diff options
| author |   Ingo Schwarze <schwarze@openbsd.org> | 2014-07-21 15:45:17 +0000 |
|---|---|---|
| committer | Ingo Schwarze <schwarze@openbsd.org> | 2014-07-21 15:45:17 +0000 |
| commit | 8abda0bf9851e11dece9e760efd941edd920eee5 (patch) | |
| tree | 753f03c5135c47bd19baf30e36b7b040204b8cae | |
| parent | ae6641bfafe5f6d5cefa0d535c66b5cfd989f218 (diff) | |
| download | mandoc-8abda0bf9851e11dece9e760efd941edd920eee5.tar.gz mandoc-8abda0bf9851e11dece9e760efd941edd920eee5.tar.zst mandoc-8abda0bf9851e11dece9e760efd941edd920eee5.zip | |
Kristaps points out that the current HTTP/1.1 draft standard (RFC
2616) requires the Location: response-header field to be an absolute
URI (14.30), and only the most recent proposed standard (RFC 7231),
which is barely a month old, allows a relative Location: (7.1.2).
While most modern browsers appear to support relative Location:
headers, some may not, and it's maybe a bit early to rely on relative
Location: headers.
I'm not going back to the HTTP_HOST or SERVER_NAME CGI variables,
though. While some CGI programs certainly require those, in which
case both the CGI programmer and the web server admin have to be
very careful to keep the system secure and reliable, man.cgi(8)
does not really need them. We always know at compile time which
domain we are running for, and for man.cgi(8), security and reliability
are definitely much more important than flexibility. So make HTTP_HOST
a compile-time definition for now.
| -rw-r--r-- | cgi.c | 6 | ||||
| -rw-r--r-- | cgi.h.example | 3 | ||||
| -rw-r--r-- | man.cgi.8 | 9 |
3 files changed, 12 insertions, 6 deletions
@@ -1,4 +1,4 @@ -/* $Id: cgi.c,v 1.77 2014/07/19 13:15:11 schwarze Exp $ */ +/* $Id: cgi.c,v 1.78 2014/07/21 15:45:17 schwarze Exp $ */ /* * Copyright (c) 2011, 2012 Kristaps Dzonsons <kristaps@bsd.lv> * Copyright (c) 2014 Ingo Schwarze <schwarze@usta.de> @@ -564,8 +564,8 @@ pg_searchres(const struct req *req, struct manpage *r, size_t sz) * without any delay. */ printf("Status: 303 See Other\r\n"); - printf("Location: %s/%s/%s?", - scriptname, req->q.manpath, r[0].file); + printf("Location: http://%s%s/%s/%s?", + HTTP_HOST, scriptname, req->q.manpath, r[0].file); http_printquery(req); printf("\r\n" "Content-Type: text/html; charset=utf-8\r\n" diff --git a/cgi.h.example b/cgi.h.example index 4f7273b1..f4c78318 100644 --- a/cgi.h.example +++ b/cgi.h.example @@ -1,8 +1,9 @@ /* Example compile-time configuration file for man.cgi(8). */ +#define HTTP_HOST "mdocml.bsd.lv" #define MAN_DIR "/var/www/man" #define CSS_DIR "" #define CUSTOMIZE_TITLE "Manual pages with mandoc" #define CUSTOMIZE_BEGIN "<H2>\nManual pages with " \ "<A HREF=\"http://mdocml.bsd.lv/\">mandoc</A>\n</H2>" -#define COMPAT_OLDURI Yes +#define COMPAT_OLDURI Yes @@ -1,4 +1,4 @@ -.\" $Id: man.cgi.8,v 1.7 2014/07/18 19:03:39 schwarze Exp $ +.\" $Id: man.cgi.8,v 1.8 2014/07/21 15:45:17 schwarze Exp $ .\" .\" Copyright (c) 2014 Ingo Schwarze <schwarze@openbsd.org> .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: July 18 2014 $ +.Dd $Mdocdate: July 21 2014 $ .Dt MAN.CGI 8 .Os .Sh NAME @@ -189,6 +189,11 @@ element. An ASCII string to be used for the HTML .Aq TITLE element. +.It Ev HTTP_HOST +The FQDN of the (possibly virtual) host the HTTP server is running on. +This is used for +.Ic Location: +headers in HTTP 303 responses. .It Ev MAN_DIR A path to the .Nm |