0

I've just installed a new webserver (Debian Buster, Apache, Dovecot, ISPConfig) to replace an old webserver. One of my websites uses custom request headers (through Javascript) to pass information to a perl script on the server:

XMLHttp.open("POST", "http://myserver.com/bin/FileUpload.cgi", true);          
XMLHttp.setRequestHeader("Content-type", fileToUpload.type);
XMLHttp.setRequestHeader("X_UPLOAD_FILETYPE", fileToUpload.type);
XMLHttp.setRequestHeader("X_UPLOAD_FILENAME", fileToUpload.name);
XMLHttp.setRequestHeader("X_UPLOAD_USER", currentUser);
XMLHttp.send(fileToUpload);

On the old server, I was able to read these extra custom headers from perl as follows:

$ft = $ENV{'HTTP_X_UPLOAD_FILETYPE'};
$fn = $ENV{'HTTP_X_UPLOAD_FILENAME'};
$uu = $ENV{'HTTP_X_UPLOAD_USER'};

On the new server, this fails. Checking the environment variables show the custom headers do not exist. I'm guessing this is an apache2 setting? mod_headers is enabled.

1 Answer 1

0

To answer my own question:

Officially, underscores are invalid characters for use in HTTP request headers. Headers containing invalid characters are ignored by Apache. So instead of

XMLHttp.setRequestHeader("X_UPLOAD_FILETYPE", fileToUpload.type);
XMLHttp.setRequestHeader("X_UPLOAD_FILENAME", fileToUpload.name);
XMLHttp.setRequestHeader("X_UPLOAD_USER", currentUser);

I should send this:

XMLHttp.setRequestHeader("X-UPLOAD-FILETYPE", fileToUpload.type);
XMLHttp.setRequestHeader("X-UPLOAD-FILENAME", fileToUpload.name);
XMLHttp.setRequestHeader("X-UPLOAD-USER", currentUser);

Oddly enough, the dashes are then converted to underscores server side. And I have no idea why. So reading these environment variables:

$ft = $ENV{'HTTP-X-UPLOAD-FILETYPE'};
$fn = $ENV{'HTTP-X-UPLOAD-FILENAME'};
$uu = $ENV{'HTTP-X-UPLOAD-USER'};

yields empty strings, while these environment variables:

$ft = $ENV{'HTTP_X_UPLOAD_FILETYPE'};
$fn = $ENV{'HTTP_X_UPLOAD_FILENAME'};
$uu = $ENV{'HTTP_X_UPLOAD_USER'};

gives the values I am after...

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .