[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
misc/47740: libexec/httpd rfc3986 encoding of location header
>Synopsis: libexec/httpd rfc3986 encoding of location header
>Arrival-Date: Sat Apr 13 16:10:00 +0000 2013
NetBSD 6.99.17 (XEN3PAE_DOMU) #0: Sat Feb 23 12:24:40 UTC 2013
The HTTP redirect does a rfc3986-encoding of the path-component of the URL, the
hex-encoding of the '/'-separator results in invalid HTTP output. (e.g.,
different browsers report an error)
httpd -I 8080 -bf -X -c cgi-bin/ . 127.0.0.1
requesting http://127.0.0.1:8080/cgi-bin (without trailing /) results in a
status 301 (Document Moved) with a Location-header of
'http://127.0.0.1:8080%2Fcgi-bin%2F' which results in a "Corrupted Content
Error" in Firefox (and similar errors in other browsers).
The '/' in the path component shouldn't be hex-escaped.
escape_rfc3986() shouldn't escape '/' in the path-portion of a URL; or don't
escape the URL in the handle_redirect() (line 965 of bozohttpd.c); not sure
which one is the correct approach.
Main Index |
Thread Index |