fastcgi: Ensure leading slash, omit SERVER_PORT if empty for compliance (#3570)

See https://tools.ietf.org/html/rfc3875#section-4.1.13 for SCRIPT_NAME requiring leading slash
See https://tools.ietf.org/html/rfc3875#section-4.1.15 for SERVER_PORT requiring omission if empty
This commit is contained in:
Francis Lavoie 2020-07-17 16:48:50 -04:00 committed by GitHub
parent 3fdaf50785
commit 0665a86eb7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -202,6 +202,12 @@ func (t Transport) buildEnv(r *http.Request) (map[string]string, error) {
pathPrefix, _ := r.Context().Value(caddy.CtxKey("path_prefix")).(string)
scriptName = path.Join(pathPrefix, scriptName)
// Ensure the SCRIPT_NAME has a leading slash for compliance with RFC3875
// Info: https://tools.ietf.org/html/rfc3875#section-4.1.13
if scriptName != "" && !strings.HasPrefix(scriptName, "/") {
scriptName = "/" + scriptName
}
// Get the request URL from context. The context stores the original URL in case
// it was changed by a middleware such as rewrite. By default, we pass the
// original URI in as the value of REQUEST_URI (the user can overwrite this
@ -249,7 +255,6 @@ func (t Transport) buildEnv(r *http.Request) (map[string]string, error) {
"REQUEST_METHOD": r.Method,
"REQUEST_SCHEME": requestScheme,
"SERVER_NAME": reqHost,
"SERVER_PORT": reqPort,
"SERVER_PROTOCOL": r.Proto,
"SERVER_SOFTWARE": t.serverSoftware,
@ -269,6 +274,13 @@ func (t Transport) buildEnv(r *http.Request) (map[string]string, error) {
env["PATH_TRANSLATED"] = filepath.Join(root, pathInfo) // Info: http://www.oreilly.com/openbook/cgi/ch02_04.html
}
// compliance with the CGI specification requires that
// SERVER_PORT should only exist if it's a valid numeric value.
// Info: https://www.ietf.org/rfc/rfc3875 Page 18
if reqPort != "" {
env["SERVER_PORT"] = reqPort
}
// Some web apps rely on knowing HTTPS or not
if r.TLS != nil {
env["HTTPS"] = "on"