You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by el...@apache.org on 2017/09/20 13:03:41 UTC
svn commit: r1809028 - in /httpd/httpd/trunk: CHANGES
modules/mappers/mod_rewrite.c server/util_expr_eval.c
Author: elukey
Date: Wed Sep 20 13:03:41 2017
New Revision: 1809028
URL: http://svn.apache.org/viewvc?rev=1809028&view=rev
Log:
mod_rewrite,core: avoid Vary:Host (part 2)
This is a follow up of r1808746 after a chat
with Yann on dev@:
- the HTTP:Host variable suffers from the same problem
- the strcasecmp should be used to allow case-sensitive
comparisons.
- in mod_rewrite is less cumbersome and more clean to just
make the Host header check in lookup_header, so it will
be automatically picked up by every part of the code
that uses it. It shouldn't be a relevant overhead for
mod_rewrite.
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/modules/mappers/mod_rewrite.c
httpd/httpd/trunk/server/util_expr_eval.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1809028&r1=1809027&r2=1809028&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Wed Sep 20 13:03:41 2017
@@ -5,7 +5,7 @@ Changes with Apache 2.5.0
PR 38923 [Nick Kew]
*) mod_rewrite, core: Avoid the 'Vary: Host' response header when HTTP_HOST is
- used in a condition that evaluates to true. PR 58231 [Luca Toscano]
+ used in a condition that evaluates to true. PR 58231 [Luca Toscano, Yann Ylavic]
*) mod_md: v0.9.6: a "MDRequireHttps permament" configured domain automatically sends out
HSTS (rfc 6797) headers in https: responses. [Stefan Eissing]
Modified: httpd/httpd/trunk/modules/mappers/mod_rewrite.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/mappers/mod_rewrite.c?rev=1809028&r1=1809027&r2=1809028&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/mappers/mod_rewrite.c (original)
+++ httpd/httpd/trunk/modules/mappers/mod_rewrite.c Wed Sep 20 13:03:41 2017
@@ -1808,7 +1808,10 @@ static const char *lookup_header(const c
{
const char *val = apr_table_get(ctx->r->headers_in, name);
- if (val) {
+ /* Skip the 'Vary: Host' header combination
+ * as indicated in rfc7231 section-7.1.4
+ */
+ if (val && strcasecmp(name, "Host") != 0) {
ctx->vary_this = ctx->vary_this
? apr_pstrcat(ctx->r->pool, ctx->vary_this, ", ",
name, NULL)
@@ -2035,10 +2038,7 @@ static char *lookup_variable(char *var,
case 'S':
if (!strcmp(var, "HTTP_HOST")) {
- /* Skip the 'Vary: Host' header combination
- * as indicated in rfc7231 section-7.1.4
- */
- result = apr_table_get(ctx->r->headers_in, "Host");
+ result = lookup_header("Host", ctx);
}
break;
Modified: httpd/httpd/trunk/server/util_expr_eval.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/util_expr_eval.c?rev=1809028&r1=1809027&r2=1809028&view=diff
==============================================================================
--- httpd/httpd/trunk/server/util_expr_eval.c (original)
+++ httpd/httpd/trunk/server/util_expr_eval.c Wed Sep 20 13:03:41 2017
@@ -1044,7 +1044,12 @@ static const char *req_table_func(ap_exp
t = ctx->r->headers_in;
else { /* req, http */
t = ctx->r->headers_in;
- add_vary(ctx, arg);
+ /* Skip the 'Vary: Host' header combination
+ * as indicated in rfc7231 section-7.1.4
+ */
+ if (strcasecmp(arg, "Host")){
+ add_vary(ctx, arg);
+ }
}
return apr_table_get(t, arg);
}
@@ -1609,7 +1614,7 @@ static const char *req_header_var_fn(ap_
/* Skip the 'Vary: Host' header combination
* as indicated in rfc7231 section-7.1.4
*/
- if (strcmp(name, "Host")){
+ if (strcasecmp(name, "Host")){
add_vary(ctx, name);
}
return apr_table_get(ctx->r->headers_in, name);