Fossil Forum

RFC: is adding REQUEST_SCHEME to /ext environment a bad idea?
Login

RFC: is adding REQUEST_SCHEME to /ext environment a bad idea?

(1) By Stephan Beal (stephan) on 2020-12-12 08:24:14 [source]

While trying to get a CGI running under /ext this morning i came across a bit in the underlying framework which determines whether it should set the secure cookie property based on whether the client is using HTTP or HTTPS. Apache communicates that to scripts with the REQUEST_SCHEME environment variable by setting the value to "http" or "https" (or perhaps something more esoteric).

This branch:

https://fossil-scm.org/home/timeline?r=ext-request-scheme

Adds REQUEST_SCHEME to the /ext environment, but whether or not that's a genuinely great idea is in question. It's not a CGI-standard variable. Insofar as i can determine it's Apache-specific, but i'm unable to find another bit in the fossil-passed-on environment which can tell the script whether it's running under https or not.

This may end up being a moot point, anyway, because /ext CGIs cannot currently pass on any cookies, making the passing on of the affected (in my client script) cookie impossible.

:-?

(2) By Richard Hipp (drh) on 2020-12-12 14:09:43 in reply to 1 [link] [source]

(3) By Stephan Beal (stephan) on 2020-12-12 14:18:14 in reply to 2 [link] [source]

See changes at

Typo:

 cgi_setenv("REQUEST_SCHEMA",zSchema);

Should be REQUEST_SCHEME. You've obviously been working around databases too long ;).