Skip to content

Commit 321ff71

Browse files
mdouninmdounin
committed
Uwsgi: combining headers with identical names (ticket #1724).
The uwsgi specification states that "The uwsgi block vars represent a dictionary/hash". This implies that no duplicate headers are expected. Further, provided headers are expected to follow CGI specification, which also requires to combine headers (RFC 3875, section "4.1.18. Protocol-Specific Meta-Variables"): "If multiple header fields with the same field-name are received then the server MUST rewrite them as a single value having the same semantics".
1 parent 54ce381 commit 321ff71

File tree

1 file changed

+51
-6
lines changed

1 file changed

+51
-6
lines changed

src/http/modules/ngx_http_uwsgi_module.c

Lines changed: 51 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -845,13 +845,13 @@ ngx_http_uwsgi_create_key(ngx_http_request_t *r)
845845
static ngx_int_t
846846
ngx_http_uwsgi_create_request(ngx_http_request_t *r)
847847
{
848-
u_char ch, *lowcase_key;
848+
u_char ch, sep, *lowcase_key;
849849
size_t key_len, val_len, len, allocated;
850850
ngx_uint_t i, n, hash, skip_empty, header_params;
851851
ngx_buf_t *b;
852852
ngx_chain_t *cl, *body;
853853
ngx_list_part_t *part;
854-
ngx_table_elt_t *header, **ignored;
854+
ngx_table_elt_t *header, *hn, **ignored;
855855
ngx_http_uwsgi_params_t *params;
856856
ngx_http_script_code_pt code;
857857
ngx_http_script_engine_t e, le;
@@ -905,7 +905,11 @@ ngx_http_uwsgi_create_request(ngx_http_request_t *r)
905905
allocated = 0;
906906
lowcase_key = NULL;
907907

908-
if (params->number) {
908+
if (ngx_http_link_multi_headers(r) != NGX_OK) {
909+
return NGX_ERROR;
910+
}
911+
912+
if (params->number || r->headers_in.multi) {
909913
n = 0;
910914
part = &r->headers_in.headers.part;
911915

@@ -935,6 +939,12 @@ ngx_http_uwsgi_create_request(ngx_http_request_t *r)
935939
i = 0;
936940
}
937941

942+
for (n = 0; n < header_params; n++) {
943+
if (&header[i] == ignored[n]) {
944+
goto next_length;
945+
}
946+
}
947+
938948
if (params->number) {
939949
if (allocated < header[i].key.len) {
940950
allocated = header[i].key.len + 16;
@@ -968,6 +978,15 @@ ngx_http_uwsgi_create_request(ngx_http_request_t *r)
968978

969979
len += 2 + sizeof("HTTP_") - 1 + header[i].key.len
970980
+ 2 + header[i].value.len;
981+
982+
for (hn = header[i].next; hn; hn = hn->next) {
983+
len += hn->value.len + 2;
984+
ignored[header_params++] = hn;
985+
}
986+
987+
next_length:
988+
989+
continue;
971990
}
972991
}
973992

@@ -1086,7 +1105,7 @@ ngx_http_uwsgi_create_request(ngx_http_request_t *r)
10861105

10871106
for (n = 0; n < header_params; n++) {
10881107
if (&header[i] == ignored[n]) {
1089-
goto next;
1108+
goto next_value;
10901109
}
10911110
}
10921111

@@ -1109,15 +1128,41 @@ ngx_http_uwsgi_create_request(ngx_http_request_t *r)
11091128
}
11101129

11111130
val_len = header[i].value.len;
1131+
1132+
for (hn = header[i].next; hn; hn = hn->next) {
1133+
val_len += hn->value.len + 2;
1134+
}
1135+
11121136
*b->last++ = (u_char) (val_len & 0xff);
11131137
*b->last++ = (u_char) ((val_len >> 8) & 0xff);
1114-
b->last = ngx_copy(b->last, header[i].value.data, val_len);
1138+
b->last = ngx_copy(b->last, header[i].value.data,
1139+
header[i].value.len);
1140+
1141+
if (header[i].next) {
1142+
1143+
if (header[i].key.len == sizeof("Cookie") - 1
1144+
&& ngx_strncasecmp(header[i].key.data, (u_char *) "Cookie",
1145+
sizeof("Cookie") - 1)
1146+
== 0)
1147+
{
1148+
sep = ';';
1149+
1150+
} else {
1151+
sep = ',';
1152+
}
1153+
1154+
for (hn = header[i].next; hn; hn = hn->next) {
1155+
*b->last++ = sep;
1156+
*b->last++ = ' ';
1157+
b->last = ngx_copy(b->last, hn->value.data, hn->value.len);
1158+
}
1159+
}
11151160

11161161
ngx_log_debug4(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
11171162
"uwsgi param: \"%*s: %*s\"",
11181163
key_len, b->last - (key_len + 2 + val_len),
11191164
val_len, b->last - val_len);
1120-
next:
1165+
next_value:
11211166

11221167
continue;
11231168
}

0 commit comments

Comments
 (0)