via CGI.

....Roy


Index: mod_cgi.c
===================================================================
--- mod_cgi.c   (revision 321466)
+++ mod_cgi.c   (working copy)
@@ -756,13 +756,6 @@

      p = r->main ? r->main->pool : r->pool;

-    if (r->method_number == M_OPTIONS) {
-        /* 99 out of 100 CGI scripts, this is all they support */
-        r->allowed |= (AP_METHOD_BIT << M_GET);
-        r->allowed |= (AP_METHOD_BIT << M_POST);
-        return DECLINED;
-    }
-
      argv0 = apr_filepath_name_get(r->filename);
      nph = !(strncmp(argv0, "nph-", 4));
      conf = ap_get_module_config(r->server->module_config, &cgi_module);

Re: [PATCH] remove block on OPTIONS from mod_cgi

Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.

Roy T.Fielding wrote:
> It has been featured in multiple PRs since then for both GNATS (4490)
> and Bugzilla (PR 15242).  Are there any objections to removing it now,
> both here and in mod_cgid?  It is currently preventing folks from
> implementing new services (WEBDAV and Atom, among others) via CGI.

++1.  Although it's really time for the CGI spec rev 1.2 or 2.0 to spell
out for authors what to expect.  And, if we fail to get a spec through,
at least a reference document for Apache httpd cgi authors would be good.

Bill

Re: [PATCH] remove block on OPTIONS from mod_cgi

Posted by Paul Querna <ch...@force-elite.com>.

Roy T.Fielding wrote:
> I objected to this code when it was first added (13 Aug 1996)
> as part of Alexei's huge HTTP/1.1 patch and for some unknown
> reason I forgot to remove it.

+1, remove it from here and mod_cgid


> 
> <http://mail-archives.apache.org/mod_mbox/httpd-dev/199608.mbox/%3c9608132318.aa12603@paris.ics.uci.edu%3e> 
> 
> 
> It has been featured in multiple PRs since then for both GNATS (4490)
> and Bugzilla (PR 15242).  Are there any objections to removing it now,
> both here and in mod_cgid?  It is currently preventing folks from
> implementing new services (WEBDAV and Atom, among others) via CGI.
> 
> ....Roy
> 
> 
> Index: mod_cgi.c
> ===================================================================
> --- mod_cgi.c   (revision 321466)
> +++ mod_cgi.c   (working copy)
> @@ -756,13 +756,6 @@
> 
>      p = r->main ? r->main->pool : r->pool;
> 
> -    if (r->method_number == M_OPTIONS) {
> -        /* 99 out of 100 CGI scripts, this is all they support */
> -        r->allowed |= (AP_METHOD_BIT << M_GET);
> -        r->allowed |= (AP_METHOD_BIT << M_POST);
> -        return DECLINED;
> -    }
> -
>      argv0 = apr_filepath_name_get(r->filename);
>      nph = !(strncmp(argv0, "nph-", 4));
>      conf = ap_get_module_config(r->server->module_config, &cgi_module);

Re: [PATCH] remove block on OPTIONS from mod_cgi

Posted by André Malo <nd...@perlig.de>.

* Roy T. Fielding wrote:

> On Oct 15, 2005, at 12:54 PM, André Malo wrote:
> > I'm wondering, how many scripts this will break. Perhaps we should
> > provide
> > an option?
>
> It can't break a script.  It could expose a broken script,

That's what I meant ;)

> but then 
> those scripts are already exposed to all of the other methods.

But that's true as well. Alright, +1 from here.

nd
-- 
"Das Verhalten von Gates hatte mir bewiesen, dass ich auf ihn und seine
beiden Gefährten nicht zu zählen brauchte" -- Karl May, "Winnetou III"

Im Westen was neues: <http://pub.perlig.de/books.html#apache2>

Re: [PATCH] remove block on OPTIONS from mod_cgi

Posted by "Roy T. Fielding" <fi...@gbiv.com>.

On Oct 15, 2005, at 12:54 PM, André Malo wrote:
> I'm wondering, how many scripts this will break. Perhaps we should 
> provide
> an option?

It can't break a script.  It could expose a broken script, but then
those scripts are already exposed to all of the other methods.
It is far better to fix the script locally than disable a feature
of HTTP globally out of fear that bugs might exist elsewhere.

In any case, the option is LimitExcept.

....Roy

Re: [PATCH] remove block on OPTIONS from mod_cgi

Posted by André Malo <nd...@perlig.de>.

* Roy T. Fielding wrote:

> I objected to this code when it was first added (13 Aug 1996)
> as part of Alexei's huge HTTP/1.1 patch and for some unknown
> reason I forgot to remove it.
>
> <http://mail-archives.apache.org/mod_mbox/httpd-dev/199608.mbox/
> %3c9608132318.aa12603@paris.ics.uci.edu%3e>
>
> It has been featured in multiple PRs since then for both GNATS (4490)
> and Bugzilla (PR 15242).  Are there any objections to removing it now,
> both here and in mod_cgid?  It is currently preventing folks from
> implementing new services (WEBDAV and Atom, among others) via CGI.

I'm wondering, how many scripts this will break. Perhaps we should provide 
an option?

(+1 on concept)

nd
-- 
sub the($){+shift} sub answer (){ord q
        [* It is always 42! *]       }
           print the answer
# André Malo # http://www.perlig.de/ #