[FASTCGI] [PATCH] Updated patch for -pass-header correct handling
apex at xepa.nl
Sun Sep 21 17:07:34 EDT 2008
Christian Seiler wrote:
> So, if you do -pass-header HTTP_AUTHORIZATION, mod_fastcgi will try to
> lookup the HTTP header HTTP_AUTHORIZATION which is not sent by the
> browser (a browser would actually have to send "HTTP_AUTHORIZATION: foo"
> in order for such a header to appear in headers_in) and since it's not
> set, it does nothing.
> If you do -pass-header AUTHORIZATION, mod_fastcgi will try to lookup the
> HTTP header AUTHORIZATION, which is sent by the browser, but then it
> will set the CGI env variable with the name AUTHORIZATION.
I use mod_fcgid (long story) and have noticed the same "bug" there too.
I too have had to patch the source to pass the AUTH header as
HTTP_AUTH to cgi's, did not know this also relates to other client headers.
But I like ur patch Christian, lots cleaner than my hack. It fixes the
issue, my hack only sidesteps it. Once this commes out to the
repositories I will restart the fcgid vs fastcgi discussion at work again :)
I seem to remember another bug propping up on php4, what version did u
try with your example ? I did patch our binaries long long time ago and
I can't quite remember why I added extra code to decode the Auth header
and pass it's components (PHP_AUTH_USER/PHP_AUTH_PW) to php4.
Keep up the good work
More information about the FastCGI-developers