From mboxrd@z Thu Jan 1 00:00:00 1970 From: john at keeping.me.uk (John Keeping) Date: Wed, 11 May 2016 20:31:14 +0100 Subject: [PATCH 1/1] ui-shared: Use CRLF in HTTP headers as per RFC 7230 In-Reply-To: <20160511183049.GA4296@serenity.lan> References: <1462988931-10035-1-git-send-email-wub@partyvan.eu> <20160511183049.GA4296@serenity.lan> Message-ID: <20160511193114.GH4296@serenity.lan> On Wed, May 11, 2016 at 07:30:49PM +0100, John Keeping wrote: > On Wed, May 11, 2016 at 05:48:51PM +0000, Juuso Lapinlampi wrote: > > CRLF is explicitly defined as the line break in the HTTP protocol > > specifications: RFC 2616 (obsolete) and RFC 7230. > > Missing sign-off; see http://developercertificate.org/ for what this > means. > > Otherwise, > > Reviewed-by: John Keeping Actually, NAK, this is wrong. We're not talking HTTP here but CGI and the CGI spec is clear that a single NL should be used after headers. > > --- > > ui-shared.c | 24 ++++++++++++------------ > > 1 file changed, 12 insertions(+), 12 deletions(-) > > > > diff --git a/ui-shared.c b/ui-shared.c > > index 9a38aa9..b463375 100644 > > --- a/ui-shared.c > > +++ b/ui-shared.c > > @@ -672,36 +672,36 @@ void cgit_print_http_headers(void) > > return; > > > > if (ctx.page.status) > > - htmlf("Status: %d %s\n", ctx.page.status, ctx.page.statusmsg); > > + htmlf("Status: %d %s\r\n", ctx.page.status, ctx.page.statusmsg); > > if (ctx.page.mimetype && ctx.page.charset) > > - htmlf("Content-Type: %s; charset=%s\n", ctx.page.mimetype, > > + htmlf("Content-Type: %s; charset=%s\r\n", ctx.page.mimetype, > > ctx.page.charset); > > else if (ctx.page.mimetype) > > - htmlf("Content-Type: %s\n", ctx.page.mimetype); > > + htmlf("Content-Type: %s\r\n", ctx.page.mimetype); > > if (ctx.page.size) > > - htmlf("Content-Length: %zd\n", ctx.page.size); > > + htmlf("Content-Length: %zd\r\n", ctx.page.size); > > if (ctx.page.filename) { > > html("Content-Disposition: inline; filename=\""); > > html_header_arg_in_quotes(ctx.page.filename); > > - html("\"\n"); > > + html("\"\r\n"); > > } > > if (!ctx.env.authenticated) > > - html("Cache-Control: no-cache, no-store\n"); > > - htmlf("Last-Modified: %s\n", http_date(ctx.page.modified)); > > - htmlf("Expires: %s\n", http_date(ctx.page.expires)); > > + html("Cache-Control: no-cache, no-store\r\n"); > > + htmlf("Last-Modified: %s\r\n", http_date(ctx.page.modified)); > > + htmlf("Expires: %s\r\n", http_date(ctx.page.expires)); > > if (ctx.page.etag) > > - htmlf("ETag: \"%s\"\n", ctx.page.etag); > > - html("\n"); > > + htmlf("ETag: \"%s\"\r\n", ctx.page.etag); > > + html("\r\n"); > > if (ctx.env.request_method && !strcmp(ctx.env.request_method, "HEAD")) > > exit(0); > > } > > > > void cgit_redirect(const char *url, bool permanent) > > { > > - htmlf("Status: %d %s\n", permanent ? 301 : 302, permanent ? "Moved" : "Found"); > > + htmlf("Status: %d %s\r\n", permanent ? 301 : 302, permanent ? "Moved" : "Found"); > > html("Location: "); > > html_url_path(url); > > - html("\n\n"); > > + html("\r\n\r\n"); > > } > > > > static void print_rel_vcs_link(const char *url) > > -- > > 2.8.1 > > > > _______________________________________________ > > CGit mailing list > > CGit at lists.zx2c4.com > > http://lists.zx2c4.com/mailman/listinfo/cgit