Hello again,> Dear Maintainer, > > mini-httpd as currently found in > https://salsa.debian.org/debian/mini-httpd/- > /blob/master/mini_httpd.c?ref_type=heads > violates the CGI RFC (RFC-3875). The RFC specifies in "5.2 NPH > Response" > that an "NPH script MUST return a complete HTTP response message", > and > more "The server MUST ensure that the script output is sent to the > client unmodified." But mini-http actually DOES modify the HTTP > response > from NPH CGIs. It prefixes the script output with a fixed "HTTP/1.0 > 200 > OK" header, even if the NPH CGI wants to report a different status. > This > happens only if SSL is active. Acknowledged, thanks for the test case and proposed solution. This will be incorporated into mini-httpd-1.30.9.
Thanks for your contribution to Debian, Alexandru Mihail, mini-httpd maintainer