This is a follow up of r1808746 after a chat
with Yann on dev@:
- the HTTP:Host variable suffers from the same problem
- the strcasecmp should be used to allow case-sensitive
comparisons.
- in mod_rewrite is less cumbersome and more clean to just
make the Host header check in lookup_header, so it will
be automatically picked up by every part of the code
that uses it. It shouldn't be a relevant overhead for
mod_rewrite.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@
1809028 13f79535-47bb-0310-9956-
ffa450edef68
PR 38923 [Nick Kew]
*) mod_rewrite, core: Avoid the 'Vary: Host' response header when HTTP_HOST is
- used in a condition that evaluates to true. PR 58231 [Luca Toscano]
+ used in a condition that evaluates to true. PR 58231 [Luca Toscano, Yann Ylavic]
*) mod_md: v0.9.6: a "MDRequireHttps permament" configured domain automatically sends out
HSTS (rfc 6797) headers in https: responses. [Stefan Eissing]
{
const char *val = apr_table_get(ctx->r->headers_in, name);
- if (val) {
+ /* Skip the 'Vary: Host' header combination
+ * as indicated in rfc7231 section-7.1.4
+ */
+ if (val && strcasecmp(name, "Host") != 0) {
ctx->vary_this = ctx->vary_this
? apr_pstrcat(ctx->r->pool, ctx->vary_this, ", ",
name, NULL)
case 'S':
if (!strcmp(var, "HTTP_HOST")) {
- /* Skip the 'Vary: Host' header combination
- * as indicated in rfc7231 section-7.1.4
- */
- result = apr_table_get(ctx->r->headers_in, "Host");
+ result = lookup_header("Host", ctx);
}
break;
t = ctx->r->headers_in;
else { /* req, http */
t = ctx->r->headers_in;
- add_vary(ctx, arg);
+ /* Skip the 'Vary: Host' header combination
+ * as indicated in rfc7231 section-7.1.4
+ */
+ if (strcasecmp(arg, "Host")){
+ add_vary(ctx, arg);
+ }
}
return apr_table_get(t, arg);
}
/* Skip the 'Vary: Host' header combination
* as indicated in rfc7231 section-7.1.4
*/
- if (strcmp(name, "Host")){
+ if (strcasecmp(name, "Host")){
add_vary(ctx, name);
}
return apr_table_get(ctx->r->headers_in, name);
projects / apache / commitdiff