Do not reference HTTP_VERSION internally #969
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
HTTP_VERSION is supposed to be a client supplied header. This usage
inside Rack is conflating it with SERVER_PROTOCOL, which imo is instead
also conflating it with the client's HTTP version from the request line.
In any of these cases, HTTP_VERSION is set when an existing Version
header doesn't already exist. So it's possible to send a Version header
to conflict with the expected behaviors.
According to the CGI spec
(https://tools.ietf.org/html/draft-robinson-www-interface-00)
This is an anscillary issue with Rack, but will leave that open for
discussion since this behavior already exists.
Notes
It's worth noting that this incorrect behavior is happening as a result of https://github.com/rack/rack/blob/028438f/lib/rack/handler/cgi.rb#L29 (and in all other handlers). I believe this behavior should be changed and not set to HTTP_VERSION in the first place. See my follow up: #970
Lastly, I'm not super familiar with Rack, but this seems problematic to rely on
SERVER_PROTOCOL
forTransfer-Encoding
behaviors since what you really want is the client's HTTP version. I've looked into WEBrick only, but theirSERVER_PROTOCOL
does NOT mean the protocol of the request. WEBrick has a separaterequest.http_version
as opposed torequest.env_meta['SERVER_PROTOCOL']
. Not sure about the others.