From c7c184645fd39fa73e65662aa66f7fffad83e5b9 Mon Sep 17 00:00:00 2001 From: Eric Covener Date: Tue, 22 Nov 2016 01:53:40 +0000 Subject: [PATCH] remove Location: header checks for absolute URL https://tools.ietf.org/html/rfc7231#section-7.1.2 The "Location" header field is used in some responses to refer to a specific resource in relation to the response. The type of relationship is defined by the combination of request method and status code semantics. Location = URI-reference The field value consists of a single URI-reference. When it has the form of a relative reference ([RFC3986], Section 4.2), the final value is computed by resolving it against the effective request URI ([RFC3986], Section 5). There is even an example with no scheme: Location: /People.html#tim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1770786 13f79535-47bb-0310-9956-ffa450edef68 --- modules/http/http_filters.c | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/modules/http/http_filters.c b/modules/http/http_filters.c index a583f3c1be..66b1987477 100644 --- a/modules/http/http_filters.c +++ b/modules/http/http_filters.c @@ -696,27 +696,7 @@ static APR_INLINE int check_headers(request_rec *r) if (!apr_table_do(check_header, &ctx, r->headers_out, NULL)) return 0; /* problem has been logged by check_header() */ - if ((loc = apr_table_get(r->headers_out, "Location")) != NULL) { - const char *scheme_end = ap_strchr_c(loc, ':'); - - /* - * Check that the URI has a valid scheme and is absolute - * XXX Should we do a full uri parse here? - */ - if (!ap_is_url(loc)) - goto bad; - - if (scheme_end[1] != '/' || scheme_end[2] != '/') - goto bad; - } - return 1; - -bad: - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02431) - "Bad Location header in response: '%s', aborting request", - loc); - return 0; } typedef struct header_struct { -- 2.40.0