[FASTCGI] [PATCH] Updated patch for -pass-header correct handling

Michiel Brandenburg apex at xepa.nl
Sun Sep 21 17:07:34 EDT 2008


Christian Seiler wrote:

> So, if you do -pass-header HTTP_AUTHORIZATION, mod_fastcgi will try to
> lookup the HTTP header HTTP_AUTHORIZATION which is not sent by the
> browser (a browser would actually have to send "HTTP_AUTHORIZATION: foo"
> in order for such a header to appear in headers_in) and since it's not
> set, it does nothing.
> 
> If you do -pass-header AUTHORIZATION, mod_fastcgi will try to lookup the
> HTTP header AUTHORIZATION, which is sent by the browser, but then it
> will set the CGI env variable with the name AUTHORIZATION.
<slightly offtopic>
I use mod_fcgid (long story) and have noticed the same "bug" there too. 
  I too have had to patch the source to pass the AUTH header as 
HTTP_AUTH to cgi's, did not know this also relates to other client headers.
</slightly offtopic>

But I like ur patch Christian, lots cleaner than my hack. It fixes the 
issue, my hack only sidesteps it. Once this commes out to the 
repositories I will restart the fcgid vs fastcgi discussion at work again :)

I seem to remember another bug propping up on php4, what version did u 
try with your example ? I did patch our binaries long long time ago and 
I can't quite remember why I added extra code to decode the Auth header 
and pass it's components (PHP_AUTH_USER/PHP_AUTH_PW) to php4.

Keep up the good work
--
Michiel


More information about the FastCGI-developers mailing list