Bug 1466799

Summary: mod_wsgi forces HEAD to GET
Product: Red Hat Enterprise Linux 7 Reporter: Attila Fazekas <afazekas>
Component: mod_wsgiAssignee: Luboš Uhliarik <luhliari>
Status: CLOSED ERRATA QA Contact: Jan Houska <jhouska>
Severity: urgent Docs Contact: Ioanna Gkioka <igkioka>
Priority: high    
Version: 7.4CC: afazekas, bnater, dmasirka, igkioka, jkejda, jorton, jreznik, knoha, luhliari, mburns, salmy, uemit.seren, yprokule
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: mod_wsgi-3.4-18.el7 Doc Type: Bug Fix
Doc Text:
Previously, the mod_wsgi adapter was mapping any HEAD request to a GET request. As a consequence, applications served different content for the HEAD and GET requests. This update adds the WSGIMapHEADToGET directive to fix the unexpected behavior of applications. Note that the directive can be set to "Auto" (default), "On" to always map a HEAD to GET request even if no output filters are detected, or "Off" to always preserve the original request method type. As a result, users can set WSGIMapHEADToGET accordingly, and the described problem no longer occurs.
 Story Points: ---
Clone Of:
: 1623666 (view as bug list) Environment:
Last Closed: 2018-10-30 11:19:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1610453, 1615238, 1623666    

Description Attila Fazekas 2017-06-30 13:32:39 UTC 
Description of problem:
I have an application which per the API documentation serves different content
depending on is it HTTP HEAD or GET method.

mod_wsgi fakes the HEAD requests to GET in order to enforce cache consistent behavior of the responses (my responses are not cache-able anyway).

Regardless to how questionable the different responses on the HEAD/GET mod_wsgi must not hide the real request method by default, at least it should give an option for not hiding it.

Version-Release number of selected component (if applicable):
mod_wsgi-3.4-12.el7_0.x86_64

How reproducible:
always

Steps to Reproduce:
1. Install latest opensatck keystone behind mod_wsgi
2. run tempest identity tests


Actual results:
3. api compatibility test fails, unexpected status code.



Additional info:
Bumping to mod_wsgi >=4.3.0 works in my case, without a config change,
but this version also introduces the 'WSGIMapHEADToGET Off' option, in case the automatic behavior wouldn't be correct.

(4.5.15 also works)


Can you rebase mod_wsgi on mod_wsgi >=4.3.0 ?
Comment 3 Joe Orton 2017-07-14 07:17:27 UTC 
We are shipping current versions of mod_wsgi in RHSCL, can you use that if you need it?

python27-mod_wsgi-4.5.13-1.el7.x86_64
rh-python34-mod_wsgi-4.4.3-2.el7.x86_64
rh-python35-mod_wsgi-4.4.21-1.el7.x86_64
rh-python36-mod_wsgi-4.5.13-1.el7.x86_64
Comment 5 Mike Burns 2017-07-18 12:43:08 UTC 
The issue we're seeing is in OpenStack and we don't rely on RHSCL currently and would like to avoid it if we can.  We could maybe use it for testing, but we can't force customers to enable a new repository in the middle of a release.
Comment 7 Attila Fazekas 2017-08-18 15:28:23 UTC 
mburns already provided the answer.
Comment 31 errata-xmlrpc 2018-10-30 11:19:02 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3210