determining the Content-Type to send to the client.
Note that a `Content-Type` file in the `headers` folder is always
-ignored.
+ignored. This is also true for the other required or recommended
+HTTP 1.1 headers always sent by httpd.execline, namely
+`Content-Length`, `Date`, and `Last-Modified`.
a former official website for `httpd-execline.eerie.garden`
used to redirect to this github repository, thanks to
# instances of ${hostname} and ${resource} are substituted with the provided
# host and resource from the request
#
-# the script will refuse to override the Content-Type header
+# the script will refuse to override any header already set by httpd.execline
#
# execs into self in order to retain an environment variable which marks
# whether a certain header has been overridden or not
# performs `basename ${header_file}`
backtick -E -n header_name {
pipeline { s6-echo -n -- ${header_file} }
- sed "s@.*/([^/]*)@\\1@"
+ pipeline { sed "s@.*/([^/]*)@\\1@" }
+ tr -d " \t\r\n" # paranoid
}
+# ignore protected headers
ifelse {
- pipeline { s6-echo -n -- \${header_name} }
- grep -s -i '^[ ]*Content-Type[ ]*$' # paranoid whitespace matching
+ backtick -E -n header_name_lowercase {
+ pipeline { s6-echo -n -- ${header_name} }
+ tr A-Z a-z
+ }
+ s6-test -v httpd_execline_protected_header_${header_name_lowercase}
}
{
- foreground { log.execline "refusing to override Content-Type header" }
+ foreground { log.execline "WARNING: configuration error: ignoring protected header: \""${header_name}\" }
http-print-header-directories.execline ${@}
}
}
s6-echo -n -- "
-# we’ll strip out `\r`s and `\n`s from filenames and file contents, in
+# we’ll strip out `\r`s and `\n`s from file contents, in
# case the configuration should ever be made in a mischevious way
-if {
- pipeline { s6-echo -n -- ${header_name}": " }
- tr -d "\r\n"
-}
+if { s6-echo -n -- ${header_name}": " }
if {
backtick -E -n unparsed_header_contents {
pipeline { cat ${header_file} }
# Security Policy; for the latter, consider HTTP 301 redirects
#
# be warned!! we do not validate these overrides!
- backtick -n extra_headers { http-get-extra-headers.execline }
+ backtick -n extra_headers {
+ export httpd_execline_protected_header_content-length ""
+ export httpd_execline_protected_header_content-type ""
+ export httpd_execline_protected_header_date ""
+ export httpd_execline_protected_header_last-modified ""
+
+ http-get-extra-headers.execline
+ }
backtick -D "200 ok" -n status_code_and_message {
if { s6-test -r configuration/overrides/${resource}/status_code }
cat aescling's git repositories / httpd-execline.git / commitdiff