On 25 Dec 2006, at 22:59, Ruediger Pluem wrote:
- if (!use_regex && !ap_is_url(url))
+ /* PR#35314: we can allow path components here;
+ * they get correctly resolved to full URLs.
Where? A quick check shows that the resulting Location header has
no scheme and host in front.
AFAICT this violates 14.30 of RFC2616 as the value of a Location
header must be an absoluteURI
or better absolute-URI as defined in 4.3 of RFC3986.
What kind of a quick check? I ran a case with leading slash, both from
httpd.conf and .htaccess, expecting to see broken Location headers which
I was then going to fix at the point where they're generated (which
can't
be at config-time because we don't always have a server name at
that point). But it returned full, valid and correct Location headers
to the client without me doing anything. Hence the trivial change
and comment.
Of course you can already create invalid Location headers with
RedirectMatch. So it might make
sense to check the validity of a Location header after applying a
Redirect(Match) to a request
to ensure that it results in an absolute-URI and maybe fix it if it
does not seem to be one.
I guessed a fix for that was responsible for the correct headers I saw.
--
Nick Kew
