|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #38602 header( "HTTP/1.0 ..." ) does not change proto ver. Fix included.
Submitted: 2006-08-26 00:02 UTC Modified: 2006-11-09 00:13 UTC
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: tomsn at inetoffice dot com Assigned: iliaa
Status: Closed Package: Apache2 related
PHP Version: 5.1.5 OS: Linux
Private report: No CVE-ID:
 [2006-08-26 00:02 UTC] tomsn at inetoffice dot com
1. Create a php script with header("HTTP/1.0 200 OK") at the end. That call is documented to change the protocol number of the response to 1.0.
2. Use mod_dumpio in Apache2 to observe the sent headers from any HTTP/1.1 request, or you can use Firefox Live HTTP Headers header watcher, or whatever.
RESULT: Apache sends HTTP/1.1 200 OK as the response header.
EXPECT: Apache to respect your wishes and send HTTP/1.0 200 OK as the response header.

The problem results from the way Apache2 tracks the pieces of the resultant status line seperately. The httpd.h structure request_rec has fields status_line, status, and proto_num. These are analyzed and combined within Apache in a mystical and magical way. The fix to this bug is to give it an updated proto_num and to send it a special apache_setenv().


sapi/apache2handler/sapi_apache2(121) -- 

Has the following code used to transmit the HTTP response status line to Apache:

/* httpd requires that r->status_line is set to the first digit of
* the status-code: */
if (sline && strlen(sline) > 12 && strncmp(sline, "HTTP/1.", 7) == 0 
	&& sline[8] == ' ') {
	ctx->r->status_line = apr_pstrdup(ctx->r->pool, sline + 9);

Insert into that code the following line just before the end curly:
      ctx->r->proto_num = 1000 + (sline[7]-'0');

That funky 1000 + expression is how apache2 tracks HTTP protocol numbers internally. See their HTTP_VERSION() macro.

NOW, although this added line of code sends Apache an accurate status line protocol number, Apache is in the habit of ignoring it. To force Apache to really use it, you can either code the following apache_setenv() into PHP as a special case of send headers, or you can document for the user that they need to call it from their script. The call is:
    apache_setenv( "force-response-1.0", "true" );

I hope this is of some use to you. Thanks for all the excellent work in building and maintaining PHP.

Reproduce code:
header("HTTP/1.0 200 OK");

Expected result:
Browser to receive this header:

HTTP/1.0 200 OK

Actual result:
Browser receives this header:

HTTP/1.1 200 OK

(notice the last 1 in /1.1)


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2006-08-27 22:31 UTC]
You need to send the Status header to change the status.
 [2006-09-25 10:59 UTC] tomsn at inetoffice dot com
The reported bug is not related to setting a Status.

Rather, it describes a problem with setting the HTTP result protocol version to 1.0. The docs and specs are very clear that this should be possible, as described in the bug. It is not currently possible with Apache.
 [2006-11-09 00:13 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Mon Mar 02 15:02:00 2015 UTC