[mod_cgi] status 200 OK if no hdrs (deprecated) (#2786)

set status 200 OK if CGI does not return CGI headers

This mode in lighttpd is deprecated and may be removed in the next major
release of lighttpd.  CGI scripts should return a proper CGI header in
the response, even if that header is empty and followed by a blank line,
before return response body.

Without a proper CGI response header, the first line(s) of the response
might be incorrectly construed as being CGI response headers, especially
if they contain ':', and response may be corrupted.  That is why this
mode is deprecated (and not supported in numerous other web servers).

The minimal valid CGI response header is "\n", which lighttpd will treat
as equivalent to "Status: 200\n\n"

  "error 500 (mod_cgi.c.601) cgi died"
This commit is contained in:
Glenn Strauss 2017-02-22 11:58:21 -05:00
parent 1dd5cce3bc
commit 51ff7ac504
1 changed files with 2 additions and 0 deletions

View File

@ -509,6 +509,7 @@ static int cgi_demux_response(server *srv, handler_ctx *hctx) {
if (0 != http_chunk_append_buffer(srv, con, hctx->response_header)) {
if (0 == con->http_status) con->http_status = 200; /* OK */
} else {
const char *bstart;
size_t blen;
@ -853,6 +854,7 @@ static handler_t cgi_handle_fdevent(server *srv, void *ctx, int revents) {
cgi_connection_close(srv, hctx);
if (0 == con->http_status) con->http_status = 200; /* OK */
} else {
# if 0
log_error_write(srv, __FILE__, __LINE__, "sddd", "got HUP from cgi", con->fd, hctx->fd, revents);