Em 01-07-2014 20:06, Kristaps Dzonsons escreveu: > Folks, > > If anybody's running nginx with slowcgi(8) on or before OpenBSD 5.5 > release, be aware that there's a subtle error (fixed after 5.5) that > silently discards HTTP headers with some referrers. > > Long story: I noticed that cookies POSTed by an iPhone client were > lost before being passed to a slowcgi(8) script. Several other HTTP > headers were also lost (Accept-Language, etc.). But they were passed > through in GET calls (and in POST from other systems). Dumping the > request via tcpdump(8), I saw that each of the lost headers occured > after a monster User-Agent string. In this case, > > User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 7_0_4 like Mac OS X) > AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11B554a > Safari/9537.53 > > For the GET calls to the CGI via slowcgi(8), this was being invoked > last, so there was no loss. > > I remembered seeing something in plus.html about the following: > > http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/slowcgi/slowcgi.c?rev=1.30;content-type=text%2Fx-cvsweb-markup > > > florian@ saves the day! The commit message only mentions > QUERY_STRING, but as it turns out, it's also relevant to other > headers. And in this case, causes silent loss. So if you're using > slowcgi(8), you probably want to upgrade... > > Best, > > Kristaps > I've been using the port fcgi-cgi-static meanwhile and it's working ok. Can't afford to upgrade right now.
Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC
