> Christopher Zimmermann wrote:
>
> Tim Baumgard wrote:
>> The current behavior is redundant since SCRIPT_NAME, which is in the
>> RFC, and DOCUMENT_URI are always set to the same thing.
>
> That's not always the case. DOCUMENT_URI is SCRIPT_NAME ^ PATH_INFO.
> If you want the original URI, you can always use REQUEST_URI and strip
> the query string, which is easy to do.
Right, it's using scriptlen in strndup(), which is explained a few lines
up in the code... Sorry for the noise on that.
>> So, instead of
>> considering what I sent previously, here's a diff for the
>> httpd.conf(5) man page that adds a list of the variables (and their
>> descriptions) that are given to the FastCGI handler. Making the
>> behavior for these values explicit should avoid any similar
>> confusion, and I'm sure it would be helpful in other ways as well.
>
> Thanks for the effort. This will indeed be helpfull for many users.
>
>> +.It Ic DOCUMENT_URI
>> +The URI path to the script.
>
> Rather the canonicalised URI, possibly with '/' and/or index appended.
> NOT necessarily the path to the script; neither virtual nor physical (see
> above).
>
>> +.It Ic GATEWAY_INTERFACE
>> +The revision of the CGI specification used.
>> +.It Ic HTTP_*
>> +Additional HTTP headers the connected client sent in the request, if
>> +any.
>> +.It Ic HTTPS
>> +A variable that is set to
>> +.Qq on
>> +when the server has been configured to use TLS. This variable is not
>> +given otherwise.
>
> Put REQUEST_PATH, DOCUMENT_URI, SCRIPT_NAME, PATH_INFO and
> SCRIPT_FILENAME here, they are best understood in context of each other.
>
>> +.It Ic REQUEST_URI
>> +The request path and optional query string.
>
> The _original_ request path.
>
>> +.It Ic SCRIPT_FILENAME
>> +The absolute path to the script within the
>> +.Xr chroot 2
>> +directory.
>
> Maybe add "physical path" ?
>
>> +.It Ic SCRIPT_NAME
>> +The URI path to the script.
>
> The RFC calls this "virtual".
Below is an updated diff for the man page to address your feedback. I
also included another small diff that fixes the QUERY_STRING variable
when no query string is given. The RFC states:
The server MUST set this variable; if the Script-URI does not include a
query component, the QUERY_STRING MUST be defined as an empty string
("").
(https://tools.ietf.org/html/rfc3875#section-4.1.7)
nginx follows the RFC, so I'm assuming that httpd's behavior is a
bug. The man page diff takes this change into account.
Index: httpd.conf.5
===================================================================
RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v
retrieving revision 1.68
diff -u -p -r1.68 httpd.conf.5
--- httpd.conf.5 19 Jul 2015 05:17:27 -0000 1.68
+++ httpd.conf.5 18 Apr 2016 01:26:18 -0000
@@ -274,6 +274,62 @@ root directory of
.Xr httpd 8
and defaults to
.Pa /run/slowcgi.sock .
+.Pp
+The FastCGI handler will be given the following variables:
+.Pp
+.Bl -tag -width GATEWAY_INTERFACE -offset indent -compact
+.It Ic DOCUMENT_ROOT
+The document root in which the script is located as configured by the
+.Ic root
+option for the server or location that matches the request.
+.It Ic GATEWAY_INTERFACE
+The revision of the CGI specification used.
+.It Ic HTTP_*
+Additional HTTP headers the connected client sent in the request, if
+any.
+.It Ic HTTPS
+A variable that is set to
+.Qq on
+when the server has been configured to use TLS. This variable is
+omitted otherwise.
+.It Ic REQUEST_URI
+The path and optional query string as requested by the connected client.
+.It Ic DOCUMENT_URI
+The canonicalized URI for the script, possibly with a slash or
+directory index file name appended.
+.It Ic SCRIPT_NAME
+The virtual URI path to the script.
+.It Ic PATH_INFO
+The optional path appended after the script name in the request path.
+This variable is an empty string if no path is appended after the
+script name.
+.It Ic SCRIPT_FILENAME
+The absolute, physical path to the script within the
+.Xr chroot 2
+directory.
+.It Ic QUERY_STRING
+The optional query string of the request. This variable is an empty
+string if there is no query string in the request.
+.It Ic REMOTE_ADDR
+The IP address of the connected client.
+.It Ic REMOTE_PORT
+The TCP source port of the connected client.
+.It Ic REMOTE_USER
+The remote user when using HTTP authentication.
+.It Ic REQUEST_METHOD
+The HTTP method the connected client used when making the request.
+.It Ic SERVER_ADDR
+The configured IP address of the server.
+.It Ic SERVER_NAME
+The name of the server.
+.It Ic SERVER_PORT
+The configured TCP server port of the server.
+.It Ic SERVER_PROTOCOL
+The revision of the HTTP specification used.
+.It Ic SERVER_SOFTWARE
+The server software name of
+.Xr httpd 8 .
+.El
.It Ic hsts Oo Ar option Oc
Enable HTTP Strict Transport Security.
Valid options are:
Index: server_fcgi.c
===================================================================
RCS file: /cvs/src/usr.sbin/httpd/server_fcgi.c,v
retrieving revision 1.67
diff -u -p -r1.67 server_fcgi.c
--- server_fcgi.c 23 Nov 2015 20:56:15 -0000 1.67
+++ server_fcgi.c 18 Apr 2016 01:26:49 -0000
@@ -242,12 +242,16 @@ server_fcgi(struct httpd *env, struct cl
goto fail;
}
- if (desc->http_query)
+ if (desc->http_query) {
if (fcgi_add_param(¶m, "QUERY_STRING", desc->http_query,
clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
+ } else if (fcgi_add_param(¶m, "QUERY_STRING", "", clt) == -1) {
+ errstr = "failed to encode param";
+ goto fail;
+ }
if (fcgi_add_param(¶m, "DOCUMENT_ROOT", srv_conf->root,
clt) == -1) {
