Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added option to Lint :http-prefix-ok which doesn't die when HTTP_CONT… #82

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Added option to Lint :http-prefix-ok which doesn't die when HTTP_CONT… #82

wants to merge 1 commit into from

Conversation

adaptiveoptics
Copy link
Contributor

…ENT_TYPE and HTTP_CONTENT_LENGTH are present in environment, and made Lint into a proper class.

This looks like more than it is. I ran into a problem where Lint was killing Crust because it apparently saw HTTP_CONTENT_TYPE headers -- but only when there was another error happening in the application... so the REAL error message was getting hidden by Lint killing Crust on finding these headers. Very strange, I know.

So I don't know if you want this or not, but it does seem extreme to kill Crust if HTTP_ headers are in the environment -- at least it seems extreme to some people. So I added the option to Lint's new(%env, :http-prefix-ok) -- so that if it's there, Lint will not kill Crust if the HTTP_CONTENT_TYPE exists in the environment (which only happened when &app had an error, strangely!)

Also, I indented everything in Lint and made it into a proper class instead of a unit class, so that attributes could look and work nicely. All tests passed. Up to you whether you want this of course! But I thought I would offer in case you did. :)

Added option to Lint :http-prefix-ok which doesn't die when HTTP_CONT…
95a1f8e 
…ENT_TYPE and HTTP_CONTENT_LENGTH are present in environment, and made Lint into a proper class.
@skaji
Copy link
Collaborator

skaji commented Nov 26, 2016

I think Crust::Middleware::Lint should die if HTTP_CONTENT_TYPE or HTTP_CONTENT_LENGTH exists.

And Crust::Middleware::Lint is already a proper class.

@adaptiveoptics
Copy link
Contributor Author

Not all stuff trying to integrate with Crust deletes out the standard HTTP_CONTENT_TYPE and HTTP_CONTENT_LENGTH environment variables. And some stuff does delete them, except when receiving POST's. RFCs say that CONTENT_TYPE and CONTENT_LENGTH shall be used, but the do not say the standard ones are disallowed. Yet this results in a fatal application error with Crust.

The option in these cases is to either alter the environment generated for Crust (when possible) or to have death on the existence of HTTP_* be optional.

If death is the only option, it's nothing at all to write another quick filter based off Lint, but I just wanted to be certain that you understood my reasoning for needing this feature, in this place, in case others might run into similar situations and have to resort to either not filtering at all, or having to insert yet another step in checking and deleting environment keys before they touch Crust...Lint.

@skaji
Copy link
Collaborator

skaji commented Nov 26, 2016

Not all stuff trying to integrate with Crust deletes out the standard HTTP_CONTENT_TYPE and HTTP_CONTENT_LENGTH environment variables.

Could you give us an actual example that has HTTP_CONTENT_TYPE or HTTP_CONTENT_LENGTH in the environment?

Please note that Crust respects PSGI, and it says:

The environment MUST NOT contain keys named HTTP_CONTENT_TYPE or HTTP_CONTENT_LENGTH.

@adaptiveoptics
Copy link
Contributor Author

sure

SCGI:
{:CONTENT_LENGTH("75"), :CONTENT_TYPE("application/x-www-form-urlencoded"), :DOCUMENT_ROOT("/var/www/HG/html"), :DOCUMENT_URI("/login/create/1"), :HTTP_ACCEPT("text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8"), :HTTP_ACCEPT_ENCODING("gzip, deflate"), :HTTP_ACCEPT_LANGUAGE("en-US,en;q=0.5"), :HTTP_CONNECTION("keep-alive"), :HTTP_CONTENT_LENGTH("75"), :HTTP_CONTENT_TYPE("application/x-www-form-urlencoded"), :HTTP_COOKIE("crust-session=401c650e4c55426d9dd4320504165142f225ecc4"), :HTTP_DNT("1"), :HTTP_HOST("localhost"), :HTTP_REFERER("http://localhost/hg/login/create"), :HTTP_UPGRADE_INSECURE_REQUESTS("1"), :HTTP_USER_AGENT("Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:50.0) Gecko/20100101 Firefox/50.0"), :PATH_INFO("/login/create/1"), :QUERY_STRING(""), :REMOTE_ADDR("127.0.0.1"), :REMOTE_PORT("58104"), :REQUEST_METHOD("POST"), :REQUEST_SCHEME("http"), :REQUEST_URI("/hg/login/create/1"), :SCGI("1"), :SCRIPT_NAME("/hg"), :SERVER_NAME("orange"), :SERVER_PORT("80"), :SERVER_PROTOCOL("HTTP/1.1"), "p6sgi.encoding" => "UTF-8", "p6sgi.errors" => (my \SCGI::Errors_94237711475840 = SCGI::Errors.new(connection => SCGI::Connection.new(parent => SCGI.new(version => 2.3, port => 8118, addr => "127.0.0.1", socket => IO::Socket::INET.new(encoding => "utf8", host => Str, port => 80, localhost => "127.0.0.1", localport => 8118, backlog => Int, listening => Bool::True, family => 2, proto => 6, type => 1, nl-in => $["\n", "\r\n"], ins => 0), NPH => Bool::False, PSGI => Bool::False, P6SGI => Bool::True, debug => Bool::False, strict => Bool::True, multithread => Bool::False), socket => IO::Socket::INET.new(encoding => "utf8", host => Str, port => 80, localhost => Str, localport => Int, backlog => Int, listening => Bool, family => 2, proto => 6, type => 1, nl-in => $["\n", "\r\n"], ins => 0), err => SCGI::Errors_94237711475840))), "p6sgi.errors.buffered" => Bool::False, "p6sgi.input" => IO::Blob.new(data => Buf[uint8].new(117,115,101,114,110,97,109,101,61,119,105,111,101,106,102,111,105,119,101,106,38,112,97,115,115,119,111,114,100,61,119,105,111,101,103,104,113,111,112,105,119,101,103,104,112,38,118,101,114,105,102,121,61,119,111,101,105,102,104,119,101,38,115,117,98,109,105,116,61,67,114,101,97,116,101)), "p6sgi.input.buffered" => Bool::False, "p6sgi.multiprocess" => Bool::False, "p6sgi.multithread" => Bool::False, "p6sgi.run-once" => Bool::False, "p6sgi.url-scheme" => "http", "p6sgi.version" => v0.4.Draft, "p6w.errors" => (my \SCGI::Errors_94237711475840 = SCGI::Errors.new(connection => SCGI::Connection.new(parent => SCGI.new(version => 2.3, port => 8118, addr => "127.0.0.1", socket => IO::Socket::INET.new(encoding => "utf8", host => Str, port => 80, localhost => "127.0.0.1", localport => 8118, backlog => Int, listening => Bool::True, family => 2, proto => 6, type => 1, nl-in => $["\n", "\r\n"], ins => 0), NPH => Bool::False, PSGI => Bool::False, P6SGI => Bool::True, debug => Bool::False, strict => Bool::True, multithread => Bool::False), socket => IO::Socket::INET.new(encoding => "utf8", host => Str, port => 80, localhost => Str, localport => Int, backlog => Int, listening => Bool, family => 2, proto => 6, type => 1, nl-in => $["\n", "\r\n"], ins => 0), err => SCGI::Errors_94237711475840))), "p6w.input" => Buf[uint8].new(117,115,101,114,110,97,109,101,61,119,105,111,101,106,102,111,105,119,101,106,38,112,97,115,115,119,111,114,100,61,119,105,111,101,103,104,113,111,112,105,119,101,103,104,112,38,118,101,114,105,102,121,61,119,111,101,105,102,104,119,101,38,115,117,98,109,105,116,61,67,114,101,97,116,101), "p6w.multiprocess" => Bool::False, "p6w.multithread" => Bool::False, "p6w.protocol" => "http", "p6w.run-once" => Bool::False, "p6w.url-scheme" => "http", "p6w.version" => v0.7.Draft, "scgi.request" => (my \SCGI::Request_94237711214576 = SCGI::Request.new(connection => (my \SCGI::Connection_94237710230288 = SCGI::Connection.new(parent => SCGI.new(version => 2.3, port => 8118, addr => "127.0.0.1", socket => IO::Socket::INET.new(encoding => "utf8", host => Str, port => 80, localhost => "127.0.0.1", localport => 8118, backlog => Int, listening => Bool::True, family => 2, proto => 6, type => 1, nl-in => $["\n", "\r\n"], ins => 0), NPH => Bool::False, PSGI => Bool::False, P6SGI => Bool::True, debug => Bool::False, strict => Bool::True, multithread => Bool::False), socket => IO::Socket::INET.new(encoding => "utf8", host => Str, port => 80, localhost => Str, localport => Int, backlog => Int, listening => Bool, family => 2, proto => 6, type => 1, nl-in => $["\n", "\r\n"], ins => 0), err => SCGI::Errors.new(connection => SCGI::Connection_94237710230288))), success => Bool::True, env => {:CONTENT_LENGTH("75"), :CONTENT_TYPE("application/x-www-form-urlencoded"), :DOCUMENT_ROOT("/var/www/HG/html"), :DOCUMENT_URI("/login/create/1"), :HTTP_ACCEPT("text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8"), :HTTP_ACCEPT_ENCODING("gzip, deflate"), :HTTP_ACCEPT_LANGUAGE("en-US,en;q=0.5"), :HTTP_CONNECTION("keep-alive"), :HTTP_CONTENT_LENGTH("75"), :HTTP_CONTENT_TYPE("application/x-www-form-urlencoded"), :HTTP_COOKIE("crust-session=401c650e4c55426d9dd4320504165142f225ecc4"), :HTTP_DNT("1"), :HTTP_HOST("localhost"), :HTTP_REFERER("http://localhost/hg/login/create"), :HTTP_UPGRADE_INSECURE_REQUESTS("1"), :HTTP_USER_AGENT("Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:50.0) Gecko/20100101 Firefox/50.0"), :PATH_INFO("/login/create/1"), :QUERY_STRING(""), :REMOTE_ADDR("127.0.0.1"), :REMOTE_PORT("58104"), :REQUEST_METHOD("POST"), :REQUEST_SCHEME("http"), :REQUEST_URI("/hg/login/create/1"), :SCGI("1"), :SCRIPT_NAME("/hg"), :SERVER_NAME("orange"), :SERVER_PORT("80"), :SERVER_PROTOCOL("HTTP/1.1"), "p6sgi.encoding" => "UTF-8", "p6sgi.errors" => (my \SCGI::Errors_94237711475840 = SCGI::Errors.new(connection => SCGI::Connection.new(parent => SCGI.new(version => 2.3, port => 8118, addr => "127.0.0.1", socket => IO::Socket::INET.new(encoding => "utf8", host => Str, port => 80, localhost => "127.0.0.1", localport => 8118, backlog => Int, listening => Bool::True, family => 2, proto => 6, type => 1, nl-in => $["\n", "\r\n"], ins => 0), NPH => Bool::False, PSGI => Bool::False, P6SGI => Bool::True, debug => Bool::False, strict => Bool::True, multithread => Bool::False), socket => IO::Socket::INET.new(encoding => "utf8", host => Str, port => 80, localhost => Str, localport => Int, backlog => Int, listening => Bool, family => 2, proto => 6, type => 1, nl-in => $["\n", "\r\n"], ins => 0), err => SCGI::Errors_94237711475840))), "p6sgi.errors.buffered" => Bool::False, "p6sgi.input" => Buf[uint8].new(117,115,101,114,110,97,109,101,61,119,105,111,101,106,102,111,105,119,101,106,38,112,97,115,115,119,111,114,100,61,119,105,111,101,103,104,113,111,112,105,119,101,103,104,112,38,118,101,114,105,102,121,61,119,111,101,105,102,104,119,101,38,115,117,98,109,105,116,61,67,114,101,97,116,101), "p6sgi.input.buffered" => Bool::False, "p6sgi.multiprocess" => Bool::False, "p6sgi.multithread" => Bool::False, "p6sgi.run-once" => Bool::False, "p6sgi.url-scheme" => "http", "p6sgi.version" => v0.4.Draft, "p6w.errors" => (my \SCGI::Errors_94237711475840 = SCGI::Errors.new(connection => SCGI::Connection.new(parent => SCGI.new(version => 2.3, port => 8118, addr => "127.0.0.1", socket => IO::Socket::INET.new(encoding => "utf8", host => Str, port => 80, localhost => "127.0.0.1", localport => 8118, backlog => Int, listening => Bool::True, family => 2, proto => 6, type => 1, nl-in => $["\n", "\r\n"], ins => 0), NPH => Bool::False, PSGI => Bool::False, P6SGI => Bool::True, debug => Bool::False, strict => Bool::True, multithread => Bool::False), socket => IO::Socket::INET.new(encoding => "utf8", host => Str, port => 80, localhost => Str, localport => Int, backlog => Int, listening => Bool, family => 2, proto => 6, type => 1, nl-in => $["\n", "\r\n"], ins => 0), err => SCGI::Errors_94237711475840))), "p6w.input" => Buf[uint8].new(117,115,101,114,110,97,109,101,61,119,105,111,101,106,102,111,105,119,101,106,38,112,97,115,115,119,111,114,100,61,119,105,111,101,103,104,113,111,112,105,119,101,103,104,112,38,118,101,114,105,102,121,61,119,111,101,105,102,104,119,101,38,115,117,98,109,105,116,61,67,114,101,97,116,101), "p6w.multiprocess" => Bool::False, "p6w.multithread" => Bool::False, "p6w.protocol" => "http", "p6w.run-once" => Bool::False, "p6w.url-scheme" => "http", "p6w.version" => v0.7.Draft, "scgi.request" => SCGI::Request_94237711214576}, input => Buf[uint8].new(117,115,101,114,110,97,109,101,61,119,105,111,101,106,102,111,105,119,101,106,38,112,97,115,115,119,111,114,100,61,119,105,111,101,103,104,113,111,112,105,119,101,103,104,112,38,118,101,114,105,102,121,61,119,111,101,105,102,104,119,101,38,115,117,98,109,105,116,61,67,114,101,97,116,101), request => "CONTENT_LENGTH\075\0REQUEST_METHOD\0POST\0REQUEST_URI\0/hg/login/create/1\0QUERY_STRING\0\0CONTENT_TYPE\0application/x-www-form-urlencoded\0DOCUMENT_URI\0/login/create/1\0DOCUMENT_ROOT\0/var/www/HG/html\0SCGI\01\0SERVER_PROTOCOL\0HTTP/1.1\0REQUEST_SCHEME\0http\0REMOTE_ADDR\0127.0.0.1\0REMOTE_PORT\058104\0SERVER_PORT\080\0SERVER_NAME\0orange\0PATH_INFO\0/login/create/1\0SCRIPT_NAME\0/hg\0HTTP_HOST\0localhost\0HTTP_USER_AGENT\0Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:50.0) Gecko/20100101 Firefox/50.0\0HTTP_ACCEPT\0text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8\0HTTP_ACCEPT_LANGUAGE\0en-US,en;q=0.5\0HTTP_ACCEPT_ENCODING\0gzip, deflate\0HTTP_REFERER\0http://localhost/hg/login/create\0HTTP_COOKIE\0crust-session=401c650e4c55426d9dd4320504165142f225ecc4\0HTTP_DNT\01\0HTTP_CONNECTION\0keep-alive\0HTTP_UPGRADE_INSECURE_REQUESTS\01\0HTTP_CONTENT_TYPE\0application/x-www-form-urlencoded\0HTTP_CONTENT_LENGTH\075\0"))}

LINT:
{:CONTENT_LENGTH("75"), :CONTENT_TYPE("application/x-www-form-urlencoded"), :DOCUMENT_ROOT("/var/www/HG/html"), :DOCUMENT_URI("/login/create/1"), :HTTP_ACCEPT("text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8"), :HTTP_ACCEPT_ENCODING("gzip, deflate"), :HTTP_ACCEPT_LANGUAGE("en-US,en;q=0.5"), :HTTP_CONNECTION("keep-alive"), :HTTP_CONTENT_LENGTH("75"), :HTTP_CONTENT_TYPE("application/x-www-form-urlencoded"), :HTTP_COOKIE("crust-session=401c650e4c55426d9dd4320504165142f225ecc4"), :HTTP_DNT("1"), :HTTP_HOST("localhost"), :HTTP_REFERER("http://localhost/hg/login/create"), :HTTP_UPGRADE_INSECURE_REQUESTS("1"), :HTTP_USER_AGENT("Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:50.0) Gecko/20100101 Firefox/50.0"), :PATH_INFO("/login/create/1"), :QUERY_STRING(""), :REMOTE_ADDR("127.0.0.1"), :REMOTE_PORT("58104"), :REQUEST_METHOD("POST"), :REQUEST_SCHEME("http"), :REQUEST_URI("/hg/login/create/1"), :SCGI("1"), :SCRIPT_NAME("/hg"), :SERVER_NAME("orange"), :SERVER_PORT("80"), :SERVER_PROTOCOL("HTTP/1.1"), "p6sgi.encoding" => "UTF-8", "p6sgi.errors" => (my \SCGI::Errors_94237711475840 = SCGI::Errors.new(connection => SCGI::Connection.new(parent => SCGI.new(version => 2.3, port => 8118, addr => "127.0.0.1", socket => IO::Socket::INET.new(encoding => "utf8", host => Str, port => 80, localhost => "127.0.0.1", localport => 8118, backlog => Int, listening => Bool::True, family => 2, proto => 6, type => 1, nl-in => $["\n", "\r\n"], ins => 0), NPH => Bool::False, PSGI => Bool::False, P6SGI => Bool::True, debug => Bool::False, strict => Bool::True, multithread => Bool::False), socket => IO::Socket::INET.new(encoding => "utf8", host => Str, port => 80, localhost => Str, localport => Int, backlog => Int, listening => Bool, family => 2, proto => 6, type => 1, nl-in => $["\n", "\r\n"], ins => 0), err => SCGI::Errors_94237711475840))), "p6sgi.errors.buffered" => Bool::False, "p6sgi.input" => IO::Blob.new(data => Buf[uint8].new(117,115,101,114,110,97,109,101,61,119,105,111,101,106,102,111,105,119,101,106,38,112,97,115,115,119,111,114,100,61,119,105,111,101,103,104,113,111,112,105,119,101,103,104,112,38,118,101,114,105,102,121,61,119,111,101,105,102,104,119,101,38,115,117,98,109,105,116,61,67,114,101,97,116,101)), "p6sgi.input.buffered" => Bool::False, "p6sgi.multiprocess" => Bool::False, "p6sgi.multithread" => Bool::False, "p6sgi.run-once" => Bool::False, "p6sgi.url-scheme" => "http", "p6sgi.version" => v0.4.Draft, "p6sgix.session" => Crust::Middleware::Session::SimpleSession.new(id => "401c650e4c55426d9dd4320504165142f225ecc4", modified => Bool::False, expired => Bool, is-new => Bool, change-id => Bool, no-store => Bool, domain => Str, expires => Int, httponly => Bool::False, path => "/", max-age => Any, secure => Bool::False, data => {}), "p6w.errors" => (my \SCGI::Errors_94237711475840 = SCGI::Errors.new(connection => SCGI::Connection.new(parent => SCGI.new(version => 2.3, port => 8118, addr => "127.0.0.1", socket => IO::Socket::INET.new(encoding => "utf8", host => Str, port => 80, localhost => "127.0.0.1", localport => 8118, backlog => Int, listening => Bool::True, family => 2, proto => 6, type => 1, nl-in => $["\n", "\r\n"], ins => 0), NPH => Bool::False, PSGI => Bool::False, P6SGI => Bool::True, debug => Bool::False, strict => Bool::True, multithread => Bool::False), socket => IO::Socket::INET.new(encoding => "utf8", host => Str, port => 80, localhost => Str, localport => Int, backlog => Int, listening => Bool, family => 2, proto => 6, type => 1, nl-in => $["\n", "\r\n"], ins => 0), err => SCGI::Errors_94237711475840))), "p6w.input" => Buf[uint8].new(117,115,101,114,110,97,109,101,61,119,105,111,101,106,102,111,105,119,101,106,38,112,97,115,115,119,111,114,100,61,119,105,111,101,103,104,113,111,112,105,119,101,103,104,112,38,118,101,114,105,102,121,61,119,111,101,105,102,104,119,101,38,115,117,98,109,105,116,61,67,114,101,97,116,101), "p6w.multiprocess" => Bool::False, "p6w.multithread" => Bool::False, "p6w.protocol" => "http", "p6w.run-once" => Bool::False, "p6w.url-scheme" => "http", "p6w.version" => v0.7.Draft, "scgi.request" => (my \SCGI::Request_94237711214576 = SCGI::Request.new(connection => (my \SCGI::Connection_94237710230288 = SCGI::Connection.new(parent => SCGI.new(version => 2.3, port => 8118, addr => "127.0.0.1", socket => IO::Socket::INET.new(encoding => "utf8", host => Str, port => 80, localhost => "127.0.0.1", localport => 8118, backlog => Int, listening => Bool::True, family => 2, proto => 6, type => 1, nl-in => $["\n", "\r\n"], ins => 0), NPH => Bool::False, PSGI => Bool::False, P6SGI => Bool::True, debug => Bool::False, strict => Bool::True, multithread => Bool::False), socket => IO::Socket::INET.new(encoding => "utf8", host => Str, port => 80, localhost => Str, localport => Int, backlog => Int, listening => Bool, family => 2, proto => 6, type => 1, nl-in => $["\n", "\r\n"], ins => 0), err => SCGI::Errors.new(connection => SCGI::Connection_94237710230288))), success => Bool::True, env => {:CONTENT_LENGTH("75"), :CONTENT_TYPE("application/x-www-form-urlencoded"), :DOCUMENT_ROOT("/var/www/HG/html"), :DOCUMENT_URI("/login/create/1"), :HTTP_ACCEPT("text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8"), :HTTP_ACCEPT_ENCODING("gzip, deflate"), :HTTP_ACCEPT_LANGUAGE("en-US,en;q=0.5"), :HTTP_CONNECTION("keep-alive"), :HTTP_CONTENT_LENGTH("75"), :HTTP_CONTENT_TYPE("application/x-www-form-urlencoded"), :HTTP_COOKIE("crust-session=401c650e4c55426d9dd4320504165142f225ecc4"), :HTTP_DNT("1"), :HTTP_HOST("localhost"), :HTTP_REFERER("http://localhost/hg/login/create"), :HTTP_UPGRADE_INSECURE_REQUESTS("1"), :HTTP_USER_AGENT("Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:50.0) Gecko/20100101 Firefox/50.0"), :PATH_INFO("/login/create/1"), :QUERY_STRING(""), :REMOTE_ADDR("127.0.0.1"), :REMOTE_PORT("58104"), :REQUEST_METHOD("POST"), :REQUEST_SCHEME("http"), :REQUEST_URI("/hg/login/create/1"), :SCGI("1"), :SCRIPT_NAME("/hg"), :SERVER_NAME("orange"), :SERVER_PORT("80"), :SERVER_PROTOCOL("HTTP/1.1"), "p6sgi.encoding" => "UTF-8", "p6sgi.errors" => (my \SCGI::Errors_94237711475840 = SCGI::Errors.new(connection => SCGI::Connection.new(parent => SCGI.new(version => 2.3, port => 8118, addr => "127.0.0.1", socket => IO::Socket::INET.new(encoding => "utf8", host => Str, port => 80, localhost => "127.0.0.1", localport => 8118, backlog => Int, listening => Bool::True, family => 2, proto => 6, type => 1, nl-in => $["\n", "\r\n"], ins => 0), NPH => Bool::False, PSGI => Bool::False, P6SGI => Bool::True, debug => Bool::False, strict => Bool::True, multithread => Bool::False), socket => IO::Socket::INET.new(encoding => "utf8", host => Str, port => 80, localhost => Str, localport => Int, backlog => Int, listening => Bool, family => 2, proto => 6, type => 1, nl-in => $["\n", "\r\n"], ins => 0), err => SCGI::Errors_94237711475840))), "p6sgi.errors.buffered" => Bool::False, "p6sgi.input" => Buf[uint8].new(117,115,101,114,110,97,109,101,61,119,105,111,101,106,102,111,105,119,101,106,38,112,97,115,115,119,111,114,100,61,119,105,111,101,103,104,113,111,112,105,119,101,103,104,112,38,118,101,114,105,102,121,61,119,111,101,105,102,104,119,101,38,115,117,98,109,105,116,61,67,114,101,97,116,101), "p6sgi.input.buffered" => Bool::False, "p6sgi.multiprocess" => Bool::False, "p6sgi.multithread" => Bool::False, "p6sgi.run-once" => Bool::False, "p6sgi.url-scheme" => "http", "p6sgi.version" => v0.4.Draft, "p6w.errors" => (my \SCGI::Errors_94237711475840 = SCGI::Errors.new(connection => SCGI::Connection.new(parent => SCGI.new(version => 2.3, port => 8118, addr => "127.0.0.1", socket => IO::Socket::INET.new(encoding => "utf8", host => Str, port => 80, localhost => "127.0.0.1", localport => 8118, backlog => Int, listening => Bool::True, family => 2, proto => 6, type => 1, nl-in => $["\n", "\r\n"], ins => 0), NPH => Bool::False, PSGI => Bool::False, P6SGI => Bool::True, debug => Bool::False, strict => Bool::True, multithread => Bool::False), socket => IO::Socket::INET.new(encoding => "utf8", host => Str, port => 80, localhost => Str, localport => Int, backlog => Int, listening => Bool, family => 2, proto => 6, type => 1, nl-in => $["\n", "\r\n"], ins => 0), err => SCGI::Errors_94237711475840))), "p6w.input" => Buf[uint8].new(117,115,101,114,110,97,109,101,61,119,105,111,101,106,102,111,105,119,101,106,38,112,97,115,115,119,111,114,100,61,119,105,111,101,103,104,113,111,112,105,119,101,103,104,112,38,118,101,114,105,102,121,61,119,111,101,105,102,104,119,101,38,115,117,98,109,105,116,61,67,114,101,97,116,101), "p6w.multiprocess" => Bool::False, "p6w.multithread" => Bool::False, "p6w.protocol" => "http", "p6w.run-once" => Bool::False, "p6w.url-scheme" => "http", "p6w.version" => v0.7.Draft, "scgi.request" => SCGI::Request_94237711214576}, input => Buf[uint8].new(117,115,101,114,110,97,109,101,61,119,105,111,101,106,102,111,105,119,101,106,38,112,97,115,115,119,111,114,100,61,119,105,111,101,103,104,113,111,112,105,119,101,103,104,112,38,118,101,114,105,102,121,61,119,111,101,105,102,104,119,101,38,115,117,98,109,105,116,61,67,114,101,97,116,101), request => "CONTENT_LENGTH\075\0REQUEST_METHOD\0POST\0REQUEST_URI\0/hg/login/create/1\0QUERY_STRING\0\0CONTENT_TYPE\0application/x-www-form-urlencoded\0DOCUMENT_URI\0/login/create/1\0DOCUMENT_ROOT\0/var/www/HG/html\0SCGI\01\0SERVER_PROTOCOL\0HTTP/1.1\0REQUEST_SCHEME\0http\0REMOTE_ADDR\0127.0.0.1\0REMOTE_PORT\058104\0SERVER_PORT\080\0SERVER_NAME\0orange\0PATH_INFO\0/login/create/1\0SCRIPT_NAME\0/hg\0HTTP_HOST\0localhost\0HTTP_USER_AGENT\0Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:50.0) Gecko/20100101 Firefox/50.0\0HTTP_ACCEPT\0text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8\0HTTP_ACCEPT_LANGUAGE\0en-US,en;q=0.5\0HTTP_ACCEPT_ENCODING\0gzip, deflate\0HTTP_REFERER\0http://localhost/hg/login/create\0HTTP_COOKIE\0crust-session=401c650e4c55426d9dd4320504165142f225ecc4\0HTTP_DNT\01\0HTTP_CONNECTION\0keep-alive\0HTTP_UPGRADE_INSECURE_REQUESTS\01\0HTTP_CONTENT_TYPE\0application/x-www-form-urlencoded\0HTTP_CONTENT_LENGTH\075\0"))}

@adaptiveoptics
Copy link
Contributor Author

in that case, the HTTP_* stuff only shows up in a POST operation (form inputs). otherwise it's fine ;)

@adaptiveoptics
Copy link
Contributor Author

This is Nginx and SCGI . When no POST operation is done, this is what the environment variable look like in the same setting:

SCGI:
{:CONTENT_LENGTH("0"), :CONTENT_TYPE(""), :DOCUMENT_ROOT("/var/www/HG/html"), :DOCUMENT_URI("/login/create"), :HTTP_ACCEPT("text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8"), :HTTP_ACCEPT_ENCODING("gzip, deflate"), :HTTP_ACCEPT_LANGUAGE("en-US,en;q=0.5"), :HTTP_CONNECTION("keep-alive"), :HTTP_COOKIE("crust-session=401c650e4c55426d9dd4320504165142f225ecc4"), :HTTP_DNT("1"), :HTTP_HOST("localhost"), :HTTP_UPGRADE_INSECURE_REQUESTS("1"), :HTTP_USER_AGENT("Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:50.0) Gecko/20100101 Firefox/50.0"), :PATH_INFO("/login/create"), :QUERY_STRING(""), :REMOTE_ADDR("127.0.0.1"), :REMOTE_PORT("58104"), :REQUEST_METHOD("GET"), :REQUEST_SCHEME("http"), :REQUEST_URI("/hg/login/create"), :SCGI("1"), :SCRIPT_NAME("/hg"), :SERVER_NAME("orange"), :SERVER_PORT("80"), :SERVER_PROTOCOL("HTTP/1.1"), "p6sgi.encoding" => "UTF-8", "p6sgi.errors" => (my \SCGI::Errors_94237712043736 = SCGI::Errors.new(connection => SCGI::Connection.new(parent => SCGI.new(version => 2.3, port => 8118, addr => "127.0.0.1", socket => IO::Socket::INET.new(encoding => "utf8", host => Str, port => 80, localhost => "127.0.0.1", localport => 8118, backlog => Int, listening => Bool::True, family => 2, proto => 6, type => 1, nl-in => $["\n", "\r\n"], ins => 0), NPH => Bool::False, PSGI => Bool::False, P6SGI => Bool::True, debug => Bool::False, strict => Bool::True, multithread => Bool::False), socket => IO::Socket::INET.new(encoding => "utf8", host => Str, port => 80, localhost => Str, localport => Int, backlog => Int, listening => Bool, family => 2, proto => 6, type => 1, nl-in => $["\n", "\r\n"], ins => 0), err => SCGI::Errors_94237712043736))), "p6sgi.errors.buffered" => Bool::False, "p6sgi.input" => Any, "p6sgi.input.buffered" => Bool::False, "p6sgi.multiprocess" => Bool::False, "p6sgi.multithread" => Bool::False, "p6sgi.run-once" => Bool::False, "p6sgi.url-scheme" => "http", "p6sgi.version" => v0.4.Draft, "p6w.errors" => (my \SCGI::Errors_94237712043736 = SCGI::Errors.new(connection => SCGI::Connection.new(parent => SCGI.new(version => 2.3, port => 8118, addr => "127.0.0.1", socket => IO::Socket::INET.new(encoding => "utf8", host => Str, port => 80, localhost => "127.0.0.1", localport => 8118, backlog => Int, listening => Bool::True, family => 2, proto => 6, type => 1, nl-in => $["\n", "\r\n"], ins => 0), NPH => Bool::False, PSGI => Bool::False, P6SGI => Bool::True, debug => Bool::False, strict => Bool::True, multithread => Bool::False), socket => IO::Socket::INET.new(encoding => "utf8", host => Str, port => 80, localhost => Str, localport => Int, backlog => Int, listening => Bool, family => 2, proto => 6, type => 1, nl-in => $["\n", "\r\n"], ins => 0), err => SCGI::Errors_94237712043736))), "p6w.input" => Any, "p6w.multiprocess" => Bool::False, "p6w.multithread" => Bool::False, "p6w.protocol" => "http", "p6w.run-once" => Bool::False, "p6w.url-scheme" => "http", "p6w.version" => v0.7.Draft, "scgi.request" => (my \SCGI::Request_94237713807648 = SCGI::Request.new(connection => (my \SCGI::Connection_94237710228944 = SCGI::Connection.new(parent => SCGI.new(version => 2.3, port => 8118, addr => "127.0.0.1", socket => IO::Socket::INET.new(encoding => "utf8", host => Str, port => 80, localhost => "127.0.0.1", localport => 8118, backlog => Int, listening => Bool::True, family => 2, proto => 6, type => 1, nl-in => $["\n", "\r\n"], ins => 0), NPH => Bool::False, PSGI => Bool::False, P6SGI => Bool::True, debug => Bool::False, strict => Bool::True, multithread => Bool::False), socket => IO::Socket::INET.new(encoding => "utf8", host => Str, port => 80, localhost => Str, localport => Int, backlog => Int, listening => Bool, family => 2, proto => 6, type => 1, nl-in => $["\n", "\r\n"], ins => 0), err => SCGI::Errors.new(connection => SCGI::Connection_94237710228944))), success => Bool::True, env => {:CONTENT_LENGTH("0"), :CONTENT_TYPE(""), :DOCUMENT_ROOT("/var/www/HG/html"), :DOCUMENT_URI("/login/create"), :HTTP_ACCEPT("text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8"), :HTTP_ACCEPT_ENCODING("gzip, deflate"), :HTTP_ACCEPT_LANGUAGE("en-US,en;q=0.5"), :HTTP_CONNECTION("keep-alive"), :HTTP_COOKIE("crust-session=401c650e4c55426d9dd4320504165142f225ecc4"), :HTTP_DNT("1"), :HTTP_HOST("localhost"), :HTTP_UPGRADE_INSECURE_REQUESTS("1"), :HTTP_USER_AGENT("Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:50.0) Gecko/20100101 Firefox/50.0"), :PATH_INFO("/login/create"), :QUERY_STRING(""), :REMOTE_ADDR("127.0.0.1"), :REMOTE_PORT("58104"), :REQUEST_METHOD("GET"), :REQUEST_SCHEME("http"), :REQUEST_URI("/hg/login/create"), :SCGI("1"), :SCRIPT_NAME("/hg"), :SERVER_NAME("orange"), :SERVER_PORT("80"), :SERVER_PROTOCOL("HTTP/1.1"), "p6sgi.encoding" => "UTF-8", "p6sgi.errors" => (my \SCGI::Errors_94237712043736 = SCGI::Errors.new(connection => SCGI::Connection.new(parent => SCGI.new(version => 2.3, port => 8118, addr => "127.0.0.1", socket => IO::Socket::INET.new(encoding => "utf8", host => Str, port => 80, localhost => "127.0.0.1", localport => 8118, backlog => Int, listening => Bool::True, family => 2, proto => 6, type => 1, nl-in => $["\n", "\r\n"], ins => 0), NPH => Bool::False, PSGI => Bool::False, P6SGI => Bool::True, debug => Bool::False, strict => Bool::True, multithread => Bool::False), socket => IO::Socket::INET.new(encoding => "utf8", host => Str, port => 80, localhost => Str, localport => Int, backlog => Int, listening => Bool, family => 2, proto => 6, type => 1, nl-in => $["\n", "\r\n"], ins => 0), err => SCGI::Errors_94237712043736))), "p6sgi.errors.buffered" => Bool::False, "p6sgi.input" => Any, "p6sgi.input.buffered" => Bool::False, "p6sgi.multiprocess" => Bool::False, "p6sgi.multithread" => Bool::False, "p6sgi.run-once" => Bool::False, "p6sgi.url-scheme" => "http", "p6sgi.version" => v0.4.Draft, "p6w.errors" => (my \SCGI::Errors_94237712043736 = SCGI::Errors.new(connection => SCGI::Connection.new(parent => SCGI.new(version => 2.3, port => 8118, addr => "127.0.0.1", socket => IO::Socket::INET.new(encoding => "utf8", host => Str, port => 80, localhost => "127.0.0.1", localport => 8118, backlog => Int, listening => Bool::True, family => 2, proto => 6, type => 1, nl-in => $["\n", "\r\n"], ins => 0), NPH => Bool::False, PSGI => Bool::False, P6SGI => Bool::True, debug => Bool::False, strict => Bool::True, multithread => Bool::False), socket => IO::Socket::INET.new(encoding => "utf8", host => Str, port => 80, localhost => Str, localport => Int, backlog => Int, listening => Bool, family => 2, proto => 6, type => 1, nl-in => $["\n", "\r\n"], ins => 0), err => SCGI::Errors_94237712043736))), "p6w.input" => Any, "p6w.multiprocess" => Bool::False, "p6w.multithread" => Bool::False, "p6w.protocol" => "http", "p6w.run-once" => Bool::False, "p6w.url-scheme" => "http", "p6w.version" => v0.7.Draft, "scgi.request" => SCGI::Request_94237713807648}, input => Any, request => "CONTENT_LENGTH\00\0REQUEST_METHOD\0GET\0REQUEST_URI\0/hg/login/create\0QUERY_STRING\0\0CONTENT_TYPE\0\0DOCUMENT_URI\0/login/create\0DOCUMENT_ROOT\0/var/www/HG/html\0SCGI\01\0SERVER_PROTOCOL\0HTTP/1.1\0REQUEST_SCHEME\0http\0REMOTE_ADDR\0127.0.0.1\0REMOTE_PORT\058104\0SERVER_PORT\080\0SERVER_NAME\0orange\0PATH_INFO\0/login/create\0SCRIPT_NAME\0/hg\0HTTP_HOST\0localhost\0HTTP_USER_AGENT\0Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:50.0) Gecko/20100101 Firefox/50.0\0HTTP_ACCEPT\0text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8\0HTTP_ACCEPT_LANGUAGE\0en-US,en;q=0.5\0HTTP_ACCEPT_ENCODING\0gzip, deflate\0HTTP_COOKIE\0crust-session=401c650e4c55426d9dd4320504165142f225ecc4\0HTTP_DNT\01\0HTTP_CONNECTION\0keep-alive\0HTTP_UPGRADE_INSECURE_REQUESTS\01\0"))}

@skaji
Copy link
Collaborator

skaji commented Nov 26, 2016

Please raise an issue against SCGI (or its dependency, I don't know). I don't think it is intentional.

@adaptiveoptics
Copy link
Contributor Author

Yeah, I looked through all that ;) and I didn't want to mess with Nginx... and I wanted to keep the Lint filters... so I just needed to disable that one little part... ;)

ok thanks :)

@adaptiveoptics
Copy link
Contributor Author

I submitted a pull request with following explanation to the maintainer of Crust::Handler::SCGI to address this issue:

Crust's Lint filter kills Crust if it detects the HTTP_CONTENT_TYPE or HTTP_CONTENT_LENGTH keys in the environment.

RFCs do not prohibit these keys, only specify that CONTENT_TYPE and CONTENT_LENGTH exist. Some web environments do not delete the two HTTP_* keys.

A pull request was submitted to Crust maintainers that cause the Lint filters to ignore HTTP_* key checks so that Crust can work in certain environments that do not delete HTTP_* keys from the SCGI environment.

The Crust maintainer's position is that Crust must die if those variable keys exist because PSGI says that those variable keys must not exist.

SCGI can have these HTTP_* keys without violating RFCs. It is only Crust (following PSGI) that disallows it so extremely.

As the bridge between SCGI and Crust, Crust::Handler::SCGI seems to be the right place to create the PSGI-conforming environment that Crust requires.

This pull request checks to see if HTTP_CONTENT_TYPE or HTTP_CONTENT_LENGTH exists in the environment and deletes them if so, so that Crust will not kill itself in protest.

I do not believe this is a SCGI issue as there is nothing that says these keys cannot exist. It is only Crust that demands it. In the case where I discovered this issue, those keys do not exist, unless a POST is happening.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@adaptiveoptics @skaji