You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by wr...@apache.org on 2009/07/24 20:54:39 UTC
svn commit: r797603 - /httpd/mod_fcgid/trunk/mod_fcgid/mod_fcgid.c
Author: wrowe
Date: Fri Jul 24 18:54:39 2009
New Revision: 797603
URL: http://svn.apache.org/viewvc?rev=797603&view=rev
Log:
Remove hop by hop headers and set Connection: close to convince
all fastcgi consumers that they are not responsible for the various
processing which httpd has already performed, internally.
Modified:
httpd/mod_fcgid/trunk/mod_fcgid/mod_fcgid.c
Modified: httpd/mod_fcgid/trunk/mod_fcgid/mod_fcgid.c
URL: http://svn.apache.org/viewvc/httpd/mod_fcgid/trunk/mod_fcgid/mod_fcgid.c?rev=797603&r1=797602&r2=797603&view=diff
==============================================================================
--- httpd/mod_fcgid/trunk/mod_fcgid/mod_fcgid.c (original)
+++ httpd/mod_fcgid/trunk/mod_fcgid/mod_fcgid.c Fri Jul 24 18:54:39 2009
@@ -207,6 +207,17 @@
ap_add_cgi_vars(r);
fcgid_add_cgi_vars(r);
+ /* Remove hop-by-hop headers handled by http
+ */
+ apr_table_unset(r->subprocess_env, "HTTP_KEEP_ALIVE");
+ apr_table_unset(r->subprocess_env, "HTTP_TE");
+ apr_table_unset(r->subprocess_env, "HTTP_TRAILER");
+ apr_table_unset(r->subprocess_env, "HTTP_TRANSFER_ENCODING");
+ apr_table_unset(r->subprocess_env, "HTTP_UPGRADE");
+
+ /* Connection hop-by-hop header to prevent the CGI from hanging */
+ apr_table_set(r->subprocess_env, "HTTP_CONNECTION", "close");
+
/* Insert output filter */
ap_add_output_filter_handle(fcgid_filter_handle, NULL, r,
r->connection);
@@ -260,12 +271,22 @@
apr_table_setn(r->subprocess_env, "REMOTE_PASSWD", password);
apr_table_setn(r->subprocess_env, "FCGI_APACHE_ROLE", "AUTHENTICATOR");
- /* Remove some environment variables */
- /* The Web server does not send CONTENT_LENGTH, PATH_INFO, PATH_TRANSLATED, and SCRIPT_NAME headers */
+ /* Drop the variables CONTENT_LENGTH, PATH_INFO, PATH_TRANSLATED,
+ * SCRIPT_NAME and most Hop-By-Hop headers - EXCEPT we will pass
+ * PROXY_AUTH to allow CGI to perform proxy auth for httpd
+ */
apr_table_unset(r->subprocess_env, "CONTENT_LENGTH");
apr_table_unset(r->subprocess_env, "PATH_INFO");
apr_table_unset(r->subprocess_env, "PATH_TRANSLATED");
apr_table_unset(r->subprocess_env, "SCRIPT_NAME");
+ apr_table_unset(r->subprocess_env, "HTTP_KEEP_ALIVE");
+ apr_table_unset(r->subprocess_env, "HTTP_TE");
+ apr_table_unset(r->subprocess_env, "HTTP_TRAILER");
+ apr_table_unset(r->subprocess_env, "HTTP_TRANSFER_ENCODING");
+ apr_table_unset(r->subprocess_env, "HTTP_UPGRADE");
+
+ /* Connection hop-by-hop header to prevent the CGI from hanging */
+ apr_table_set(r->subprocess_env, "HTTP_CONNECTION", "close");
/* Handle the request */
res =
@@ -340,12 +361,22 @@
fcgid_add_cgi_vars(r);
apr_table_setn(r->subprocess_env, "FCGI_APACHE_ROLE", "AUTHORIZER");
- /* Remove some environment variables */
- /* The Web server does not send CONTENT_LENGTH, PATH_INFO, PATH_TRANSLATED, and SCRIPT_NAME headers */
+ /* Drop the variables CONTENT_LENGTH, PATH_INFO, PATH_TRANSLATED,
+ * SCRIPT_NAME and most Hop-By-Hop headers - EXCEPT we will pass
+ * PROXY_AUTH to allow CGI to perform proxy auth for httpd
+ */
apr_table_unset(r->subprocess_env, "CONTENT_LENGTH");
apr_table_unset(r->subprocess_env, "PATH_INFO");
apr_table_unset(r->subprocess_env, "PATH_TRANSLATED");
apr_table_unset(r->subprocess_env, "SCRIPT_NAME");
+ apr_table_unset(r->subprocess_env, "HTTP_KEEP_ALIVE");
+ apr_table_unset(r->subprocess_env, "HTTP_TE");
+ apr_table_unset(r->subprocess_env, "HTTP_TRAILER");
+ apr_table_unset(r->subprocess_env, "HTTP_TRANSFER_ENCODING");
+ apr_table_unset(r->subprocess_env, "HTTP_UPGRADE");
+
+ /* Connection hop-by-hop header to prevent the CGI from hanging */
+ apr_table_set(r->subprocess_env, "HTTP_CONNECTION", "close");
/* Handle the request */
res =
@@ -421,12 +452,22 @@
apr_table_setn(r->subprocess_env, "FCGI_APACHE_ROLE",
"ACCESS_CHECKER");
- /* Remove some environment variables */
- /* The Web server does not send CONTENT_LENGTH, PATH_INFO, PATH_TRANSLATED, and SCRIPT_NAME headers */
+ /* Drop the variables CONTENT_LENGTH, PATH_INFO, PATH_TRANSLATED,
+ * SCRIPT_NAME and most Hop-By-Hop headers - EXCEPT we will pass
+ * PROXY_AUTH to allow CGI to perform proxy auth for httpd
+ */
apr_table_unset(r->subprocess_env, "CONTENT_LENGTH");
apr_table_unset(r->subprocess_env, "PATH_INFO");
apr_table_unset(r->subprocess_env, "PATH_TRANSLATED");
apr_table_unset(r->subprocess_env, "SCRIPT_NAME");
+ apr_table_unset(r->subprocess_env, "HTTP_KEEP_ALIVE");
+ apr_table_unset(r->subprocess_env, "HTTP_TE");
+ apr_table_unset(r->subprocess_env, "HTTP_TRAILER");
+ apr_table_unset(r->subprocess_env, "HTTP_TRANSFER_ENCODING");
+ apr_table_unset(r->subprocess_env, "HTTP_UPGRADE");
+
+ /* Connection hop-by-hop header to prevent the CGI from hanging */
+ apr_table_set(r->subprocess_env, "HTTP_CONNECTION", "close");
/* Handle the request */
res =
Re: svn commit: r797603 - /httpd/mod_fcgid/trunk/mod_fcgid/mod_fcgid.c
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
William A. Rowe, Jr. wrote:
> wrowe@apache.org wrote:
>> Author: wrowe
>> Date: Fri Jul 24 18:54:39 2009
>> New Revision: 797603
>>
>> URL: http://svn.apache.org/viewvc?rev=797603&view=rev
>> Log:
>> Remove hop by hop headers and set Connection: close to convince
>> all fastcgi consumers that they are not responsible for the various
>> processing which httpd has already performed, internally.
>
> Folks, the patch inspires two questions;
>
>> Modified: httpd/mod_fcgid/trunk/mod_fcgid/mod_fcgid.c
>> URL: http://svn.apache.org/viewvc/httpd/mod_fcgid/trunk/mod_fcgid/mod_fcgid.c?rev=797603&r1=797602&r2=797603&view=diff
>> ==============================================================================
>> --- httpd/mod_fcgid/trunk/mod_fcgid/mod_fcgid.c (original)
>> +++ httpd/mod_fcgid/trunk/mod_fcgid/mod_fcgid.c Fri Jul 24 18:54:39 2009
>> - /* Remove some environment variables */
>> - /* The Web server does not send CONTENT_LENGTH, PATH_INFO, PATH_TRANSLATED, and SCRIPT_NAME headers */
>> + /* Drop the variables CONTENT_LENGTH, PATH_INFO, PATH_TRANSLATED,
>> + * SCRIPT_NAME and most Hop-By-Hop headers - EXCEPT we will pass
>> + * PROXY_AUTH to allow CGI to perform proxy auth for httpd
>> + */
>
> Do we want Proxy-Auth* headers to be shared with a CGI application?
> If so, howso, and if not, why not? Note this auth is hop-by-hop,
> and (in theory) httpd is both an endpoint, and a gateway to cgi which
> is allowed to do auth processing.
>
>> apr_table_unset(r->subprocess_env, "CONTENT_LENGTH");
>> apr_table_unset(r->subprocess_env, "PATH_INFO");
>> apr_table_unset(r->subprocess_env, "PATH_TRANSLATED");
>> apr_table_unset(r->subprocess_env, "SCRIPT_NAME");
>
> [these four above are not removed for the actual request _handler, but only
> when acting for the authn/authz mechanics.]
>
>> + apr_table_unset(r->subprocess_env, "HTTP_KEEP_ALIVE");
>> + apr_table_unset(r->subprocess_env, "HTTP_TE");
>> + apr_table_unset(r->subprocess_env, "HTTP_TRAILER");
>> + apr_table_unset(r->subprocess_env, "HTTP_TRANSFER_ENCODING");
>> + apr_table_unset(r->subprocess_env, "HTTP_UPGRADE");
>
> None of the above should matter to the cgi; fastcgi protocol doesn't have
> a trailer mechanism for request bodies, so far as I'm aware. The request
> body Transfer Encoding, any upgrade or keep_alives should be ignored, and
>
>> + /* Connection hop-by-hop header to prevent the CGI from hanging */
>> + apr_table_set(r->subprocess_env, "HTTP_CONNECTION", "close");
>
> we should let the fastcgi app context consider itself 'done' upon completion
> of one request. I presume this is correct?
Thoughts?
Re: svn commit: r797603 - /httpd/mod_fcgid/trunk/mod_fcgid/mod_fcgid.c
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
wrowe@apache.org wrote:
> Author: wrowe
> Date: Fri Jul 24 18:54:39 2009
> New Revision: 797603
>
> URL: http://svn.apache.org/viewvc?rev=797603&view=rev
> Log:
> Remove hop by hop headers and set Connection: close to convince
> all fastcgi consumers that they are not responsible for the various
> processing which httpd has already performed, internally.
Folks, the patch inspires two questions;
> Modified: httpd/mod_fcgid/trunk/mod_fcgid/mod_fcgid.c
> URL: http://svn.apache.org/viewvc/httpd/mod_fcgid/trunk/mod_fcgid/mod_fcgid.c?rev=797603&r1=797602&r2=797603&view=diff
> ==============================================================================
> --- httpd/mod_fcgid/trunk/mod_fcgid/mod_fcgid.c (original)
> +++ httpd/mod_fcgid/trunk/mod_fcgid/mod_fcgid.c Fri Jul 24 18:54:39 2009
> - /* Remove some environment variables */
> - /* The Web server does not send CONTENT_LENGTH, PATH_INFO, PATH_TRANSLATED, and SCRIPT_NAME headers */
> + /* Drop the variables CONTENT_LENGTH, PATH_INFO, PATH_TRANSLATED,
> + * SCRIPT_NAME and most Hop-By-Hop headers - EXCEPT we will pass
> + * PROXY_AUTH to allow CGI to perform proxy auth for httpd
> + */
Do we want Proxy-Auth* headers to be shared with a CGI application?
If so, howso, and if not, why not? Note this auth is hop-by-hop,
and (in theory) httpd is both an endpoint, and a gateway to cgi which
is allowed to do auth processing.
> apr_table_unset(r->subprocess_env, "CONTENT_LENGTH");
> apr_table_unset(r->subprocess_env, "PATH_INFO");
> apr_table_unset(r->subprocess_env, "PATH_TRANSLATED");
> apr_table_unset(r->subprocess_env, "SCRIPT_NAME");
[these four above are not removed for the actual request _handler, but only
when acting for the authn/authz mechanics.]
> + apr_table_unset(r->subprocess_env, "HTTP_KEEP_ALIVE");
> + apr_table_unset(r->subprocess_env, "HTTP_TE");
> + apr_table_unset(r->subprocess_env, "HTTP_TRAILER");
> + apr_table_unset(r->subprocess_env, "HTTP_TRANSFER_ENCODING");
> + apr_table_unset(r->subprocess_env, "HTTP_UPGRADE");
None of the above should matter to the cgi; fastcgi protocol doesn't have
a trailer mechanism for request bodies, so far as I'm aware. The request
body Transfer Encoding, any upgrade or keep_alives should be ignored, and
> + /* Connection hop-by-hop header to prevent the CGI from hanging */
> + apr_table_set(r->subprocess_env, "HTTP_CONNECTION", "close");
we should let the fastcgi app context consider itself 'done' upon completion
of one request. I presume this is correct?