[PATCH 1/1] ui-shared: Use CRLF in HTTP headers as per RFC 7230

John Keeping john at keeping.me.uk
Wed May 11 21:31:14 CEST 2016 

On Wed, May 11, 2016 at 07:30:49PM +0100, John Keeping wrote:
> On Wed, May 11, 2016 at 05:48:51PM +0000, Juuso Lapinlampi wrote:
> > CRLF is explicitly defined as the line break in the HTTP protocol
> > specifications: RFC 2616 (obsolete) and RFC 7230.
> 
> Missing sign-off; see http://developercertificate.org/ for what this
> means.
> 
> Otherwise,
> 
> Reviewed-by: John Keeping <john at keeping.me.uk>

Actually, NAK, this is wrong.  We're not talking HTTP here but CGI and
the CGI spec is clear that a single NL should be used after headers.

> > ---
> >  ui-shared.c | 24 ++++++++++++------------
> >  1 file changed, 12 insertions(+), 12 deletions(-)
> > 
> > diff --git a/ui-shared.c b/ui-shared.c
> > index 9a38aa9..b463375 100644
> > --- a/ui-shared.c
> > +++ b/ui-shared.c
> > @@ -672,36 +672,36 @@ void cgit_print_http_headers(void)
> >  		return;
> >  
> >  	if (ctx.page.status)
> > -		htmlf("Status: %d %s\n", ctx.page.status, ctx.page.statusmsg);
> > +		htmlf("Status: %d %s\r\n", ctx.page.status, ctx.page.statusmsg);
> >  	if (ctx.page.mimetype && ctx.page.charset)
> > -		htmlf("Content-Type: %s; charset=%s\n", ctx.page.mimetype,
> > +		htmlf("Content-Type: %s; charset=%s\r\n", ctx.page.mimetype,
> >  		      ctx.page.charset);
> >  	else if (ctx.page.mimetype)
> > -		htmlf("Content-Type: %s\n", ctx.page.mimetype);
> > +		htmlf("Content-Type: %s\r\n", ctx.page.mimetype);
> >  	if (ctx.page.size)
> > -		htmlf("Content-Length: %zd\n", ctx.page.size);
> > +		htmlf("Content-Length: %zd\r\n", ctx.page.size);
> >  	if (ctx.page.filename) {
> >  		html("Content-Disposition: inline; filename=\"");
> >  		html_header_arg_in_quotes(ctx.page.filename);
> > -		html("\"\n");
> > +		html("\"\r\n");
> >  	}
> >  	if (!ctx.env.authenticated)
> > -		html("Cache-Control: no-cache, no-store\n");
> > -	htmlf("Last-Modified: %s\n", http_date(ctx.page.modified));
> > -	htmlf("Expires: %s\n", http_date(ctx.page.expires));
> > +		html("Cache-Control: no-cache, no-store\r\n");
> > +	htmlf("Last-Modified: %s\r\n", http_date(ctx.page.modified));
> > +	htmlf("Expires: %s\r\n", http_date(ctx.page.expires));
> >  	if (ctx.page.etag)
> > -		htmlf("ETag: \"%s\"\n", ctx.page.etag);
> > -	html("\n");
> > +		htmlf("ETag: \"%s\"\r\n", ctx.page.etag);
> > +	html("\r\n");
> >  	if (ctx.env.request_method && !strcmp(ctx.env.request_method, "HEAD"))
> >  		exit(0);
> >  }
> >  
> >  void cgit_redirect(const char *url, bool permanent)
> >  {
> > -	htmlf("Status: %d %s\n", permanent ? 301 : 302, permanent ? "Moved" : "Found");
> > +	htmlf("Status: %d %s\r\n", permanent ? 301 : 302, permanent ? "Moved" : "Found");
> >  	html("Location: ");
> >  	html_url_path(url);
> > -	html("\n\n");
> > +	html("\r\n\r\n");
> >  }
> >  
> >  static void print_rel_vcs_link(const char *url)
> > -- 
> > 2.8.1
> > 
> > _______________________________________________
> > CGit mailing list
> > CGit at lists.zx2c4.com
> > http://lists.zx2c4.com/mailman/listinfo/cgit

More information about the CGit mailing list