Spiffy CGI Handlers
Spiffy handlers which add support for CGI and derivatives (currently only FastCGI).
Support for the FastCGI server-side specification. This allows you to run FastCGI client processes like Rails or PHP as backends to be accessed from Spiffy.
You can load it via the fcgi-handler module:
The fcgi-handler module exports two procedures:[procedure] (fcgi-handler app-name #!key (continue #f))
TODO: Document this.[procedure] (fcgi-register-application name role filename socket prespawn maxspawn)
TODO: Document this.
Role is one of the role constants fcgi-responder, fcgi-authorizer or fcgi-filter.[constant] fcgi-responder
Constants that store role identifiers for use in fcgi-register-application.
This egg includes support for the old-fashioned CGI/1.1 protocol, as specified by RFC 3875. It includes a few workarounds required for PHP as well.
You can load it via the cgi-handler module:
All request headers will be passed as environment variables to the CGI program, prefixed with "HTTP_", and converted to uppercase, with hyphens ("-") replaced by an underscore ("_"). The CGI program will receive the request body in unparsed form from stdin and should write a complete HTTP response to stdout. Any headers that are missing but required for HTTP will be added by Spiffy. For more info on how a CGI script is called, consult the spec.
The AUTH_TYPE and REMOTE_USER environment variables are currently not set during invocation of CGI subprocesses. The REMOTE_IDENT environment variable is not and never will be supported.
The cgi-handler module exports two procedures:[procedure] (cgi-handler filename [interpreter])
The cgi handler simply calls CGI scripts. It is assumed the requested file is executable if no interpreter is given. (If used as a regular handler, it will only receive the filename). If the filename is a relative path, it is assumed to be relative to (root-path). It's safer to store your scripts outside the docroot, though![procedure] (cgi-handler* [interpreter])
The cgi-handler* procedure is usually more useful. It allows you to define an interpreter to use for files and returns a new handler. See spiffy's example for file-extension-handlers.
The CGI handler can be configured with the following parameters:[procedure] (cgi-default-environment [env-alist])
The environment variables that should be in the default environnment of every CGI program. Variables like SCRIPT_NAME will be added dynamically to the end of this alist.
(("GATEWAY_INTERFACE" . "CGI/1.1"))
- Avoid "httpoxy" attack by not converting a Proxy header to a HTTP_PROXY environment variable (CVE-2016-6286).
- Reduce copy/pasted code between FCGI and CGI by putting it in one file.
- Do not use stock intarweb header parser for parsing CGI response: this was made more strict so CRLF was required, instead of just the LF which CGI wants.
- Remove dependency on the regex egg.
- Rework the FCGI header parsing to fix spurious line break issues.
- Support the non-blocking sockets produced by the socket egg in version 0.2.3 and later.
- Include the query string, as well as the path, in REQUEST_URI.
- Initial release of FastCGI module and moved CGI module from Spiffy to this egg.
Two BSD-like licenses apply. For the Scheme code, a standard 3-clause BSD license applies:
Copyright (c) 2012, Andy Bennett <email@example.com> Copyright (c) 2007-2009, 2016 Peter Bex Copyright (c) 2000-2005, Felix L. Winkelmann All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. Neither the name of the author nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
and, for the fastcgi C code the following license applies:
This FastCGI application library source and object code (the "Software") and its documentation (the "Documentation") are copyrighted by Open Market, Inc ("Open Market"). The following terms apply to all files associated with the Software and Documentation unless explicitly disclaimed in individual files. Open Market permits you to use, copy, modify, distribute, and license this Software and the Documentation for any purpose, provided that existing copyright notices are retained in all copies and that this notice is included verbatim in any distributions. No written agreement, license, or royalty fee is required for any of the authorized uses. Modifications to this Software and Documentation may be copyrighted by their authors and need not follow the licensing terms described here. If modifications to this Software and Documentation have new licensing terms, the new terms must be clearly indicated on the first page of each file where they apply. OPEN MARKET MAKES NO EXPRESS OR IMPLIED WARRANTY WITH RESPECT TO THE SOFTWARE OR THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION ANY WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL OPEN MARKET BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY DAMAGES ARISING FROM OR RELATING TO THIS SOFTWARE OR THE DOCUMENTATION, INCLUDING, WITHOUT LIMITATION, ANY INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES OR SIMILAR DAMAGES, INCLUDING LOST PROFITS OR LOST DATA, EVEN IF OPEN MARKET HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE SOFTWARE AND DOCUMENTATION ARE PROVIDED "AS IS". OPEN MARKET HAS NO LIABILITY IN CONTRACT, TORT, NEGLIGENCE OR OTHERWISE ARISING OUT OF THIS SOFTWARE OR THE DOCUMENTATION.