@kyanny's blog

My thoughts, my life. Views/opinions are my own.

RFC3875 (CGI の仕様) の Protocol-Specific Meta-Variables について

Apache でプロキシサーバをたてて、デバッグ用に独自のリクエストヘッダを追加してみる: httpd.conf にこんなふうに書く。

ProxyRequests On
RequestHeader set X-Foo 1

このヘッダの値を Apache (proxy) -> Perlbal (reverse_proxy) -> Apache (Passenger) -> Rails という構成のもとで動いてる Rails アプリケーションから取得したかったのだけど、 X-Foo ではなくて HTTP_X_FOO という名前に変わっていた

  1. HTTP_ という prefix がついている
  2. ハイフンがアンダースコアに変わっている
  3. 全部大文字になっている

これらの違いについて、経験的にそういう風になることはなんとなく知っていたけど根拠を理解していなかった。 RFC3875 の 4.1.18. Protocol-Specific Meta-Variables に載っていると教えてもらった。

4.1.18.  Protocol-Specific Meta-Variables

   The server SHOULD set meta-variables specific to the protocol and
   scheme for the request.  Interpretation of protocol-specific
   variables depends on the protocol version in SERVER_PROTOCOL.  The
   server MAY set a meta-variable with the name of the scheme to a
   non-NULL value if the scheme is not the same as the protocol.  The
   presence of such a variable indicates to a script which scheme is
   used by the request.

   Meta-variables with names beginning with "HTTP_" contain values read
   from the client request header fields, if the protocol used is HTTP.
   The HTTP header field name is converted to upper case, has all
   occurrences of "-" replaced with "_" and has "HTTP_" prepended to
   give the meta-variable name.  The header data can be presented as
   sent by the client, or can be rewritten in ways which do not change
   its semantics.  If multiple header fields with the same field-name
   are received then the server MUST rewrite them as a single value
   having the same semantics.  Similarly, a header field that spans
   multiple lines MUST be merged onto a single line.  The server MUST,
   if necessary, change the representation of the data (for example, the
   character set) to be appropriate for a CGI meta-variable.

   The server is not required to create meta-variables for all the
   header fields that it receives.  In particular, it SHOULD remove any
   header fields carrying authentication information, such as
   'Authorization'; or that are available to the script in other
   variables, such as 'Content-Length' and 'Content-Type'.  The server
   MAY remove header fields that relate solely to client-side
   communication issues, such as 'Connection'.

ということで、 CGI の仕様でそうなる、という根拠を理解できてよかった。 RFC など、原典にあたる、というのは大切なんだな。

http://d.hatena.ne.jp/tokiharu/20080526/1211803143 にも、同じ話題がより詳しく噛み砕いて書いてある。