[core] add const to callers of http_header_*_get()

(The few places where value is modified in-place were not made const)

src/base.h

@@ -195,7 +195,7 @@ typedef struct cond_cache_t {
 	cond_result_t local_result;
 	int patterncount;
 	int matches[3 * 10];
-	buffer *comp_value; /* just a pointer */
+	const buffer *comp_value; /* just a pointer */
 } cond_cache_t;
 
 struct connection {

src/configfile-glue.c

@@ -264,12 +264,12 @@ static int config_addrbuf_eq_remote_ip_mask(server *srv, buffer *string, char *n
 	return config_addrstr_eq_remote_ip_mask(srv, addrstr, nm_bits, rmt);
 }
 
-static int data_config_pcre_exec(const data_config *dc, cond_cache_t *cache, buffer *b);
+static int data_config_pcre_exec(const data_config *dc, cond_cache_t *cache, const buffer *b);
 
 static cond_result_t config_check_cond_cached(server *srv, connection *con, const data_config *dc);
 
 static cond_result_t config_check_cond_nocache(server *srv, connection *con, const data_config *dc) {
-	buffer *l;
+	const buffer *l;
 	server_socket *srv_sock = con->srv_socket;
 	cond_cache_t *cache = &con->cond_cache[dc->context_ndx];
 
@@ -432,8 +432,8 @@ static cond_result_t config_check_cond_nocache(server *srv, connection *con, con
 		break;
 	case COMP_HTTP_REQUEST_METHOD:
 		l = srv->tmp_buf;
-		buffer_clear(l);
-		http_method_append(l, con->request.http_method);
+		buffer_clear(srv->tmp_buf);
+		http_method_append(srv->tmp_buf, con->request.http_method);
 		break;
 	default:
 		return COND_RESULT_FALSE;
@@ -583,7 +583,7 @@ int config_check_cond(server *srv, connection *con, const data_config *dc) {
 #include <pcre.h>
 #endif
 
-static int data_config_pcre_exec(const data_config *dc, cond_cache_t *cache, buffer *b) {
+static int data_config_pcre_exec(const data_config *dc, cond_cache_t *cache, const buffer *b) {
 #ifdef HAVE_PCRE_H
     #ifndef elementsof
     #define elementsof(x) (sizeof(x) / sizeof(x[0]))

src/connections-glue.c

@@ -440,7 +440,7 @@ handler_t connection_handle_read_post_state(server *srv, connection *con) {
 	if (chunkqueue_is_empty(cq) && 0 == dst_cq->bytes_in
 	    && con->request.http_version != HTTP_VERSION_1_0
 	    && chunkqueue_is_empty(con->write_queue) && con->is_writable) {
-		buffer *vb = http_header_request_get(con, HTTP_HEADER_EXPECT, CONST_STR_LEN("Expect"));
+		const buffer *vb = http_header_request_get(con, HTTP_HEADER_EXPECT, CONST_STR_LEN("Expect"));
 		if (NULL != vb && buffer_eq_icase_slen(vb, CONST_STR_LEN("100-continue"))) {
 			http_header_request_unset(con, HTTP_HEADER_EXPECT, CONST_STR_LEN("Expect"));
 			if (!connection_write_100_continue(srv, con)) {

src/connections.c

@@ -257,7 +257,7 @@ static void connection_handle_errdoc_init(connection *con) {
 	 * mod_auth WWW-Authenticate response header. */
 	buffer *www_auth = NULL;
 	if (401 == con->http_status) {
-		buffer *vb = http_header_response_get(con, HTTP_HEADER_OTHER, CONST_STR_LEN("WWW-Authenticate"));
+		const buffer *vb = http_header_response_get(con, HTTP_HEADER_OTHER, CONST_STR_LEN("WWW-Authenticate"));
 		if (NULL != vb) www_auth = buffer_init_buffer(vb);
 	}
 

src/http-header-glue.c

@@ -139,8 +139,8 @@ buffer * strftime_cache_get(server *srv, time_t last_mod) {
 }
 
 
-int http_response_handle_cachable(server *srv, connection *con, buffer *mtime) {
-	buffer *vb;
+int http_response_handle_cachable(server *srv, connection *con, const buffer *mtime) {
+	const buffer *vb;
 	int head_or_get =
 		(  HTTP_METHOD_GET  == con->request.http_method
 		|| HTTP_METHOD_HEAD == con->request.http_method);
@@ -243,7 +243,7 @@ static int http_response_parse_range(server *srv, connection *con, buffer *path,
 	off_t start, end;
 	const char *s, *minus;
 	static const char boundary[] = "fkj49sn38dcn3";
-	buffer *content_type = http_header_response_get(con, HTTP_HEADER_CONTENT_TYPE, CONST_STR_LEN("Content-Type"));
+	const buffer *content_type = http_header_response_get(con, HTTP_HEADER_CONTENT_TYPE, CONST_STR_LEN("Content-Type"));
 
 	start = 0;
 	end = sce->st.st_size - 1;
@@ -431,8 +431,8 @@ static int http_response_parse_range(server *srv, connection *con, buffer *path,
 
 void http_response_send_file (server *srv, connection *con, buffer *path) {
 	stat_cache_entry *sce = NULL;
-	buffer *mtime = NULL;
-	buffer *vb;
+	const buffer *mtime = NULL;
+	const buffer *vb;
 	int allow_caching = (0 == con->http_status || 200 == con->http_status);
 
 	if (HANDLER_ERROR == stat_cache_get_entry(srv, con, path, &sce)) {
@@ -540,7 +540,7 @@ void http_response_send_file (server *srv, connection *con, buffer *path) {
 	    && (200 == con->http_status || 0 == con->http_status)
 	    && NULL != (vb = http_header_request_get(con, HTTP_HEADER_RANGE, CONST_STR_LEN("Range")))
 	    && NULL == http_header_response_get(con, HTTP_HEADER_CONTENT_ENCODING, CONST_STR_LEN("Content-Encoding"))) {
-		buffer *range = vb;
+		const buffer *range = vb;
 		int do_range_request = 1;
 		/* check if we have a conditional GET */
 
@@ -878,7 +878,7 @@ static handler_t http_response_process_local_redir(server *srv, connection *con,
 
     /* con->http_status >= 300 && con->http_status < 400) */
     size_t ulen = buffer_string_length(con->uri.path);
-    buffer *vb = http_header_response_get(con, HTTP_HEADER_LOCATION, CONST_STR_LEN("Location"));
+    const buffer *vb = http_header_response_get(con, HTTP_HEADER_LOCATION, CONST_STR_LEN("Location"));
     if (NULL != vb
         && vb->ptr[0] == '/'
         && (0 != strncmp(vb->ptr, con->uri.path->ptr, ulen)

src/mod_accesslog.c

@@ -187,7 +187,7 @@ static void accesslog_write_all(server *srv, const buffer *filename, int fd, con
 	}
 }
 
-static void accesslog_append_escaped(buffer *dest, buffer *str) {
+static void accesslog_append_escaped(buffer *dest, const buffer *str) {
 	char *ptr, *start, *end;
 
 	/* replaces non-printable chars with \xHH where HH is the hex representation of the byte */
@@ -755,7 +755,7 @@ REQUESTDONE_FUNC(log_access_write) {
 	size_t j;
 
 	int newts = 0;
-	buffer *vb;
+	const buffer *vb;
 	struct timespec ts = { 0, 0 };
 
 	mod_accesslog_patch_connection(srv, con, p);

src/mod_auth.c

@@ -479,7 +479,7 @@ static handler_t mod_auth_uri_handler(server *srv, connection *con, void *p_d) {
 	{
 			const http_auth_scheme_t * const scheme = dauth->require->scheme;
 			if (p->conf.auth_extern_authn) {
-				buffer *vb = http_header_env_get(con, CONST_STR_LEN("REMOTE_USER"));
+				const buffer *vb = http_header_env_get(con, CONST_STR_LEN("REMOTE_USER"));
 				if (NULL != vb && http_auth_match_rules(dauth->require, vb->ptr, NULL, NULL)) {
 					return HANDLER_GO_ON;
 				}
@@ -540,7 +540,7 @@ static handler_t mod_auth_send_401_unauthorized_basic(server *srv, connection *c
 }
 
 static handler_t mod_auth_check_basic(server *srv, connection *con, void *p_d, const struct http_auth_require_t *require, const struct http_auth_backend_t *backend) {
-	buffer *b = http_header_request_get(con, HTTP_HEADER_AUTHORIZATION, CONST_STR_LEN("Authorization"));
+	const buffer *b = http_header_request_get(con, HTTP_HEADER_AUTHORIZATION, CONST_STR_LEN("Authorization"));
 	buffer *username;
 	char *pw;
 	handler_t rc = HANDLER_UNSET;
@@ -916,7 +916,7 @@ typedef struct {
 static handler_t mod_auth_send_401_unauthorized_digest(server *srv, connection *con, const struct http_auth_require_t *require, int nonce_stale);
 
 static handler_t mod_auth_check_digest(server *srv, connection *con, void *p_d, const struct http_auth_require_t *require, const struct http_auth_backend_t *backend) {
-	buffer *vb = http_header_request_get(con, HTTP_HEADER_AUTHORIZATION, CONST_STR_LEN("Authorization"));
+	const buffer *vb = http_header_request_get(con, HTTP_HEADER_AUTHORIZATION, CONST_STR_LEN("Authorization"));
 
 	char *username = NULL;
 	char *realm = NULL;
@@ -1190,7 +1190,7 @@ static handler_t mod_auth_send_401_unauthorized_digest(server *srv, connection *
 
 static handler_t mod_auth_check_extern(server *srv, connection *con, void *p_d, const struct http_auth_require_t *require, const struct http_auth_backend_t *backend) {
 	/* require REMOTE_USER already set */
-	buffer *vb = http_header_env_get(con, CONST_STR_LEN("REMOTE_USER"));
+	const buffer *vb = http_header_env_get(con, CONST_STR_LEN("REMOTE_USER"));
 	UNUSED(srv);
 	UNUSED(p_d);
 	UNUSED(backend);

src/mod_authn_gssapi.c

@@ -484,7 +484,7 @@ static handler_t mod_authn_gssapi_check_spnego(server *srv, connection *con, plu
 
 static handler_t mod_authn_gssapi_check (server *srv, connection *con, void *p_d, const struct http_auth_require_t *require, const struct http_auth_backend_t *backend)
 {
-    buffer *vb = http_header_request_get(con, HTTP_HEADER_AUTHORIZATION, CONST_STR_LEN("Authorization"));
+    const buffer *vb = http_header_request_get(con, HTTP_HEADER_AUTHORIZATION, CONST_STR_LEN("Authorization"));
 
     UNUSED(backend);
     if (NULL == vb) {

src/mod_cml_lua.c

@@ -281,7 +281,7 @@ int cache_parse_lua(server *srv, connection *con, plugin_data *p, buffer *fn) {
 		lua_settop(L, curelem - 1);
 
 		if (ret == 0) {
-			buffer *vb = http_header_response_get(con, HTTP_HEADER_LAST_MODIFIED, CONST_STR_LEN("Last-Modified"));
+			const buffer *vb = http_header_response_get(con, HTTP_HEADER_LAST_MODIFIED, CONST_STR_LEN("Last-Modified"));
 			if (NULL == vb) { /* no Last-Modified specified */
 				char timebuf[sizeof("Sat, 23 Jul 2005 21:20:01 GMT")];
 				if (0 == mtime) mtime = time(NULL); /* default last-modified to now */

src/mod_compress.c

@@ -877,7 +877,7 @@ PHYSICALPATH_FUNC(mod_compress_physical) {
 		if (buffer_is_equal(&compress_ds->value, sce->content_type)
 		    || (content_type && buffer_is_equal(&compress_ds->value, content_type))) {
 			/* mimetype found */
-			buffer *vb;
+			const buffer *vb;
 
 			/* the response might change according to Accept-Encoding */
 			http_header_response_append(con, HTTP_HEADER_VARY, CONST_STR_LEN("Vary"), CONST_STR_LEN("Accept-Encoding"));

src/mod_deflate.c

@@ -1082,6 +1082,7 @@ static int mod_deflate_choose_encoding (const char *value, plugin_data *p, const
 
 CONNECTION_FUNC(mod_deflate_handle_response_start) {
 	plugin_data *p = p_d;
+	const buffer *vbro;
 	buffer *vb;
 	handler_ctx *hctx;
 	const char *label;
@@ -1123,20 +1124,20 @@ CONNECTION_FUNC(mod_deflate_handle_response_start) {
 	}
 
 	/* Check if response has a Content-Encoding. */
-	vb = http_header_response_get(con, HTTP_HEADER_CONTENT_ENCODING, CONST_STR_LEN("Content-Encoding"));
-	if (NULL != vb) return HANDLER_GO_ON;
+	vbro = http_header_response_get(con, HTTP_HEADER_CONTENT_ENCODING, CONST_STR_LEN("Content-Encoding"));
+	if (NULL != vbro) return HANDLER_GO_ON;
 
 	/* Check Accept-Encoding for supported encoding. */
-	vb = http_header_request_get(con, HTTP_HEADER_ACCEPT_ENCODING, CONST_STR_LEN("Accept-Encoding"));
-	if (NULL == vb) return HANDLER_GO_ON;
+	vbro = http_header_request_get(con, HTTP_HEADER_ACCEPT_ENCODING, CONST_STR_LEN("Accept-Encoding"));
+	if (NULL == vbro) return HANDLER_GO_ON;
 
 	/* find matching encodings */
-	compression_type = mod_deflate_choose_encoding(vb->ptr, p, &label);
+	compression_type = mod_deflate_choose_encoding(vbro->ptr, p, &label);
 	if (!compression_type) return HANDLER_GO_ON;
 
 	/* Check mimetype in response header "Content-Type" */
-	if (NULL != (vb = http_header_response_get(con, HTTP_HEADER_CONTENT_TYPE, CONST_STR_LEN("Content-Type")))) {
-		if (NULL == array_match_value_prefix(p->conf.mimetypes, vb)) return HANDLER_GO_ON;
+	if (NULL != (vbro = http_header_response_get(con, HTTP_HEADER_CONTENT_TYPE, CONST_STR_LEN("Content-Type")))) {
+		if (NULL == array_match_value_prefix(p->conf.mimetypes, vbro)) return HANDLER_GO_ON;
 	} else {
 		/* If no Content-Type set, compress only if first p->conf.mimetypes value is "" */
 		data_string *mimetype = (data_string *)p->conf.mimetypes->data[0];
@@ -1158,7 +1159,7 @@ CONNECTION_FUNC(mod_deflate_handle_response_start) {
 	 * (slightly imperfect (close enough?) match of ETag "000000" to "000000-gzip") */
 	vb = http_header_response_get(con, HTTP_HEADER_ETAG, CONST_STR_LEN("ETag"));
 	if (NULL != vb && (con->request.htags & HTTP_HEADER_IF_NONE_MATCH)) {
-		buffer *if_none_match = http_header_response_get(con, HTTP_HEADER_IF_NONE_MATCH, CONST_STR_LEN("If-None-Match"));
+		const buffer *if_none_match = http_header_response_get(con, HTTP_HEADER_IF_NONE_MATCH, CONST_STR_LEN("If-None-Match"));
 		etaglen = buffer_string_length(vb);
 		if (etaglen
 		    && con->http_status < 300 /*(want 2xx only)*/

src/mod_extforward.c

@@ -421,7 +421,7 @@ static int mod_extforward_patch_connection(server *srv, connection *con, plugin_
 /*
    extract a forward array from the environment
 */
-static array *extract_forward_array(buffer *pbuffer)
+static array *extract_forward_array(const buffer *pbuffer)
 {
 	array *result = array_init();
 	if (!buffer_string_is_empty(pbuffer)) {
@@ -581,7 +581,7 @@ static void mod_extforward_set_proto(server *srv, connection *con, const char *p
 	}
 }
 
-static handler_t mod_extforward_X_Forwarded_For(server *srv, connection *con, plugin_data *p, buffer *x_forwarded_for) {
+static handler_t mod_extforward_X_Forwarded_For(server *srv, connection *con, plugin_data *p, const buffer *x_forwarded_for) {
 	/* build forward_array from forwarded data_string */
 	array *forward_array = extract_forward_array(x_forwarded_for);
 	const char *real_remote_addr = last_not_in_array(forward_array, p);
@@ -594,7 +594,7 @@ static handler_t mod_extforward_X_Forwarded_For(server *srv, connection *con, pl
 		 *   (not done: walking backwards in X-Forwarded-Proto the same num of steps
 		 *    as in X-Forwarded-For to find proto set by last trusted proxy)
 		 */
-		buffer *x_forwarded_proto = http_header_request_get(con, HTTP_HEADER_X_FORWARDED_PROTO, CONST_STR_LEN("X-Forwarded-Proto"));
+		const buffer *x_forwarded_proto = http_header_request_get(con, HTTP_HEADER_X_FORWARDED_PROTO, CONST_STR_LEN("X-Forwarded-Proto"));
 		if (mod_extforward_set_addr(srv, con, p, real_remote_addr) && NULL != x_forwarded_proto) {
 			mod_extforward_set_proto(srv, con, CONST_BUF_LEN(x_forwarded_proto));
 		}
@@ -649,7 +649,7 @@ static int buffer_backslash_unescape (buffer * const b) {
     return 1;
 }
 
-static handler_t mod_extforward_Forwarded (server *srv, connection *con, plugin_data *p, buffer *forwarded) {
+static handler_t mod_extforward_Forwarded (server *srv, connection *con, plugin_data *p, const buffer *forwarded) {
     /* HTTP list need not consist of param=value tokens,
      * but this routine expect such for HTTP Forwarded header
      * Since info in each set of params is only used if from
@@ -1005,7 +1005,7 @@ static handler_t mod_extforward_Forwarded (server *srv, connection *con, plugin_
 
 URIHANDLER_FUNC(mod_extforward_uri_handler) {
 	plugin_data *p = p_d;
-	buffer *forwarded = NULL;
+	const buffer *forwarded = NULL;
 	handler_ctx *hctx = con->plugin_ctx[p->id];
 	int is_forwarded_header = 0;
 

src/mod_magnet.c

@@ -429,7 +429,7 @@ static int magnet_reqhdr_get(lua_State *L) {
     connection *con = magnet_get_connection(L);
     size_t klen;
     const char * const k = luaL_checklstring(L, 2, &klen);
-    buffer * const vb =
+    const buffer * const vb =
       http_header_request_get(con, HTTP_HEADER_UNSPECIFIED, k, klen);
     magnet_push_buffer(L, NULL != vb ? vb : NULL);
     return 1;
@@ -671,7 +671,7 @@ static int magnet_cgi_get(lua_State *L) {
     connection *con = magnet_get_connection(L);
     size_t klen;
     const char * const k = luaL_checklstring(L, 2, &klen);
-    buffer * const vb = http_header_env_get(con, k, klen);
+    const buffer * const vb = http_header_env_get(con, k, klen);
     magnet_push_buffer(L, NULL != vb ? vb : NULL);
     return 1;
 }
@@ -1072,7 +1072,7 @@ static handler_t magnet_attract_array(server *srv, connection *con, plugin_data
 	if (con->error_handler_saved_status) {
 		/* retrieve (possibly modified) REDIRECT_STATUS and store as number */
 		unsigned long x;
-		buffer * const vb = http_header_env_get(con, CONST_STR_LEN("REDIRECT_STATUS"));
+		const buffer * const vb = http_header_env_get(con, CONST_STR_LEN("REDIRECT_STATUS"));
 		if (vb && (x = strtoul(vb->ptr, NULL, 10)) < 1000)
 			/*(simplified validity check x < 1000)*/
 			con->error_handler_saved_status =

src/mod_openssl.c

@@ -2080,7 +2080,7 @@ https_add_ssl_client_entries (server *srv, connection *con, handler_ctx *hctx)
          *   ssl.verifyclient.username = "SSL_CLIENT_S_DN_emailAddress"
          */
         buffer *varname = hctx->conf.ssl_verifyclient_username;
-        buffer *vb = http_header_env_get(con, CONST_BUF_LEN(varname));
+        const buffer *vb = http_header_env_get(con, CONST_BUF_LEN(varname));
         if (vb) { /* same as http_auth.c:http_auth_setenv() */
             http_header_env_set(con,
                                 CONST_STR_LEN("REMOTE_USER"),

src/mod_proxy.c

@@ -530,7 +530,7 @@ static void proxy_set_Forwarded(connection *con, const unsigned int flags) {
         b = http_header_request_get(con, HTTP_HEADER_FORWARDED, CONST_STR_LEN("Forwarded"));
 
     if (flags && NULL == b) {
-        buffer *xff =
+        const buffer *xff =
           http_header_request_get(con, HTTP_HEADER_X_FORWARDED_FOR, CONST_STR_LEN("X-Forwarded-For"));
         http_header_request_set(con, HTTP_HEADER_FORWARDED,
                                 CONST_STR_LEN("Forwarded"),
@@ -671,7 +671,7 @@ static void proxy_set_Forwarded(connection *con, const unsigned int flags) {
     }
 
     if (flags & PROXY_FORWARDED_REMOTE_USER) {
-        buffer *remote_user =
+        const buffer *remote_user =
           http_header_env_get(con, CONST_STR_LEN("REMOTE_USER"));
         if (NULL != remote_user) {
             if (semicolon)
@@ -758,7 +758,7 @@ static handler_t proxy_create_env(server *srv, gw_handler_ctx *gwhctx) {
 		&& HTTP_METHOD_HEAD != con->request.http_method)) {
 		/* set Content-Length if client sent Transfer-Encoding: chunked
 		 * and not streaming to backend (request body has been fully received) */
-		buffer *vb = http_header_request_get(con, HTTP_HEADER_CONTENT_LENGTH, CONST_STR_LEN("Content-Length"));
+		const buffer *vb = http_header_request_get(con, HTTP_HEADER_CONTENT_LENGTH, CONST_STR_LEN("Content-Length"));
 		if (NULL == vb) {
 			char buf[LI_ITOSTRING_LENGTH];
 			li_itostrn(buf, sizeof(buf), con->request.content_length);

src/mod_trigger_b4_dl.c

@@ -330,7 +330,7 @@ URIHANDLER_FUNC(mod_trigger_b4_dl_uri_handler) {
 #if defined(HAVE_PCRE_H)
 	plugin_data *p = p_d;
 	const char *remote_ip;
-	buffer *vb;
+	const buffer *vb;
 
 	int n;
 # define N 10

src/mod_uploadprogress.c

@@ -289,8 +289,9 @@ URIHANDLER_FUNC(mod_uploadprogress_uri_handler) {
 		}
 	}
 
-	if (NULL != (b = http_header_request_get(con, HTTP_HEADER_OTHER, CONST_STR_LEN("X-Progress-ID")))) {
-		id = b->ptr;
+	const buffer *h = http_header_request_get(con, HTTP_HEADER_OTHER, CONST_STR_LEN("X-Progress-ID"));
+	if (NULL != h) {
+		id = h->ptr;
 	} else if (!buffer_string_is_empty(con->uri.query)
 		   && (id = strstr(con->uri.query->ptr, "X-Progress-ID="))) {
 		/* perhaps the POST request is using the query-string to pass the X-Progress-ID */

src/mod_usertrack.c

@@ -184,7 +184,7 @@ static int mod_usertrack_patch_connection(server *srv, connection *con, plugin_d
 URIHANDLER_FUNC(mod_usertrack_uri_handler) {
 	plugin_data *p = p_d;
 	buffer *cookie;
-	buffer *b;
+	const buffer *b;
 	unsigned char h[16];
 	li_MD5_CTX Md5Ctx;
 	char hh[LI_ITOSTRING_LENGTH];

src/mod_webdav.c

@@ -2102,17 +2102,17 @@ webdav_fcopyfile_sz (int ifd, int ofd, off_t isz)
 static int
 webdav_if_match_or_unmodified_since (connection * const con, struct stat *st)
 {
-    buffer *im = (0 != con->etag_flags)
+    const buffer *im = (0 != con->etag_flags)
       ? http_header_request_get(con, HTTP_HEADER_OTHER,
                                 CONST_STR_LEN("If-Match"))
       : NULL;
 
-    buffer *inm = (0 != con->etag_flags)
+    const buffer *inm = (0 != con->etag_flags)
       ? http_header_request_get(con, HTTP_HEADER_IF_NONE_MATCH,
                                 CONST_STR_LEN("If-None-Match"))
       : NULL;
 
-    buffer *ius =
+    const buffer *ius =
       http_header_request_get(con, HTTP_HEADER_OTHER,
                               CONST_STR_LEN("If-Unmodified-Since"));
 
@@ -3773,8 +3773,9 @@ mod_webdav_propfind (connection * const con, const plugin_config * const pconf)
     }
     else if (S_ISDIR(pb.st.st_mode)) {
         if (con->physical.path->ptr[con->physical.path->used - 2] != '/') {
-            buffer *vb = http_header_request_get(con, HTTP_HEADER_USER_AGENT,
-                                                 CONST_STR_LEN("User-Agent"));
+            const buffer *vb =
+              http_header_request_get(con, HTTP_HEADER_USER_AGENT,
+                                      CONST_STR_LEN("User-Agent"));
             if (vb && 0 == strncmp(vb->ptr, "Microsoft-WebDAV-MiniRedir/",
                                    sizeof("Microsoft-WebDAV-MiniRedir/")-1)) {
                 /* workaround Microsoft-WebDAV-MiniRedir bug */
@@ -4962,8 +4963,9 @@ mod_webdav_proppatch (connection * const con, const plugin_config * const pconf)
 
     if (S_ISDIR(st.st_mode)) {
         if (con->physical.path->ptr[con->physical.path->used - 2] != '/') {
-            buffer *vb = http_header_request_get(con, HTTP_HEADER_USER_AGENT,
-                                                 CONST_STR_LEN("User-Agent"));
+            const buffer *vb =
+              http_header_request_get(con, HTTP_HEADER_USER_AGENT,
+                                      CONST_STR_LEN("User-Agent"));
             if (vb && 0 == strncmp(vb->ptr, "Microsoft-WebDAV-MiniRedir/",
                                    sizeof("Microsoft-WebDAV-MiniRedir/")-1)) {
                 /* workaround Microsoft-WebDAV-MiniRedir bug */
@@ -5082,8 +5084,9 @@ mod_webdav_proppatch (connection * const con, const plugin_config * const pconf)
           ? webdav_db_transaction_commit(pconf)
           : webdav_db_transaction_rollback(pconf)) {
         if (NULL == ms) {
-            buffer *vb = http_header_request_get(con, HTTP_HEADER_USER_AGENT,
-                                                 CONST_STR_LEN("User-Agent"));
+            const buffer *vb =
+              http_header_request_get(con, HTTP_HEADER_USER_AGENT,
+                                      CONST_STR_LEN("User-Agent"));
             if (vb && 0 == strncmp(vb->ptr, "Microsoft-WebDAV-MiniRedir/",
                                    sizeof("Microsoft-WebDAV-MiniRedir/")-1)) {
                 /* workaround Microsoft-WebDAV-MiniRedir bug; 204 not handled */

src/mod_wstunnel.c

@@ -412,7 +412,7 @@ static int wstunnel_is_allowed_origin(connection *con, handler_ctx *hctx) {
      * Note that origin provided in request header has not been normalized, so
      * change in case or other non-normal forms might not match allowed list */
     const array * const allowed_origins = hctx->conf.origins;
-    buffer *origin = NULL;
+    const buffer *origin = NULL;
     size_t olen;
 
     if (0 == allowed_origins->used) {
@@ -517,7 +517,7 @@ static handler_t wstunnel_handler_setup (server *srv, connection *con, plugin_da
 
     binary = !buffer_is_empty(hctx->conf.frame_type); /*("binary")*/
     if (!binary) {
-        buffer *vb =
+        const buffer *vb =
           http_header_request_get(con, HTTP_HEADER_OTHER, CONST_STR_LEN("Sec-WebSocket-Protocol"));
         if (NULL != vb) {
             for (const char *s = vb->ptr; *s; ++s) {
@@ -565,7 +565,7 @@ static handler_t wstunnel_handler_setup (server *srv, connection *con, plugin_da
 
 static handler_t mod_wstunnel_check_extension(server *srv, connection *con, void *p_d) {
     plugin_data *p = p_d;
-    buffer *vb;
+    const buffer *vb;
     handler_t rc;
 
     if (con->mode != DIRECT)
@@ -744,7 +744,7 @@ static int create_response_ietf_00(handler_ctx *hctx) {
 
     /* "Origin" header is preferred
      * ("Sec-WebSocket-Origin" is from older drafts of websocket spec) */
-    buffer *origin = http_header_request_get(con, HTTP_HEADER_OTHER, CONST_STR_LEN("Origin"));
+    const buffer *origin = http_header_request_get(con, HTTP_HEADER_OTHER, CONST_STR_LEN("Origin"));
     if (NULL == origin) {
         origin =
           http_header_request_get(con, HTTP_HEADER_OTHER, CONST_STR_LEN("Sec-WebSocket-Origin"));
@@ -807,9 +807,9 @@ static int create_response_rfc_6455(handler_ctx *hctx) {
     SHA_CTX sha;
     unsigned char sha_digest[SHA_DIGEST_LENGTH];
 
-    buffer *value =
+    const buffer *value_wskey =
       http_header_request_get(con, HTTP_HEADER_OTHER, CONST_STR_LEN("Sec-WebSocket-Key"));
-    if (NULL == value) {
+    if (NULL == value_wskey) {
         DEBUG_LOG(MOD_WEBSOCKET_LOG_ERR, "s", "Sec-WebSocket-Key is invalid");
         return -1;
     }
@@ -817,7 +817,7 @@ static int create_response_rfc_6455(handler_ctx *hctx) {
     /* get SHA1 hash of key */
     /* refer: RFC-6455 Sec.1.3 Opening Handshake */
     SHA1_Init(&sha);
-    SHA1_Update(&sha, (const unsigned char *)CONST_BUF_LEN(value));
+    SHA1_Update(&sha, (const unsigned char *)CONST_BUF_LEN(value_wskey));
     SHA1_Update(&sha, (const unsigned char *)CONST_STR_LEN("258EAFA5-E914-47DA-95CA-C5AB0DC85B11"));
     SHA1_Final(sha_digest, &sha);
 
@@ -830,7 +830,7 @@ static int create_response_rfc_6455(handler_ctx *hctx) {
                                 CONST_STR_LEN("upgrade"));
   #endif
 
-    value = hctx->srv->tmp_buf;
+    buffer *value = hctx->srv->tmp_buf;
     buffer_clear(value);
     buffer_append_base64_encode(value, sha_digest, SHA_DIGEST_LENGTH, BASE64_STANDARD);
     http_header_response_set(con, HTTP_HEADER_OTHER,

src/request.c

@@ -453,7 +453,7 @@ static int http_request_parse_single_header(connection * const con, const enum h
             /* Proxies sometimes send dup headers
              * if they are the same we ignore the second
              * if not, we raise an error */
-            buffer *vb =
+            const buffer *vb =
               http_header_request_get(con, HTTP_HEADER_IF_MODIFIED_SINCE,
                                       CONST_STR_LEN("If-Modified-Since"));
             if (vb && buffer_is_equal_caseless_string(vb, v, vlen)) {

src/response.h

@@ -46,7 +46,7 @@ handler_t http_response_read(server *srv, connection *con, http_response_opts *o
 handler_t http_response_prepare(server *srv, connection *con);
 int http_response_buffer_append_authority(server *srv, connection *con, buffer *b);
 int http_response_redirect_to_directory(server *srv, connection *con, int status);
-int http_response_handle_cachable(server *srv, connection *con, buffer * mtime);
+int http_response_handle_cachable(server *srv, connection *con, const buffer * mtime);
 void http_response_body_clear(connection *con, int preserve_length);
 void http_response_send_file (server *srv, connection *con, buffer *path);
 void http_response_backend_done (server *srv, connection *con);