Skip Menu |
 

This queue is for tickets about the HTTP-Server-Simple CPAN distribution.

Report information
The Basics
Id: 69445
Status: patched
Priority: 0/
Queue: HTTP-Server-Simple

People
Owner: Nobody in particular
Requestors: PENFOLD [...] cpan.org
Cc: davidp [...] preshweb.co.uk
AdminCc:

Bug Information
Severity: Critical
Broken in: 0.44
Fixed in: (no value)



Subject: HTTP/1.1 requests with absolute URLs not handled correctly
From: PENFOLD [...] cpan.org
Download (untitled) / with headers
text/plain 281b
HTTP/1.1 requests of the form <method> <scheme>://<host>/<path> HTTP/1.1 are not handled as per the RFC. Specifically, path_info environment and associated method are set to <scheme>://<host>/<path>, which breaks apps that rely on a correctly set path_info to do request dispatch.
Patch (with tests) to fix attached.
Subject: HTTP-S-S.patch
Download HTTP-S-S.patch
text/x-diff 2k
Only in HTTP-Server-Simple-0.44.new: Makefile.old diff -u -r HTTP-Server-Simple-0.44.new/lib/HTTP/Server/Simple.pm HTTP-Server-Simple-0.44/lib/HTTP/Server/Simple.pm --- HTTP-Server-Simple-0.44.new/lib/HTTP/Server/Simple.pm 2011-07-13 08:25:21.000000000 +0100 +++ HTTP-Server-Simple-0.44/lib/HTTP/Server/Simple.pm 2011-04-04 08:02:15.000000000 +0100 @@ -603,14 +603,11 @@ defined($chunk) or return undef; $_ = $chunk; - m!^(\w+)\s+(\S+)(?:\s+(\S+))?\r?$!; + m/^(\w+)\s+(\S+)(?:\s+(\S+))?\r?$/; my $method = $1 || ''; my $uri = $2 || ''; my $protocol = $3 || ''; - # strip <scheme>://<host:port> out of HTTP/1.1 requests - $uri =~ s{\w+://[^/]+/}{/}; - return ( $method, $uri, $protocol ); } diff -u -r HTTP-Server-Simple-0.44.new/t/04cgi.t HTTP-Server-Simple-0.44/t/04cgi.t --- HTTP-Server-Simple-0.44.new/t/04cgi.t 2011-07-13 08:26:30.000000000 +0100 +++ HTTP-Server-Simple-0.44/t/04cgi.t 2011-04-04 07:58:23.000000000 +0100 @@ -32,10 +32,10 @@ if ($^O eq 'freebsd' && `sysctl -n security.jail.jailed` == 1) { delete @methods{qw(url server_name)}; delete @envvars{qw(SERVER_URL SERVER_NAME REMOTE_ADDR)}; - plan tests => 34; + plan tests => 18; } else { - plan tests => 39; + plan tests => 23; } { @@ -69,28 +69,6 @@ select(undef,undef,undef,0.2); # wait a sec } -# extra tests for HTTP/1.1 absolute URLs - - foreach my $method (keys(%methods)) { - next unless defined $methods{$method}; - like( - fetch("GET http://localhost/cgitest/$method HTTP/1.1",""), - "/$methods{$method}/", - "method (absolute URL) - $method" - ); - select(undef,undef,undef,0.2); # wait a sec - } - - foreach my $envvar (keys(%envvars)) { - like( - fetch("GET http://localhost/cgitest/$envvar HTTP/1.1",""), - "/$envvars{$envvar}/", - "Environment (absolute URL) - $envvar" - ); - select(undef,undef,undef,0.2); # wait a sec - } - - like( fetch("GET /cgitest/REQUEST_URI?foo%3Fbar HTTP/1.0",""), qr/foo%3Fbar/,
Download (untitled) / with headers
text/plain 535b
On 2011-07-13 11:14:21, PENFOLD wrote: Show quoted text
> HTTP/1.1 requests of the form <method> <scheme>://<host>/<path> > HTTP/1.1 are not handled as per the RFC.
Just to add more info, the RFC in question being section 5.1.2 of RFC-2616: http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html#sec5.1.2 Which states: "To allow for transition to absoluteURIs in all requests in future versions of HTTP, all HTTP/1.1 servers MUST accept the absoluteURI form in requests, even though HTTP/1.1 clients will only generate them in requests to proxies."


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.