Em 01-07-2014 20:06, Kristaps Dzonsons escreveu:
Folks,
If anybody's running nginx with slowcgi(8) on or before OpenBSD 5.5
release, be aware that there's a subtle error (fixed after 5.5) that
silently discards HTTP headers with some referrers.
Long story: I noticed that cookies POSTed by an iPhone client were
lost before being passed to a slowcgi(8) script. Several other HTTP
headers were also lost (Accept-Language, etc.). But they were passed
through in GET calls (and in POST from other systems). Dumping the
request via tcpdump(8), I saw that each of the lost headers occured
after a monster User-Agent string. In this case,
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 7_0_4 like Mac OS X)
AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11B554a
Safari/9537.53
For the GET calls to the CGI via slowcgi(8), this was being invoked
last, so there was no loss.
I remembered seeing something in plus.html about the following:
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/slowcgi/slowcgi.c?rev=1.30;content-type=text%2Fx-cvsweb-markup
florian@ saves the day! The commit message only mentions
QUERY_STRING, but as it turns out, it's also relevant to other
headers. And in this case, causes silent loss. So if you're using
slowcgi(8), you probably want to upgrade...
Best,
Kristaps
I've been using the port fcgi-cgi-static meanwhile and it's working ok.
Can't afford to upgrade right now.
Cheers,
--
Giancarlo Razzolini
GPG: 4096R/77B981BC
