diff options
| author | Peter Beard <musicmandanceman@gmail.com> | 2025-10-28 10:26:26 -0600 |
|---|---|---|
| committer | Gopher Robot <gobot@golang.org> | 2025-11-13 13:44:03 -0800 |
| commit | 129d0cb543e1e15cdea706dd7230ee90c8d54446 (patch) | |
| tree | 016cadb2b2254323bf32045f80307ae8463fec27 /src/net/http/cgi | |
| parent | 77c5130100ac1b29bb2e04d0f5f99e200136c0af (diff) | |
| download | go-129d0cb543e1e15cdea706dd7230ee90c8d54446.tar.xz | |
net/http/cgi: accept INCLUDED as protocol for server side includes
The existing protocol check for fcgi/cgi requests did not properly
account for Apache SSI (Server-Side Includes) SERVER_PROTOCOL value of
INCLUDED.
Added check for well-known INCLUDED value for proper implementation of
the CGI Spec as specified in RFC 3875 - section 4.1.16.
The SERVER_PROTOCOL section of the specification is outlined at
https://www.rfc-editor.org/rfc/rfc3875.html#section-4.1.16
Fixes #70416
Change-Id: I129e606147e16d1daefb49ed6c13a561a88ddeb6
Reviewed-on: https://go-review.googlesource.com/c/go/+/715680
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
Reviewed-by: Sean Liao <sean@liao.dev>
Auto-Submit: Sean Liao <sean@liao.dev>
Diffstat (limited to 'src/net/http/cgi')
| -rw-r--r-- | src/net/http/cgi/child.go | 7 | ||||
| -rw-r--r-- | src/net/http/cgi/child_test.go | 22 |
2 files changed, 27 insertions, 2 deletions
diff --git a/src/net/http/cgi/child.go b/src/net/http/cgi/child.go index e29fe20d7d..466d42c08e 100644 --- a/src/net/http/cgi/child.go +++ b/src/net/http/cgi/child.go @@ -57,8 +57,11 @@ func RequestFromMap(params map[string]string) (*http.Request, error) { r.Proto = params["SERVER_PROTOCOL"] var ok bool - r.ProtoMajor, r.ProtoMinor, ok = http.ParseHTTPVersion(r.Proto) - if !ok { + if r.Proto == "INCLUDED" { + // SSI (Server Side Include) use case + // CGI Specification RFC 3875 - section 4.1.16 + r.ProtoMajor, r.ProtoMinor = 1, 0 + } else if r.ProtoMajor, r.ProtoMinor, ok = http.ParseHTTPVersion(r.Proto); !ok { return nil, errors.New("cgi: invalid SERVER_PROTOCOL version") } diff --git a/src/net/http/cgi/child_test.go b/src/net/http/cgi/child_test.go index 18cf789bd5..f901bec1a8 100644 --- a/src/net/http/cgi/child_test.go +++ b/src/net/http/cgi/child_test.go @@ -154,6 +154,28 @@ func TestRequestWithoutRemotePort(t *testing.T) { } } +// CGI Specification RFC 3875 - section 4.1.16 +// INCLUDED value for SERVER_PROTOCOL must be treated as an HTTP/1.0 request +func TestIncludedServerProtocol(t *testing.T) { + env := map[string]string{ + "REQUEST_METHOD": "GET", + "SERVER_PROTOCOL": "INCLUDED", + } + req, err := RequestFromMap(env) + if req.Proto != "INCLUDED" { + t.Errorf("unexpected change to SERVER_PROTOCOL") + } + if major := req.ProtoMajor; major != 1 { + t.Errorf("ProtoMajor: got %d, want %d", major, 1) + } + if minor := req.ProtoMinor; minor != 0 { + t.Errorf("ProtoMinor: got %d, want %d", minor, 0) + } + if err != nil { + t.Fatalf("expected INCLUDED to be treated as HTTP/1.0 request") + } +} + func TestResponse(t *testing.T) { var tests = []struct { name string |