On Tuesday 30 June 2015 11:20:28 Daniel Stenberg wrote: > On Tue, 30 Jun 2015, NoëlKöthe wrote: > > (Pruned the receivers list to the wget list only.) > > The reason some tools don't accept "HTTP_PROXY" and only "http_proxy" is > that the CGI interface from back in the old days provide headers from the > incoming request to the CGI program prefixed with "HTTP_". > > Thus, running a CGI script from a server, an incoming "Proxy:" header (which > normally doesn't do anything) would be sent to the program as "HTTP_PROXY", > leading to confusions or in the worst case some sort of attack. > > The CGI interface is an ancient thing, probably boardering to extinction. > Still it is out there and some such CGIs probably use wget. > > Incidently, curl also only accepts the lower case version of this > environment variable and I believe it goes for some other related tools as > well.
Thanks for pointing that out, Daniel. This a very valuable information which needs to be mentioned in the code (and docs) as well. From the orginal bug report (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790523): "wget does not recognize proxy variables when capitalized correctly. It wants them in lowercase, which conflicts with private variables in my script." Even if wget becomes changed to *also* recognize uppercase proxy variables, the bug reporter will still have a problem with his script variable names (at least it sounds so for me). Dropping support for the lowercase variant is not an option. For me it looks like a WONTFIX. Tim
signature.asc
Description: This is a digitally signed message part.
