Anonymous | Login | Signup for a new account | 04-18-2024 21:23 PDT |
Main | My View | View Issues | Change Log | Docs |
Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | ||||||||
ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||||
0006443 | [Resin] | major | always | 09-28-21 01:43 | 11-16-21 11:25 | ||||
Reporter | adrianimboden | View Status | public | ||||||
Assigned To | nam | ||||||||
Priority | normal | Resolution | duplicate | ||||||
Status | closed | Product Version | 4.0.63 | ||||||
Summary | 0006443: mod_resin does not pass HTTPS correctly | ||||||||
Description |
Since 4.0.63, apache2/mod_caucho.c contains the following logic: ``` if (! strcmp(ap_http_scheme(r), "HTTPS")) { cse_write_string(s, CSE_IS_SECURE, ""); } ``` on our apache server, `ap_http_scheme(r)` returns "https", not the expected "HTTPS", so the CSE_IS_SECURE does not get passed correctly. Changing the code to this seems to be correct (case insensitive comparison): ``` if (apr_strnatcmp(ap_http_scheme(r), "https") == 0) { cse_write_string(s, CSE_IS_SECURE, "");z } ``` |
||||||||
Additional Information | |||||||||
Attached Files | |||||||||
|
Relationships | ||||||
|
Notes | |
(0007000) adrianimboden 09-28-21 01:53 |
Sorry, I meant this: ``` if (apr_strnatcasecmp(ap_http_scheme(r), "https") == 0) { cse_write_string(s, CSE_IS_SECURE, ""); } ``` |
Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
34 total queries executed. 28 unique queries executed. |