Kristaps points out that the current HTTP/1.1 draft standard (RFC

2616) requires the Location: response-header field to be an absolute
URI (14.30), and only the most recent proposed standard (RFC 7231),
which is barely a month old, allows a relative Location: (7.1.2).
While most modern browsers appear to support relative Location:
headers, some may not, and it's maybe a bit early to rely on relative
Location: headers.

I'm not going back to the HTTP_HOST or SERVER_NAME CGI variables,
though.  While some CGI programs certainly require those, in which
case both the CGI programmer and the web server admin have to be
very careful to keep the system secure and reliable, man.cgi(8)
does not really need them.  We always know at compile time which
domain we are running for, and for man.cgi(8), security and reliability
are definitely much more important than flexibility.  So make HTTP_HOST
a compile-time definition for now.

diff --git a/usr.bin/mandoc/cgi.c b/usr.bin/mandoc/cgi.c
index ceb3e8d..ea00f9c 100644 (file)
--- a/usr.bin/mandoc/cgi.c
+++ b/usr.bin/mandoc/cgi.c
@@ -1,4 +1,4 @@
-/*     $Id: cgi.c,v 1.17 2014/07/19 13:15:07 schwarze Exp $ */
+/*     $Id: cgi.c,v 1.18 2014/07/21 15:44:22 schwarze Exp $ */
 /*
  * Copyright (c) 2011, 2012 Kristaps Dzonsons <kristaps@bsd.lv>
  * Copyright (c) 2014 Ingo Schwarze <schwarze@usta.de>
@@ -560,8 +560,8 @@ pg_searchres(const struct req *req, struct manpage *r, size_t sz)
                 * without any delay.
                 */
                printf("Status: 303 See Other\r\n");
-               printf("Location: %s/%s/%s?",
-                   scriptname, req->q.manpath, r[0].file);
+               printf("Location: http://%s%s/%s/%s?",
+                   HTTP_HOST, scriptname, req->q.manpath, r[0].file);
                http_printquery(req);
                printf("\r\n"
                     "Content-Type: text/html; charset=utf-8\r\n"

diff --git a/usr.bin/mandoc/cgi.h.example b/usr.bin/mandoc/cgi.h.example
index 4f7273b..f4c7831 100644 (file)
--- a/usr.bin/mandoc/cgi.h.example
+++ b/usr.bin/mandoc/cgi.h.example
@@ -1,8 +1,9 @@
 /* Example compile-time configuration file for man.cgi(8). */
 
+#define        HTTP_HOST "mdocml.bsd.lv"
 #define        MAN_DIR "/var/www/man"
 #define        CSS_DIR ""
 #define        CUSTOMIZE_TITLE "Manual pages with mandoc"
 #define        CUSTOMIZE_BEGIN "<H2>\nManual pages with " \
        "<A HREF=\"http://mdocml.bsd.lv/\">mandoc</A>\n</H2>"
-#define COMPAT_OLDURI Yes
+#define        COMPAT_OLDURI Yes

diff --git a/usr.bin/mandoc/man.cgi.8 b/usr.bin/mandoc/man.cgi.8
index 3acb52c..ee860d6 100644 (file)
--- a/usr.bin/mandoc/man.cgi.8
+++ b/usr.bin/mandoc/man.cgi.8
@@ -1,4 +1,4 @@
-.\"     $Id: man.cgi.8,v 1.5 2014/07/18 19:02:07 schwarze Exp $
+.\"     $Id: man.cgi.8,v 1.6 2014/07/21 15:44:22 schwarze Exp $
 .\"
 .\" Copyright (c) 2014 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: July 18 2014 $
+.Dd $Mdocdate: July 21 2014 $
 .Dt MAN.CGI 8
 .Os
 .Sh NAME
@@ -189,6 +189,11 @@ element.
 An ASCII string to be used for the HTML
 .Aq TITLE
 element.
+.It Ev HTTP_HOST
+The FQDN of the (possibly virtual) host the HTTP server is running on.
+This is used for
+.Ic Location:
+headers in HTTP 303 responses.
 .It Ev MAN_DIR
 A path to the
 .Nm