Revision tags: 1.21.0-1, 1.21.0 |
|
#
1709:1fe93c17d23f |
| 17-Nov-2020 |
Valentin Bartenev |
HTTP parser: allowed more characters in header field names.
Previously, all requests that contained in header field names characters other than alphanumeric, or "-", or "_" were rejected with a 400
HTTP parser: allowed more characters in header field names.
Previously, all requests that contained in header field names characters other than alphanumeric, or "-", or "_" were rejected with a 400 "Bad Request" error response.
Now, the parser allows the same set of characters as specified in RFC 7230, including: "!", "#", "$", "%", "&", "'", "*", "+", ".", "^", "`", "|", and "~". Header field names that contain only these characters are considered valid.
Also, there's a new option introduced: "discard_unsafe_fields". It accepts boolean value and it is set to "true" by default.
When this option is "true", all header field names that contain characters in valid range, but other than alphanumeric or "-" are skipped during parsing. When the option is "false", these header fields aren't skipped.
Requests with non-valid characters in header field names according to RFC 7230 are rejected regardless of "discard_unsafe_fields" setting.
This closes #422 issue on GitHub.
show more ...
|
Revision tags: 1.20.0-1, 1.20.0, 1.19.0-1, 1.19.0, 1.18.0-1, 1.18.0, 1.17.0-1, 1.17.0 |
|
#
1459:358b957ca294 |
| 16-Apr-2020 |
Max Romanov |
Using malloc/free for the http fields hash.
This is required due to lack of a graceful shutdown: there is a small gap between the runtime's memory pool release and router process's exit. Thus, a wor
Using malloc/free for the http fields hash.
This is required due to lack of a graceful shutdown: there is a small gap between the runtime's memory pool release and router process's exit. Thus, a worker thread may start processing a request between these two operations, which may result in an http fields hash access and subsequent crash.
To simplify issue reproduction, it makes sense to add a 2 sec sleep before exit() in nxt_runtime_exit().
show more ...
|
Revision tags: 1.16.0-1, 1.16.0, 1.15.0-1, 1.15.0, 1.14.0-1, 1.14.0, 1.13.0-1, 1.13.0, 1.12.0-1, 1.12.0 |
|
#
1214:c3666b232602 |
| 30-Sep-2019 |
Valentin Bartenev |
HTTP parser: removed unused "exten" field.
This field was intended for MIME type lookup by file extension when serving static files, but this use case is too narrow; only a fraction of requests targ
HTTP parser: removed unused "exten" field.
This field was intended for MIME type lookup by file extension when serving static files, but this use case is too narrow; only a fraction of requests targets static content, and the URI presumably isn't rewritten. Moreover, current implementation uses the entire filename for MIME type lookup if the file has no extension.
Instead of extracting filenames and extensions when parsing requests, it's easier to obtain them right before serving static content; this behavior is already implemented. Thus, we can drop excessive logic from parser.
show more ...
|
Revision tags: 1.11.0-2, 1.11.0-1, 1.11.0 |
|
#
1171:968424f2804c |
| 17-Sep-2019 |
Valentin Bartenev |
HTTP parser: fixed parsing of target after literal space character.
In theory, all space characters in request target must be encoded; however, some clients may violate the specification. For the s
HTTP parser: fixed parsing of target after literal space character.
In theory, all space characters in request target must be encoded; however, some clients may violate the specification. For the sake of interoperability, Unit supports unencoded space characters.
Previously, if there was a space character before the extension or arguments parts, those parts weren't recognized. Also, quoted symbols and complex target weren't detected after a space character.
show more ...
|
#
1170:830d6af7d24c |
| 16-Sep-2019 |
Valentin Bartenev |
HTTP parser: removed unused "plus_in_target" flag.
|
#
1168:d4b329089cca |
| 16-Sep-2019 |
Valentin Bartenev |
HTTP parser: removed unused "exten_start" and "args_start" fields.
|
Revision tags: 1.10.0-2, 1.10.0-1, 1.10.0, 1.9.0-1, 1.9.0, 1.8.0-1, 1.8.0, 1.7.1-1, 1.7.1, 1.7-1, 1.7, 1.6-1, 1.6, 1.5-1, 1.5, 1.4-2, 1.4, 1.3 |
|
#
712:95538a9d4050 |
| 03-Jul-2018 |
Valentin Bartenev |
HTTP parser: relaxed checking of fields values.
Allowing characters up to 0xFF doesn't conflict with RFC 7230. Particularly, this make it possible to pass unencoded UTF-8 data through HTTP headers,
HTTP parser: relaxed checking of fields values.
Allowing characters up to 0xFF doesn't conflict with RFC 7230. Particularly, this make it possible to pass unencoded UTF-8 data through HTTP headers, which can be useful.
show more ...
|
Revision tags: 1.2, 1.1, 1.0, 0.7 |
|
#
576:7567b2a5ebfb |
| 15-Mar-2018 |
Valentin Bartenev |
HTTP parser: allowing tabs in field values as per RFC 7230.
|
#
575:52c8c2a000d0 |
| 15-Mar-2018 |
Valentin Bartenev |
HTTP parser: restricting allowed characters in fields values.
According to RFC 7230 only printable 7-bit ASCII characters are allowed in field values.
|
#
574:1ec560778942 |
| 15-Mar-2018 |
Valentin Bartenev |
HTTP parser: fixed parsing of field values ending with space.
This closes #82 issue on GitHub.
|
Revision tags: 0.6, 0.5 |
|
#
494:7c83ddcc1c42 |
| 24-Jan-2018 |
Sergey Kandaurov |
Fixed formatting in nxt_sprintf() and logging.
|
#
493:745222d540a2 |
| 24-Jan-2018 |
Sergey Kandaurov |
Using size_t for the field width type of the "%*s" specifier.
|
#
482:48e1b9d61fbf |
| 15-Jan-2018 |
Valentin Bartenev |
Checking for major HTTP version.
|
#
480:11b28d6fc462 |
| 15-Jan-2018 |
Valentin Bartenev |
HTTP parser: improved error reporting.
|
Revision tags: 0.4 |
|
#
454:82c827d1cd13 |
| 09-Jan-2018 |
Valentin Bartenev |
HTTP parser: allowing underscore in header field names.
|
Revision tags: 0.3 |
|
#
417:47366bb40f2c |
| 25-Dec-2017 |
Valentin Bartenev |
HTTP parser: reworked header fields handling.
|
#
384:8f86d3ff3e29 |
| 21-Nov-2017 |
Andrey Zelenkov |
Tests: move existing tests to "src" folder.
|