https://bz.apache.org/bugzilla/show_bug.cgi?id=68973
Bug ID: 68973
Summary: Content-Length header missing in 2.4.59 is a breaking
change
Product: Apache httpd-2
Version: 2.4.59
Hardware: PC
OS: All
Status: NEW
Severity: blocker
Priority: P2
Component: All
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
I believe that you are severely underestimating the negative consequences of
your decision to remove the possibility to send the Content-Length header with
the latest update 2.4.59.
For decades, the Content-Length header has been used to determine the file size
that is delivered through PHP.
Existing software is relying on this value. For example, I am using this value
in an update mechanism to show the file size to be downloaded. At the same
time, this value indicates if there is a valid file to be delivered. If there
is no file size, there is no valid file and the download isn't even started.
It was not to be expected that this header would ever be removed, so it was
relied upon. You will find hundreds of scripts on StackOverflow relying on this
value.
Existing software is relying on this value.
This breaking change is not documented. There is no warning and the loss of
Content-Length isn't even mentioned in the changelog:
https://downloads.apache.org/httpd/CHANGES_2.4
I have now lost three full work days discussing this issue with my server
provider and trying everything to find the reason and a solution for this
issue.
As I now learned in another topic here, this hidden change was part of a
security fix and the only working solution is to adjust the trust level with
htaccess like this:
SetEnvIf Request_URI "\.php$" ap_trust_cgilike_cl
While at least there is this workaround, this is still a breaking change and
shoul be treated as such. Since it is not, it was possibly an unintentional
change.
I urge you to reverse this change so as not to break any more existing
software.
It would also be highly recommended to include a corresponding note for the
current version 2.4.59 in the changelog.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
