diff --git a/README.md b/README.md index db65285..820b021 100644 --- a/README.md +++ b/README.md @@ -88,7 +88,7 @@ [4: how the server prepare the cgi requests](https://www.rfc-editor.org/rfc/rfc3875#section-4) - the cgi receives 2 differents set of informations : - - the request meta-variables, + - the request meta-variables (in UNIX, by env variables) - and the message-body [4.1: request meta-variables](https://www.rfc-editor.org/rfc/rfc3875#section-4.1) @@ -138,8 +138,40 @@ - if there is a body in the response, a Content-Type field must be present - if there is no Content-Type, the server must not attempt to determine one - Location : - + - the local URI path must be an absolut path, not a relative path, nor NULL + - the local URI path must, then, start with "/" + - the absolut URI start with ":" - Status : + - a 3-digit integer code + - 4 standards : + - 200 'OK' indicates success, it's the default value + - 302 'Found' with Location header and response message-body + - 400 'Bad Request' an unknown request format, like missing CONTENT-TYPE + - 501 'Not Implemented' the script received unsupported REQUEST-METHOD + - construction: `Status:400 "explication of the error"\n` +- the cgi-script can return other header fields, concerning the response message + - the server must translate cgi-headers syntax into http-header syntax + - for exemple, newline can be encoded in different ways +- the cgi-script must not return header fields concerning client-side communication + - the server can remove such fields + - (not sure : https://www.rfc-editor.org/rfc/rfc3875#section-6.3.4) + - the server must resolve conflicts between script-header fields and themselves + +[6.3: cgi message body](https://www.rfc-editor.org/rfc/rfc3875#section-6.4) +- the server must read it untill EOF +- the server must not modify it, except to convert charset if needed + +[7 and 8: usefull informations about implementation and security](https://www.rfc-editor.org/rfc/rfc3875#section-7) + +- le cgi-script doit renvoyer au moins un header suivit d'une ligne vide +- il peut dans certains cas envoyer d'autres headers +- le serveur doit verifier qu'il n'y a pas de doublons dans les headers +- le serveur doit verifier le formatage des headers (typiquement l'encodage, par exemple pour les newlines) +- ? comment on passe le body-message au script ? section 4.2 +- ? on doit gerer l'authentification ? +- ? pourquoi on doit construire un script-cgi ? section 3.3 +- ? si l'uri correspond au script-cgi, ca appel le script donc ? section 3.3 + --- ## cgi env variables