From 86c47137648c62346875aa1366e921e52b8d5477 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Fri, 10 Jul 2020 23:57:49 -0400 Subject: [PATCH] fastcgi: Ensure leading slash, omit SERVER_PORT if empty for compliance --- modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go b/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go index 4a8c6d7ab9b..9d678444671 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go @@ -202,6 +202,12 @@ func (t Transport) buildEnv(r *http.Request) (map[string]string, error) { pathPrefix, _ := r.Context().Value(caddy.CtxKey("path_prefix")).(string) scriptName = path.Join(pathPrefix, scriptName) + // Ensure the SCRIPT_NAME has a leading slash for compliance with RFC3875 + // Info: https://tools.ietf.org/html/rfc3875#section-4.1.13 + if scriptName != "" && !strings.HasPrefix(scriptName, "/") { + scriptName = "/" + scriptName + } + // Get the request URL from context. The context stores the original URL in case // it was changed by a middleware such as rewrite. By default, we pass the // original URI in as the value of REQUEST_URI (the user can overwrite this @@ -244,7 +250,6 @@ func (t Transport) buildEnv(r *http.Request) (map[string]string, error) { "REQUEST_METHOD": r.Method, "REQUEST_SCHEME": requestScheme, "SERVER_NAME": reqHost, - "SERVER_PORT": reqPort, "SERVER_PROTOCOL": r.Proto, "SERVER_SOFTWARE": t.serverSoftware, @@ -264,6 +269,13 @@ func (t Transport) buildEnv(r *http.Request) (map[string]string, error) { env["PATH_TRANSLATED"] = filepath.Join(root, pathInfo) // Info: http://www.oreilly.com/openbook/cgi/ch02_04.html } + // compliance with the CGI specification requires that + // SERVER_PORT should only exist if it's a valid numeric value. + // Info: https://www.ietf.org/rfc/rfc3875 Page 18 + if reqPort != "" { + env["SERVER_PORT"] = reqPort + } + // Some web apps rely on knowing HTTPS or not if r.TLS != nil { env["HTTPS"] = "on"