fix: set $_SERVER variables: 'SCRIPT_NAME', 'PHP_SELF', and 'PATH_INFO'

[henderkes]

fixes #2274 (comment)

apache/nginx/caddy pass PHP_SELF as SCRIPT_NAME + PATH_INFO, but our PATH_INFO wasn't working because our matcher stripped the rest of the path.

request url: localhost/index.php/en

# was non-worker:
SCRIPT_NAME: /index.php
PATH_INFO: 
PHP_SELF: /index.php
REQUEST_URL: /en

# was fastcgi:
SCRIPT_NAME: /index.php
PATH_INFO:  /en
PHP_SELF: /index.php/en
REQUEST_URL: /en

# was php_server worker
SCRIPT_NAME:
PATH_INFO:
PHP_SELF: /en
REQUEST_URL: /en

# now is always:
SCRIPT_NAME: /index.php
PATH_INFO: /en
PHP_SELF: /index.php/en
REQUEST_URL: /en

[AlliBalliBaba]

Hmm probably would be better to leave scriptName empty if the worker is in the public path:

root /some/path
worker /other/path {
  match *
}

[henderkes]

I'm not sure about that. Shouldn't it show /other/path/index.php then?

[AlliBalliBaba]

Not sure either TBH. In CGI spec it's the path relative to the root, so /other/path/index.php might be misleading.

[henderkes]

Technically that's a path relative to the root, haha.

I don't see a better solution. Emptying it out would be even more of a violation.

[AlliBalliBaba]

Can you also add a test for when the worker is outside of the public path (match)? Thinking about it again, scriptname should be empty since forwarding an absoule path when expecting a relative one is probably worse than forwarding nothing.

[henderkes]

Happy to add the test, but I'm not sure if I agree with passing nothing being the correct choice. We should probably agree on what the correct behaviour is first.

'SCRIPT_NAME'
Contains the current script's path. This is useful for pages which need to point to themselves. The FILE constant contains the full path and filename of the current (i.e. included) file.

If anything, "This is useful for pages which need to point to themselves." would mean that we should perhaps just give the current request uri. But on the other hand, "Contains the current script's path." would mean it should be the absolute path, rather than a uri.

[AlliBalliBaba]

It's still expected to be a relative path, so I'd rather prevent potential redirects like this (and just leave it empty):

/path-the-user-visits -> /app/vendor/some-framework/worker.php

Realistically, most worker mode implementations probably just ignore SCRIPT_NAME.

[henderkes]

I don't know, that doesn't feel right to me. I've changed it to what you suggested either way. Nobody should be using these server vars anyway.

[AlliBalliBaba]

Hmm I think if a worker is explicitly assigned, we should also ensure that the .php file is the actual worker file before determining pathInfo.

[henderkes]

In case of a match *?

[AlliBalliBaba]

Yeah, we probably shouldn't allow pathname from a random script name like:

/random-script.php/pathname

Probably best to just leave it empty if script_name is empty.

It's a bit confusing because in all other cases the script name is guaranteed to be there because of rewrites.

[henderkes]

went for a simple if check in order to not introduce runtime another check
it's probably very unlikely to to a different worker file in the public document root

[dunglas]

LGTM, but I didn't carefully review the CGI spec nor existing Apache/FPM behaviors. I trust you on this

[dunglas]

I would prefer continuing to run the full test suite to catch all errors in one error.

[henderkes]

Is there a way to see what actually failed without scrolling through 1000 lines? It irks me every time.

[dunglas]

Nit: you could ass \n and the end of each line, so you could use backticks for better readability in tests

[dunglas]

Changes to revert?

[henderkes]

added these because I often times find myself verifying bug reports there

I'm thinking they're fine in the .gitignore, but if you want I can revert

[Copilot]

Pull request overview

This PR fixes inconsistencies in $_SERVER CGI variables (notably SCRIPT_NAME, PHP_SELF, and PATH_INFO) in worker mode by ensuring path splitting happens consistently and by preserving “remainder” path segments through the Caddy rewrite/matching pipeline.

Changes:

• Always split CGI path variables during request context creation, including in worker mode.
• Set PHP_SELF from SCRIPT_NAME + PATH_INFO, and update CGI path splitting logic for worker-assigned requests.
• Update Caddy php_server rewrite/match patterns to preserve remainder path info and add regression tests for server globals.

Reviewed changes

Copilot reviewed 7 out of 8 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
context.go	Always calls splitCgiPath(fc) to compute CGI path vars consistently.
cgi.go	Updates PHP_SELF derivation and refactors splitCgiPath to better support worker mode.
caddy/php-server.go	Preserves remainder in rewrite and matches *.php/* paths to support PATH_INFO.
caddy/module.go	Same Caddy rewrite/matcher adjustments for the directive parser output.
caddy/caddy_test.go	Adds coverage asserting expected globals for both worker and non-worker php_server setups.
testdata/server-globals.php	New test helper script that prints key $_SERVER variables.
.github/workflows/tests.yaml	Adds -failfast to speed up CI failure feedback.
.gitignore	Ignores additional generated Caddy test artifacts.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

This comment is misleading: there is no worker configured in this test, so the request to /en is handled by the php_server index fallback, not a worker. Updating the comment would avoid confusion when maintaining these globals expectations.

Suggested change

	// Request to /en: no matching file, falls through to server-globals.php worker
	// Request to /en: no matching file, so php_server falls back to the index script server-globals.php

[Copilot]

The comment says "PATH_INFO should be /en" for the /en request, but the assertion expects PATH_INFO to be empty. Either the comment or the expected output should be corrected so they agree.

Suggested change

	// because we specify a php file, PATH_INFO should be /en
	// because the request does not specify a php file, PATH_INFO should be empty

[Copilot]

For portability/readability, build scriptFilename with filepath.Join(documentRoot, "server-globals.php") instead of string concatenation with filepath.Separator.

Suggested change

	scriptFilename := documentRoot + string(filepath.Separator) + "server-globals.php"
	scriptFilename := filepath.Join(documentRoot, "server-globals.php")