New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
net/http/cgi: should not put port into REMOTE_ADDR and REMOTE_HOST #9861
Comments
Related issue #8351 (Closed) |
That ticket discusses CGI child behavior and re-creation of the http.Request.RemoteAddr out of ENV variables that Apache or other server has set. Sure, when it was set by Go cgi-enabled server, things would go even worse, since REMOTE_ADDR already has "IP:port" it would become "IP:port:0" due to missing REMOTE_PORT var. Here is where error goes in testing of CGI module:
Test sets RemoteAddr to static 1.2.3.4 value while http.Request documentation mentions that it's IP:port string... If anyone would comment why that is string and not carried out net.Conn (*net.TCPConn I believe), I would gladly hear it and educate myself :) Fixing this IMO is out of scope of the problem, REMOTE_ADDR might be corrected in CGI and testing mishap that I described above is a small correction too. |
seems not pushed your changes. Could you please try following.
|
Thanks, @mattn, I think I did some odd things in that one and now finally understood that changes must be staged and not committed. Submitted all in clean new codereview, and also fixed IPv6 error I had in original one there. |
@bradfitz any chance you can take a look? |
In all recent versions (1.4.x) cgi library puts http.Request RemoteAddr into both REMOTE_ADDR and REMOTE_HOST env vars. That is a string that has "IP:port" combination.
CGI 1.1 standard asks to put only IP address to REMOTE_ADDR and omit port... I suggest to make things work this way too.
Apache puts port into REMOTE_PORT variable (which is not in spec and not that important to have). I'd vote for ignoring port alltogether.
The text was updated successfully, but these errors were encountered: