diff options
| author | root <root@rbsd.ankarstrom.se> | 2021-04-29 00:02:41 +0000 |
|---|---|---|
| committer | root <root@rbsd.ankarstrom.se> | 2021-04-29 00:11:29 +0000 |
| commit | 96e026c1815f123e5a60ee106cb802fc841faa6c (patch) | |
| tree | 5f410a9d50a757e21b104afc2d22a8a22551b60d /README | |
| parent | 6cac80b5c80e89ac46e8a8fc928aa98de183a47f (diff) | |
| download | Apache-Inject-master.tar.gz | |
Apparently, an Apache filter can be invoked more than once for a
single request, depending on the size of the contents [1].
Luckily, though, a filter can save state in the ctx field [1,2].
The solution isn't perfect, as it can't handle arbitrary long heads,
but they're very unlikely.
[1] https://httpd.apache.org/docs/2.4/developer/output-filters.html#invocation
[2] https://perl.apache.org/docs/2.0/user/handlers/filters.html#Introducing_Filters
Diffstat (limited to 'README')
| -rw-r--r-- | README | 55 |
1 files changed, 30 insertions, 25 deletions
@@ -116,31 +116,36 @@ OPERATION and forwards their combined contents. CAVEATS - Apache::Inject::Filter uses a regular expression to determine the proper - location of the injected header. It supports all valid HTML. However, it - does not parse embedded CSS and JavaScript, which means that it is - *possible* to construct an example where it will fail: - - <script> - /* this looks like the closing tag for script: </script> */ - /* this looks like an opening tag for a new element: <title> */ - </script> - <body> - This is where the header <i>should</i> be inserted. - <script> - /* this looks like the closing tag for the title: </title> - This is where the header is <i>actually</i> inserted. - */ - </script> - </body> - - This specific type of document, however, is *incredibly* unlikely. In - this case, an ad-hoc solution is simpler, more efficient and more - maintainable than a general one. - - On FreeBSD, you may need to enable the accf_http kernel module in order - for the tests to work. Note that Apache::Inject works fine without the - module; it is only the tests that require it. + * Apache::Inject::Filter uses a regular expression to determine the + proper location of the injected header. It supports all valid HTML. + However, it does not parse embedded CSS and JavaScript, which means + that it is *possible* to construct an example where it will fail: + + <script> + /* this looks like the closing tag for script: </script> */ + /* this looks like an opening tag for a new element: <title> */ + </script> + <body> + This is where the header <i>should</i> be inserted. + <script> + /* this looks like the closing tag for the title: </title> + This is where the header is <i>actually</i> inserted. + */ + </script> + </body> + + This specific type of document, however, is *incredibly* unlikely. + In this case, an ad-hoc solution is simpler, more efficient and more + maintainable than a general one. + + * Because of how Apache filters work, Inject may fail to find the end + of the <head> if the <head> is very long (in my experience over 7000 + characters). If this happens, it will decline the request, and the + contents will be served as though Inject had not been enabled. + + * On FreeBSD, you may need to enable the accf_http kernel module in + order for the tests to work. Note that Apache::Inject works fine + without the module; it is only the tests that require it. DIAGNOSTICS Apache::Inject and Apache::Inject::Filter log all errors and warnings to |