nginx misbehaviour in conjunction with non-ASCII characters

ako673de nginx-forum at nginx.us
Thu Dec 19 14:19:07 UTC 2013


> > On Wed, Dec 18, 2013 at 06:27:31PM -0500, ako673de wrote:
> > Found a bug in implementation of MOVE and COPY (webdav) methods. It
happens if destination header contains non-ASCII characters (that need to be
escaped with "%").

> I have a patch for that, would you like to try it?

Well, currently I need to work around the lack of LOCK features with another
WebDav server (see below) anyway. Therefore I can live without patching
nginx. For me it would be perfectly alright to have it in the next release.
But maybe someone else out there might need it more urgently...?

> > Found a similar issue with this config-file line:
> > --> if ( $http_destination ~ https?://[^/]+/(.*) ) { set $httpdest
http://localhost:8008/$remote_user/$1; }

> Don't use rewrite.  nginx's DAV module supports relative URLs.

With "proxy_set_header Destination /$http_user$http_destination;" ...
... I get "Destination: /<user>http://<host:port>/<path>/<file>\r\n" ...
... which of course is wrong!

The reason for your snippet giving correct results is simply that your
"printf | nc" is wrong! Webdav clients unfortunately often (or always?) have
the "http://<host:port>/" part included in the destination header.

And then you can't simply add strings together any more but need to separate
host and path parts in order to insert the user part. I simply don't know of
another way to do so except "regex rewrite". Other ideas?

best regards
ako673de

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,245702,245720#msg-245720



More information about the nginx mailing list