Sorry, that is definitively sorted out. It IS a bug in nginx! It happens with all non ASCII characters, that need to be escaped with "%" in the request "destination" header (which is in use only by MOVE and COPY).
I give you an example:
Rename (=MOVE) file "<www-root>/TheCore.ogm" to "<www-root>/The_Core.ogm":
Request header:
--> MOVE http://andinas/TheCore.ogm HTTP/1.1
--> Destination: http://andinas/The_Core.ogm
Response header:
--> HTTP/1.1 204 No Content
--> Server: nginx/1.5.6
Result: File renamed to "The_Core.ogm". Fine!
Now rename (=MOVE) file "<www-root>/andinas/The_Core.ogm" to "<www-root>/andinas/The_ Core.ogm" (notice the blank after the underscore, but the same is true for äöüß and the like!):
Request header:
--> MOVE http://andinas/The_Core.ogm HTTP/1.1
--> Destination: http://andinas/The_%20Core.ogm
Response header:
--> HTTP/1.1 204 No Content
--> Server: nginx/1.5.6
Result: File renamed to "The_%20Core.ogm". Not so fine!
The escaped blank is treated by nginx MOVE as it was not escaped! That is definitvely bad behaviour.
What do I need to do to get this fixed. Can I file an issue directly. Or will somebody take over automatically now.
BTW: I seem to have encountered a similar issue with this config-file lines:
--> if ( $http_destination ~ https?://[^/]+/(.*) ) { set $httpdest http://localhost:8008/$remote_user/$1; }
(for this (working!) code that makes the destination header ready for proxy_pass to another webdav server with user dependent base folders (pyWebDav allows only one user :-/):
--> proxy_set_header Destination $httpdest;
--> proxy_pass http://127.0.0.1:8008/$remote_user$request_uri;
).
Here again, if $http_destination contains the perfectly correct escaped characters from the webdav client, the resulting $httpdest will additionally escape the "escape" characters.
Example:
Destination File = "<www-root>/The_ Core.ogm"
$http_destination = "http://andinas/The_%20Core.ogm" (correct)
$httpdest = "http://andinas/The_%2520Core.ogm" (wrong!)
Obviously here the highly undesirable transformation happens during the regex matching. But why? Can I switch that off somehow?
sorry if it was way too much text :-)
best regards
ako673de
P.S. if you are still reading: There are two very funny things about the
--> proxy_pass http://127.0.0.1:8008/$remote_user$request_uri;
line:
1) You cannot use localhost here. nginx needs a resolver as soon as there is a variable in the string. And at least I didn't manage to find a resolver that can resolve localhost.
2) Nowhere in the internet is been said, that you need to add $request_uri to the line. You do need! And it must not be $uri, because that has the same escaping issues like the other things I mentioned above.
OK, now I'm done ;-). Please help!
I give you an example:
Rename (=MOVE) file "<www-root>/TheCore.ogm" to "<www-root>/The_Core.ogm":
Request header:
--> MOVE http://andinas/TheCore.ogm HTTP/1.1
--> Destination: http://andinas/The_Core.ogm
Response header:
--> HTTP/1.1 204 No Content
--> Server: nginx/1.5.6
Result: File renamed to "The_Core.ogm". Fine!
Now rename (=MOVE) file "<www-root>/andinas/The_Core.ogm" to "<www-root>/andinas/The_ Core.ogm" (notice the blank after the underscore, but the same is true for äöüß and the like!):
Request header:
--> MOVE http://andinas/The_Core.ogm HTTP/1.1
--> Destination: http://andinas/The_%20Core.ogm
Response header:
--> HTTP/1.1 204 No Content
--> Server: nginx/1.5.6
Result: File renamed to "The_%20Core.ogm". Not so fine!
The escaped blank is treated by nginx MOVE as it was not escaped! That is definitvely bad behaviour.
What do I need to do to get this fixed. Can I file an issue directly. Or will somebody take over automatically now.
BTW: I seem to have encountered a similar issue with this config-file lines:
--> if ( $http_destination ~ https?://[^/]+/(.*) ) { set $httpdest http://localhost:8008/$remote_user/$1; }
(for this (working!) code that makes the destination header ready for proxy_pass to another webdav server with user dependent base folders (pyWebDav allows only one user :-/):
--> proxy_set_header Destination $httpdest;
--> proxy_pass http://127.0.0.1:8008/$remote_user$request_uri;
).
Here again, if $http_destination contains the perfectly correct escaped characters from the webdav client, the resulting $httpdest will additionally escape the "escape" characters.
Example:
Destination File = "<www-root>/The_ Core.ogm"
$http_destination = "http://andinas/The_%20Core.ogm" (correct)
$httpdest = "http://andinas/The_%2520Core.ogm" (wrong!)
Obviously here the highly undesirable transformation happens during the regex matching. But why? Can I switch that off somehow?
sorry if it was way too much text :-)
best regards
ako673de
P.S. if you are still reading: There are two very funny things about the
--> proxy_pass http://127.0.0.1:8008/$remote_user$request_uri;
line:
1) You cannot use localhost here. nginx needs a resolver as soon as there is a variable in the string. And at least I didn't manage to find a resolver that can resolve localhost.
2) Nowhere in the internet is been said, that you need to add $request_uri to the line. You do need! And it must not be $uri, because that has the same escaping issues like the other things I mentioned above.
OK, now I'm done ;-). Please help!