CGI 1.1 -- Open Issues
Below is a list material issues of fact still open in the definition of
CGI 1.1 Best Current Practice. The section numbers refer to the draft
in preparation, and do not correspond to any other earlier draft.
- Invalid PATH_INFO
If a server sees a PATH_INFO that it doesn't like, is it permitted to
continue the request with the PATH_INFO deleted, or must it return an error?
The server should return an error.
IPv6 addressing was added to REMOTE_ADDR and SERVER_NAME. Is any server
actually using this? Note that in URLs IPv6 addresses are bracketed
by '[' ']'; should this also be the case in REMOTE_ADDR, SERVER_NAME
and possibly REMOTE_HOST?
IPv6 addresses should be in "[addr]" format in the SEVER_NAME, for the
- Null SCRIPT_NAME
Suppose the SCRIPT_NAME is a null path (either "/" or "" equivalently).
http://myhost executes the CGI script /www/cgi-bin/root.pl.
Can SCRIPT_NAME be left unset? (§ 4.1.13)
- Null SCRIPT_NAME & PATH_INFO
In the previous example, is
PATH_INFO of "/" or ""?
http://myhost/some/path should set PATH_INFO to
However, Apache 1.3.27 fails with error 'can't find file
/www/cgi-bin/root.plsome/path'!] (§ 4.1.13 & § 4.1.5)
Both are valid partitionings, however it may not be appropriate to
set PATH_INFO if SCRIPT_NAME is blank
- SERVER_NAME/PORT & Host: header
Is SERVER_NAME:SERVER_PORT the physical or virtual recipient of the
request? i.e. does it reflection the TCP host/port, or that in the Host:
header? [Why does Host: allow a port?] (§§ 4.1.14/4.1.15)
It's the virtual SERVER_NAME/SERVER_PORT, but as configured in the
server, not as supplied in the Host header
- Request message-body charset
Presumably, on an non-ASCII system the server will not convert
POST data to the local character set. (§ 4.2)
- HEAD method
Will a server discard script output on a HEAD request?
Yes, if it wishes to conform to the HTTP spec.
- NULL Content-Type
If a script does not supply a content-type:, what should the server do?
[Apache uses its default type, which is almost certainly wrong.]
The server SHOULD NOT supply a default, unless it has extra information
unavailable to the client that would allow it to make a more informed guess.
- Location & request methods
Is a redirect really supported for methods other than GET/HEAD?
[Apache changes the request method to GET on a redirect] (§ 6.3.2)
It's allowed, but not necessarily useful
- Status messages
Must the server preseve the same error text in a Status: header, or can
it use its own error message for the specified error code?
It should return the CGI's text; it may more informative