Mantis - Resin
|
||||||||||
Viewing Issue Advanced Details | ||||||||||
|
||||||||||
ID: | Category: | Severity: | Reproducibility: | Date Submitted: | Last Update: | |||||
6443 | major | always | 09-28-21 01:43 | 11-16-21 11:25 | ||||||
|
||||||||||
Reporter: | adrianimboden | Platform: | ||||||||
Assigned To: | nam | OS: | ||||||||
Priority: | normal | OS Version: | ||||||||
Status: | closed | Product Version: | 4.0.63 | |||||||
Product Build: | Resolution: | duplicate | ||||||||
Projection: | none | |||||||||
ETA: | none | Fixed in Version: | 4.0.66 | |||||||
|
||||||||||
Summary: | 0006443: mod_resin does not pass HTTPS correctly | |||||||||
Description: |
Since 4.0.63, apache2/mod_caucho.c contains the following logic: ``` if (! strcmp(ap_http_scheme(r), "HTTPS")) { cse_write_string(s, CSE_IS_SECURE, ""); } ``` on our apache server, `ap_http_scheme(r)` returns "https", not the expected "HTTPS", so the CSE_IS_SECURE does not get passed correctly. Changing the code to this seems to be correct (case insensitive comparison): ``` if (apr_strnatcmp(ap_http_scheme(r), "https") == 0) { cse_write_string(s, CSE_IS_SECURE, "");z } ``` |
|||||||||
Steps To Reproduce: | ||||||||||
Additional Information: | ||||||||||
Relationships |
| |||||||||
Attached Files: |
Notes | |||||
|
|||||
|
|