|
Mantis - Resin
|
||||||||||
| Viewing Issue Advanced Details | ||||||||||
|
|
||||||||||
| ID: | Category: | Severity: | Reproducibility: | Date Submitted: | Last Update: | |||||
| 6443 | major | always | 09-28-21 01:43 | 11-16-21 11:25 | ||||||
|
|
||||||||||
| Reporter: | adrianimboden | Platform: | ||||||||
| Assigned To: | nam | OS: | ||||||||
| Priority: | normal | OS Version: | ||||||||
| Status: | closed | Product Version: | 4.0.63 | |||||||
| Product Build: | Resolution: | duplicate | ||||||||
| Projection: | none | |||||||||
| ETA: | none | Fixed in Version: | 4.0.66 | |||||||
|
|
||||||||||
| Summary: | 0006443: mod_resin does not pass HTTPS correctly | |||||||||
| Description: |
Since 4.0.63, apache2/mod_caucho.c contains the following logic: ``` if (! strcmp(ap_http_scheme(r), "HTTPS")) { cse_write_string(s, CSE_IS_SECURE, ""); } ``` on our apache server, `ap_http_scheme(r)` returns "https", not the expected "HTTPS", so the CSE_IS_SECURE does not get passed correctly. Changing the code to this seems to be correct (case insensitive comparison): ``` if (apr_strnatcmp(ap_http_scheme(r), "https") == 0) { cse_write_string(s, CSE_IS_SECURE, "");z } ``` |
|||||||||
| Steps To Reproduce: | ||||||||||
| Additional Information: | ||||||||||
| Relationships |
| |||||||||
| Attached Files: | ||||||||||
| Notes | |||||
|
|
|||||
|
|
||||