Hello again,> Dear Maintainer,
> mini-httpd as currently found in 
> https://salsa.debian.org/debian/mini-httpd/-
> /blob/master/mini_httpd.c?ref_type=heads 
> violates the CGI RFC (RFC-3875). The RFC specifies in "5.2 NPH
> Response" 
> that an "NPH  script MUST return a complete HTTP response message",
> and 
> more "The server MUST ensure that the script output is sent to the 
> client unmodified." But mini-http actually DOES modify the HTTP
> response 
> from NPH CGIs. It prefixes the script output with a fixed "HTTP/1.0
> 200 
> OK" header, even if the NPH CGI wants to report a different status.
> This 
> happens only if SSL is active.
Acknowledged, thanks for the test case and proposed solution. This will
be incorporated into mini-httpd-1.30.9. 

Thanks for your contribution to Debian,

Alexandru Mihail,
mini-httpd maintainer

Reply via email to