You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by "Roy T. Fielding" <fi...@kiwi.ICS.UCI.EDU> on 1996/11/20 10:57:47 UTC

what to do about CGI and chunked

Apache is currently schizo in terms of how it treats CGI.  On the one hand,
it tries to treat CGI scripts as idiot children and protect them from
HTTP/1.1 improvements, which prevents new CGI scripts from using HTTP/1.1.
On the other hand, it does so in a way which is no longer compliant with
CGI/1.1.  We need to choose one of the following for the existing mod_cgi:

   a) Assume it is only for old scripts.  This requires changing mod_cgi
      so that it rejects anything without a Content-Length (411 Length
      Required) even if it is chunked, or at least anything that cannot
      be read into a single buffer before execing the script.

   b) Assume it is for new scripts and that old scripts will just never
      see the HTTP/1.1 input (after all, no sane client would chunk an
      x-www-url-encoded form).  This requires changing get_client_block
      so that it passes the chunk size and footer to the script. Does anyone
      know whether Netscape is including a Content-Length with a
      multipart/form-data POST?  If not, then we should also handle multipart
      delimited input.

If we choose (a), then we should have a separate module for the new CGI,
including new directives for CGI2Alias (or something).  The same questions
may apply to mod_fastcgi, but I have no idea now that interface works.

......Roy

Re: what to do about CGI and chunked

Posted by Ed Korthof <ed...@organic.com>.

Well, if it's still relevant -- don't know about the time line for 1.2b1, but
I'd vote +1 for a).  It's probably true that no sane client would chunk
x-www-url-encoded input, but considering some of the companies making browsers,
I'd want to be safe.  Also, if CGI/1.1 has significantly different
functionality -- ie. a different interface -- I'd like a clear distinction
between it and CGI/1.0.

On the other hand, I think this would imply a fair amount of extra work... I'd
offer to do it for 1.2, but I don't know how busy I'll be.

Ed

On Nov 20,  1:57am, Roy T. Fielding wrote:
> Subject: what to do about CGI and chunked
> Apache is currently schizo in terms of how it treats CGI.  On the one hand,
> it tries to treat CGI scripts as idiot children and protect them from
> HTTP/1.1 improvements, which prevents new CGI scripts from using HTTP/1.1.
> On the other hand, it does so in a way which is no longer compliant with
> CGI/1.1.  We need to choose one of the following for the existing mod_cgi:
>
>    a) Assume it is only for old scripts.  This requires changing mod_cgi
>       so that it rejects anything without a Content-Length (411 Length
>       Required) even if it is chunked, or at least anything that cannot
>       be read into a single buffer before execing the script.
>
>    b) Assume it is for new scripts and that old scripts will just never
>       see the HTTP/1.1 input (after all, no sane client would chunk an
>       x-www-url-encoded form).  This requires changing get_client_block
>       so that it passes the chunk size and footer to the script. Does anyone
>       know whether Netscape is including a Content-Length with a
>       multipart/form-data POST?  If not, then we should also handle multipart
>       delimited input.
>
> If we choose (a), then we should have a separate module for the new CGI,
> including new directives for CGI2Alias (or something).  The same questions
> may apply to mod_fastcgi, but I have no idea now that interface works.
>
> ......Roy
>-- End of excerpt from Roy T. Fielding