Skip Menu |

This queue is for tickets about the HTTP-Server-Simple CPAN distribution.

Report information
The Basics
Id: 69445
Status: patched
Priority: 0/
Queue: HTTP-Server-Simple
People
Owner: Nobody in particular
Requestors: PENFOLD [...] cpan.org
Cc: davidp [...] preshweb.co.uk
AdminCc:
Bug Information
Severity: Critical
Broken in: 0.44
Fixed in: (no value)

History Show all quoted text
  Wed Jul 13 06:14:21 2011 PENFOLD [...] cpan.org - Ticket created
Subject: HTTP/1.1 requests with absolute URLs not handled correctly
From: PENFOLD [...] cpan.org
HTTP/1.1 requests of the form <method> <scheme>://<host>/<path> HTTP/1.1 are not handled as per the RFC. Specifically, path_info environment and associated method are set to <scheme>://<host>/<path>, which breaks apps that rely on a correctly set path_info to do request dispatch.
  Wed Jul 13 06:19:35 2011 PENFOLD [...] cpan.org - Correspondence added
Patch (with tests) to fix attached.
Subject: HTTP-S-S.patch
Only in HTTP-Server-Simple-0.44.new: Makefile.old diff -u -r HTTP-Server-Simple-0.44.new/lib/HTTP/Server/Simple.pm HTTP-Server-Simple-0.44/lib/HTTP/Server/Simple.pm --- HTTP-Server-Simple-0.44.new/lib/HTTP/Server/Simple.pm 2011-07-13 08:25:21.000000000 +0100 +++ HTTP-Server-Simple-0.44/lib/HTTP/Server/Simple.pm 2011-04-04 08:02:15.000000000 +0100 @@ -603,14 +603,11 @@ defined($chunk) or return undef; $_ = $chunk; - m!^(\w+)\s+(\S+)(?:\s+(\S+))?\r?$!; + m/^(\w+)\s+(\S+)(?:\s+(\S+))?\r?$/; my $method = $1 || ''; my $uri = $2 || ''; my $protocol = $3 || ''; - # strip <scheme>://<host:port> out of HTTP/1.1 requests - $uri =~ s{\w+://[^/]+/}{/}; - return ( $method, $uri, $protocol ); } diff -u -r HTTP-Server-Simple-0.44.new/t/04cgi.t HTTP-Server-Simple-0.44/t/04cgi.t --- HTTP-Server-Simple-0.44.new/t/04cgi.t 2011-07-13 08:26:30.000000000 +0100 +++ HTTP-Server-Simple-0.44/t/04cgi.t 2011-04-04 07:58:23.000000000 +0100 @@ -32,10 +32,10 @@ if ($^O eq 'freebsd' && `sysctl -n security.jail.jailed` == 1) { delete @methods{qw(url server_name)}; delete @envvars{qw(SERVER_URL SERVER_NAME REMOTE_ADDR)}; - plan tests => 34; + plan tests => 18; } else { - plan tests => 39; + plan tests => 23; } { @@ -69,28 +69,6 @@ select(undef,undef,undef,0.2); # wait a sec } -# extra tests for HTTP/1.1 absolute URLs - - foreach my $method (keys(%methods)) { - next unless defined $methods{$method}; - like( - fetch("GET http://localhost/cgitest/$method HTTP/1.1",""), - "/$methods{$method}/", - "method (absolute URL) - $method" - ); - select(undef,undef,undef,0.2); # wait a sec - } - - foreach my $envvar (keys(%envvars)) { - like( - fetch("GET http://localhost/cgitest/$envvar HTTP/1.1",""), - "/$envvars{$envvar}/", - "Environment (absolute URL) - $envvar" - ); - select(undef,undef,undef,0.2); # wait a sec - } - - like( fetch("GET /cgitest/REQUEST_URI?foo%3Fbar HTTP/1.0",""), qr/foo%3Fbar/,
  Wed Jul 13 06:19:36 2011 PENFOLD [...] cpan.org - Status changed from 'new' to 'open'
  Wed Jul 13 06:26:36 2011 davidp [...] preshweb.co.uk - Correspondence added
On 2011-07-13 11:14:21, PENFOLD wrote: Show quoted text
> HTTP/1.1 requests of the form <method> <scheme>://<host>/<path> > HTTP/1.1 are not handled as per the RFC.
Just to add more info, the RFC in question being section 5.1.2 of RFC-2616: http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html#sec5.1.2 Which states: "To allow for transition to absoluteURIs in all requests in future versions of HTTP, all HTTP/1.1 servers MUST accept the absoluteURI form in requests, even though HTTP/1.1 clients will only generate them in requests to proxies."
  Wed Jul 13 06:27:04 2011 davidp [...] preshweb.co.uk - Cc BIGPRESH added
  Wed Jul 13 06:31:52 2011 PENFOLD [...] cpan.org - Severity Critical added
  Wed Jul 13 06:31:52 2011 PENFOLD [...] cpan.org - Broken in 0.44 added
  Sat Oct 29 03:04:32 2011 cpan [...] chmrr.net - Status changed from 'open' to 'patched'