From 00a198b4ed34faa68e54b833d481a052dddd210e Mon Sep 17 00:00:00 2001 From: schwarze Date: Mon, 21 Jul 2014 15:44:22 +0000 Subject: [PATCH] Kristaps points out that the current HTTP/1.1 draft standard (RFC 2616) requires the Location: response-header field to be an absolute URI (14.30), and only the most recent proposed standard (RFC 7231), which is barely a month old, allows a relative Location: (7.1.2). While most modern browsers appear to support relative Location: headers, some may not, and it's maybe a bit early to rely on relative Location: headers. I'm not going back to the HTTP_HOST or SERVER_NAME CGI variables, though. While some CGI programs certainly require those, in which case both the CGI programmer and the web server admin have to be very careful to keep the system secure and reliable, man.cgi(8) does not really need them. We always know at compile time which domain we are running for, and for man.cgi(8), security and reliability are definitely much more important than flexibility. So make HTTP_HOST a compile-time definition for now. --- usr.bin/mandoc/cgi.c | 6 +++--- usr.bin/mandoc/cgi.h.example | 3 ++- usr.bin/mandoc/man.cgi.8 | 9 +++++++-- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/usr.bin/mandoc/cgi.c b/usr.bin/mandoc/cgi.c index ceb3e8d903e..ea00f9c97f2 100644 --- a/usr.bin/mandoc/cgi.c +++ b/usr.bin/mandoc/cgi.c @@ -1,4 +1,4 @@ -/* $Id: cgi.c,v 1.17 2014/07/19 13:15:07 schwarze Exp $ */ +/* $Id: cgi.c,v 1.18 2014/07/21 15:44:22 schwarze Exp $ */ /* * Copyright (c) 2011, 2012 Kristaps Dzonsons * Copyright (c) 2014 Ingo Schwarze @@ -560,8 +560,8 @@ pg_searchres(const struct req *req, struct manpage *r, size_t sz) * without any delay. */ printf("Status: 303 See Other\r\n"); - printf("Location: %s/%s/%s?", - scriptname, req->q.manpath, r[0].file); + printf("Location: http://%s%s/%s/%s?", + HTTP_HOST, scriptname, req->q.manpath, r[0].file); http_printquery(req); printf("\r\n" "Content-Type: text/html; charset=utf-8\r\n" diff --git a/usr.bin/mandoc/cgi.h.example b/usr.bin/mandoc/cgi.h.example index 4f7273b14ed..f4c78318675 100644 --- a/usr.bin/mandoc/cgi.h.example +++ b/usr.bin/mandoc/cgi.h.example @@ -1,8 +1,9 @@ /* Example compile-time configuration file for man.cgi(8). */ +#define HTTP_HOST "mdocml.bsd.lv" #define MAN_DIR "/var/www/man" #define CSS_DIR "" #define CUSTOMIZE_TITLE "Manual pages with mandoc" #define CUSTOMIZE_BEGIN "

\nManual pages with " \ "mandoc\n

" -#define COMPAT_OLDURI Yes +#define COMPAT_OLDURI Yes diff --git a/usr.bin/mandoc/man.cgi.8 b/usr.bin/mandoc/man.cgi.8 index 3acb52cfb04..ee860d6540e 100644 --- a/usr.bin/mandoc/man.cgi.8 +++ b/usr.bin/mandoc/man.cgi.8 @@ -1,4 +1,4 @@ -.\" $Id: man.cgi.8,v 1.5 2014/07/18 19:02:07 schwarze Exp $ +.\" $Id: man.cgi.8,v 1.6 2014/07/21 15:44:22 schwarze Exp $ .\" .\" Copyright (c) 2014 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: July 18 2014 $ +.Dd $Mdocdate: July 21 2014 $ .Dt MAN.CGI 8 .Os .Sh NAME @@ -189,6 +189,11 @@ element. An ASCII string to be used for the HTML .Aq TITLE element. +.It Ev HTTP_HOST +The FQDN of the (possibly virtual) host the HTTP server is running on. +This is used for +.Ic Location: +headers in HTTP 303 responses. .It Ev MAN_DIR A path to the .Nm -- 2.20.1