Graham Leggett wrote:
> The second is that the module seems to want to respond to all methods,
> GET, POST, PROPFIND, etc when in theory it should only respond to GET.
Yes, exactly. The history here seems to be due to a change made for
PR 25435, which made it into 2.4.x but was vetoed for 2.2.x.[1-4]
In short, if you set up a docroot with a file /dav/index.html,
set "Dav On" on /dav, and make a "PROPFIND /dav/" request, you get a 405
with 2.4.x/trunk, but a DAV response with 2.2.x.
You can use "DirectoryIndex disabled" to defeat this problem in
2.4.x/trunk, but to me this looks like a regression, as a working 2.2.x
DAV configuration will be broken in 2.4.x.
Digging in a bit, mod_dir's fixup hook for directories is runs LAST,
after mod_dav's fixups hook. In mod_dav's hook, it sets r->handler for
its module, except when the method is GET or POST.
In mod_dir, the fixups hook no longer bails out (after dealing with
no-trailing-slash cases) when r->handler is not DIR_MAGIC_TYPE, due to
the r233369 change, so it proceeds even in the case of PROPFIND or
another DAV method to go looking for index.html, etc., using
ap_sub_req_lookup_uri(), which runs its sub-request using GET.
In those GET sub-requests, mod_dav's fixups hook does not set
r->handler, because of the method type.
When index.html or some other DirectoryIndex file is found, mod_dir
overwrites the current request r with the sub-request using
ap_internal_fast_redirect(). This overwrites r->handler to NULL (as
mod_dav declined to take action during the GET sub-request), but does
not change r->method or r->method_number.
Now the core default_handler() runs because r->handler == NULL,
sees the PROPFIND method in r, and responds with a 405.
Here's a quick patch which I've pulled out of my long list, which
I believe resolves the problem by having mod_dir decline to take
action except on GET or POST. See if this helps, and if so, I'll try
to get it cleaned up and into trunk as soon as I'm back to work:
===========================================================
--- mod_dir.c.orig 2013-12-30 10:32:45.222008348 -0800
+++ mod_dir.c 2013-12-30 10:33:17.219008863 -0800
@@ -260,6 +260,10 @@
return HTTP_MOVED_PERMANENTLY;
}
+ if (r->method_number != M_GET && r->method_number != M_POST) {
+ return DECLINED;
+ }
+
if (d->index_names) {
names_ptr = (char **)d->index_names->elts;
num_names = d->index_names->nelts;
===========================================================
Chris.
1. https://issues.apache.org/bugzilla/show_bug.cgi?id=25435#c7
2. http://svn.apache.org/r233369
3. http://svn.apache.org/r327900
4. http://svn.apache.org/r327903
