You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2006/01/08 12:30:49 UTC
DO NOT REPLY [Bug 38182] New: - COPY ignores authority in Destination header
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38182>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38182
Summary: COPY ignores authority in Destination header
Product: Apache httpd-2
Version: 2.0.55
Platform: Other
OS/Version: other
Status: NEW
Severity: normal
Priority: P2
Component: mod_dav
AssignedTo: bugs@httpd.apache.org
ReportedBy: julian.reschke@gmx.de
A COPY request such as
COPY /xyz HTTP/1.1
Host: www.example.com
Destination: http://julian-reschke.de/foo
succeeds. It should fail, unless the server has indeed created the resource at
the destination URI (which it didn't).
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 38182] - COPY ignores authority in Destination header
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38182>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38182
------- Additional Comments From wsanchez@apache.org 2006-01-24 04:32 -------
Julian explains that a potential reason is that being compliant here has problems with reverse proxies:
Consider
MOVE /a HTTP/1.1
Host: www.example.com
Destination: http://www.example.com/b
sent to a reverse proxy running on port 80 of www.example.com, which in turn forwards the request to
port 8080, rewriting the host header, but not touching the Destination header:
MOVE /a HTTP/1.1
Host: www.example.com:8080
Destination: http://www.example.com/b
A compliant WebDAV server will detect that the target of MOVE is on a different server, and fail the
request.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 38182] - COPY ignores authority in Destination header
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38182>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38182
------- Additional Comments From jorton@redhat.com 2006-01-10 13:46 -------
The code that checked the hostname/port has been disabled in 2.x for some reason.
dav/util.c:
#ifdef APACHE_PORT_HANDLING_IS_BUSTED
if (comp.hostname != NULL &&
!ap_matches_request_vhost(r, comp.hostname, port)) {
...
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 38182] - COPY ignores authority in Destination header
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38182>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38182
------- Additional Comments From wsanchez@apache.org 2006-01-24 04:34 -------
Personally, I don't think that "fixing" the problem for reverse proxies justifies being non-compliant in this
manner, if this is indeed the reason why we disabled the check.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 38182] - COPY ignores authority in Destination header
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38182>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38182
------- Additional Comments From wsanchez@apache.org 2006-01-24 04:36 -------
See http://lists.w3.org/Archives/Public/w3c-dist-auth/2006JanMar/0286.html for Julian's expanded
summary regarding reverse proxies.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org