HTTP Header Issues?

[sirrkitt]

After spending a few days fighting to get Sabredav running with Caddy (and a few other webservers) via php-fpm, I noticed that I was struggling to get the server to work. I messed around with a bunch of stuff and I kept getting 5xx errors whenever I should have received 4xx or 207 statuses. I'm not sure if Caddy and other servers are just discarding the status responses that Sabredav is sending, or if the statuses are being composed incorrectly.

I spent the whole night digging around and hacked some edits to the Sabre\HTTP\Sapi class and figured out that either the headers are incorrectly formed or they're just incompatible with Caddy. I tweaked some of the code and ended up replacing all of the single quotes with double quotes and changed line 66 to:

header("Status: ".$response->getStatus()." ".$response->getStatusText());

I'm not a very proficient coder but this was enough to get Caddy + php 8.1.3 + php-fpm to appear to work correctly. I'm assuming that this probably breaks other headers that Sabredav (and everything using the sabre/http library) sets, but it gets the HTTP Status headers to work correctly.

Here's an example log entry I was getting before:

Mar 04 10:36:17 mail.server.tld caddy[1142361]: {"level":"error","ts":1646390177.6592603,"logger":"http.log.error","msg":"malformed MIME header: missing colon: \"HTTP/2.0 404 Not Found\"","request":{"remote_addr":"216.25.210.230:60265","proto":"HTTP/2.0","method":"GET","host":"calendar.server.tld","uri":"/pepsi","headers":{"Upgrade-Insecure-Requests":["1"],"Authorization":["Basic auth"],"Sec-Ch-Ua":["\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"99\", \"Google Chrome\";v=\"99\""],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Ch-Ua-Platform":["\"Windows\""],"Sec-Fetch-Site":["none"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Sec-Fetch-Dest":["document"],"Accept-Language":["en-US,en;q=0.9"],"Cache-Control":["max-age=0"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-User":["?1"],"Accept-Encoding":["gzip, deflate, br"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","proto_mutual":true,"server_name":"calendar.server.tld"}},"duration":2.797615189,"status":502," err_id":"zbp0a19qv","err_trace":"reverseproxy.statusError (reverseproxy.go:886)"}

Caddy complains about a missing colon (and I guess never recognizes it as a status header) and just assumes that php-fpm is broken and returns a 502 error/status to the client. It ends up doing this for any error that isn't 200.