On 2016-04-14 Tim Baumgard <[email protected]> wrote: > > Christopher Zimmermann wrote: > > Tim Baumgard wrote: > >> According to convention and httpd.conf(5), the $DOCUMENT_URI macro > >> for FastCGI calls should expand to the request path instead of the > >> path alias. > > > > FastCGI / CGI is poorly documented. As far as convention goes, at > > least nginx uses the rewritten url, too: > > > > $document_uri > > same as $uri > > > > $uri > > current URI in request, normalized > > > > The value of $uri may change during request processing, e.g. when > > doing internal redirects, or when using index files. > > > > This behavior has the effect that the CGI script will know the > > "canonical" url of the requested ressource, not an alias that the > > client happened to request. We call the rewritten, canonical url > > "alias" in our code, so that might be confusing. > > Indeed, nginx works as you described. Also, it appears lighttpd works > in a similar way. > > "Convention" was a bad word choice. I meant that it's what Apache and > many implementations of SSI do. It's also what I was finding when > searching using queries along the lines of "CGI DOCUMENT_URI", which I > was doing because the CGI RFC doesn't include DOCUMENT_URI. > > The current behavior is redundant since SCRIPT_NAME, which is in the > RFC, and DOCUMENT_URI are always set to the same thing.
That's not always the case. DOCUMENT_URI is SCRIPT_NAME ^ PATH_INFO. If you want the original URI, you can always use REQUEST_URI and strip the query string, which is easy to do. > Also, the man > page says that the $DOCUMENT_URI macro is "the request path" and the > $REQUEST_URI macro is "the request path and optional query string." I > suppose it's OK to use different meanings for the same term in these > two different places since they're serving different purposes, but > it's a little misleading. > > Anyway, while I now think the current behavior is probably best in > terms of the semantics of "DOCUMENT_URI," the point I just tried to > make with my drawn-out explanation is that it's pretty easy to come > to the same incorrect conclusion that I did. CGI variables are poorly documented, not really standardised and confusing. > So, instead of > considering what I sent previously, here's a diff for the > httpd.conf(5) man page that adds a list of the variables (and their > descriptions) that are given to the FastCGI handler. Making the > behavior for these values explicit should avoid any similar > confusion, and I'm sure it would be helpful in other ways as well. Thanks for the effort. This will indeed be helpfull for many users. > > Index: httpd.conf.5 > =================================================================== > RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v > retrieving revision 1.68 > diff -u -p -r1.68 httpd.conf.5 > --- httpd.conf.5 19 Jul 2015 05:17:27 -0000 1.68 > +++ httpd.conf.5 15 Apr 2016 00:55:25 -0000 > @@ -274,6 +274,59 @@ root directory of > .Xr httpd 8 > and defaults to > .Pa /run/slowcgi.sock . > +.Pp > +The FastCGI handler will be given the following variables: > +.Pp > +.Bl -tag -width GATEWAY_INTERFACE -offset indent -compact > +.It Ic DOCUMENT_ROOT > +The document root in which the script is located as configured by the > +.Ic root > +option for the server or location that matches the request. > +.It Ic DOCUMENT_URI > +The URI path to the script. Rather the canonicalised URI, possibly with '/' and/or index appended. NOT necessarily the path to the script; neither virtual nor physical (see above). > +.It Ic GATEWAY_INTERFACE > +The revision of the CGI specification used. > +.It Ic HTTP_* > +Additional HTTP headers the connected client sent in the request, if > +any. > +.It Ic HTTPS > +A variable that is set to > +.Qq on > +when the server has been configured to use TLS. This variable is not > +given otherwise. Put REQUEST_PATH, DOCUMENT_URI, SCRIPT_NAME, PATH_INFO and SCRIPT_FILENAME here, they are best understood in context of each other. > +.It Ic PATH_INFO > +The optional path appended after the script name in the request path. > +This variable is empty if no path is appended after the script name. > +.It Ic QUERY_STRING > +The optional query string of the request. > +.It Ic REMOTE_ADDR > +The IP address of the connected client. > +.It Ic REMOTE_PORT > +The TCP source port of the connected client > +.It Ic REMOTE_USER > +The remote user when using HTTP authentication. > +.It Ic REQUEST_METHOD > +The HTTP method the connected client used when making the request. > +.It Ic REQUEST_URI > +The request path and optional query string. The _original_ request path. > +.It Ic SCRIPT_FILENAME > +The absolute path to the script within the > +.Xr chroot 2 > +directory. Maybe add "physical path" ? > +.It Ic SCRIPT_NAME > +The URI path to the script. The RFC calls this "virtual". > +.It Ic SERVER_ADDR > +The configured IP address of the server. > +.It Ic SERVER_NAME > +The name of the server. > +.It Ic SERVER_PORT > +The configured TCP port of the server. > +.It Ic SERVER_PROTOCOL > +The revision of the HTTP specification used. > +.It Ic SERVER_SOFTWARE > +The server software name of > +.Xr httpd 8 . > +.El > .It Ic hsts Oo Ar option Oc > Enable HTTP Strict Transport Security. > Valid options are: > -- http://gmerlin.de OpenPGP: http://gmerlin.de/christopher.pub 2779 7F73 44FD 0736 B67A C410 69EC 7922 34B4 2566
pgpSDIub7qgYO.pgp
Description: OpenPGP digital signature
