Kristaps points out that the current HTTP/1.1 draft standard (RFC

2616) requires the Location: response-header field to be an absolute
URI (14.30), and only the most recent proposed standard (RFC 7231),
which is barely a month old, allows a relative Location: (7.1.2).
While most modern browsers appear to support relative Location:
headers, some may not, and it's maybe a bit early to rely on relative
Location: headers.

I'm not going back to the HTTP_HOST or SERVER_NAME CGI variables,
though.  While some CGI programs certainly require those, in which
case both the CGI programmer and the web server admin have to be
very careful to keep the system secure and reliable, man.cgi(8)
does not really need them.  We always know at compile time which
domain we are running for, and for man.cgi(8), security and reliability
are definitely much more important than flexibility.  So make HTTP_HOST
a compile-time definition for now.

1 files changed, 3 insertions, 3 deletions

diff --git a/usr.bin/mandoc/cgi.c b/usr.bin/mandoc/cgi.c
index ceb3e8d903e..ea00f9c97f2 100644
--- a/usr.bin/mandoc/cgi.c
+++ b/usr.bin/mandoc/cgi.c
@@ -1,4 +1,4 @@
-/*	$Id: cgi.c,v 1.17 2014/07/19 13:15:07 schwarze Exp $ */
+/*	$Id: cgi.c,v 1.18 2014/07/21 15:44:22 schwarze Exp $ */
 /*
  * Copyright (c) 2011, 2012 Kristaps Dzonsons <kristaps@bsd.lv>
  * Copyright (c) 2014 Ingo Schwarze <schwarze@usta.de>
@@ -560,8 +560,8 @@ pg_searchres(const struct req *req, struct manpage *r, size_t sz)
 		 * without any delay.
 		 */
 		printf("Status: 303 See Other\r\n");
-		printf("Location: %s/%s/%s?",
-		    scriptname, req->q.manpath, r[0].file);
+		printf("Location: http://%s%s/%s/%s?",
+		    HTTP_HOST, scriptname, req->q.manpath, r[0].file);
 		http_printquery(req);
 		printf("\r\n"
 		     "Content-Type: text/html; charset=utf-8\r\n"