| Age | Commit message (Collapse) | Author |
|---|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/3729
|
|
RFC 7230 section 3.3.3 allows for this.
Fixes #30
https://github.com/ruby/webrick/commit/069e9b1908
|
|
Some regexps were too tolerant.
https://github.com/ruby/webrick/commit/8946bb38b4
|
|
This reverts commit ed12019ce6abe87aac87ec77ac081d37b25180a2.
https://github.com/ruby/ruby/runs/1160423667?check_suite_focus=true#step:14:752
|
|
RFC 7230 section 3.3.3 allows for this.
Fixes #30
https://github.com/ruby/webrick/commit/069e9b1908
|
|
https://github.com/ruby/webrick/commit/e693f501bd
|
|
https://github.com/ruby/webrick/commit/6b6990ec81
|
|
[#15206] [Fix GH-1976]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65505 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[Bug #15146]
From: Justin Li <[email protected]>
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64823 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63074 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
It breaks mswin's test-all
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63069 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Reading entire request or response bodies into memory can lead
to trivial denial-of-service attacks. Introduce Fibers in both
cases to allow streaming.
WEBrick::HTTPRequest gains a new body_reader method to prepare
itself as a source for IO.copy_stream. This allows the
WEBrick::HTTPRequest object to be used as the
Net::HTTPGenericRequest#body_stream= arg for Net::HTTP.
For HTTP proxy response bodies, we also use a Fiber to
to make the HTTP request and read the response body.
* lib/webrick/httprequest.rb (body_reader): new method
(readpartial): ditto
* lib/webrick/httpproxy.rb (perform_proxy_request): use Fiber
to stream response body
(do_GET, do_HEAD): adjust call
(do_POST): adjust call and supply body_reader
* test/webrick/test_httprequest.rb (test_chunked): test
for IO.copy_stream compatibility
* test/webrick/test_httpproxy.rb (test_big_bodies): new test
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62966 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
While WEBrick::HTTPRequest#body provides a Proc interface
for streaming large request bodies, clients must not force
the server to use an excessively large chunk size.
* lib/webrick/httprequest.rb (read_chunk_size): limit each
read and block.call to :InputBufferSize in config.
* test/webrick/test_httpserver.rb (test_big_chunks): new test
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62963 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
"BadRequest" alone does not resolve correctly, it is in the
HTTPStatus namespace.
* lib/webrick/httprequest.rb (read_chunked): use correct exception
* test/webrick/test_httpserver.rb (test_eof_in_chunk): new test
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62962 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
We use the same 112 KB limit started (AFAIK) by Mongrel, Thin,
and Puma to prevent malicious users from using up all the memory
with a single request. This also limits the damage done by
excessive ranges in multipart Range: requests.
Due to the way we rely on IO#gets and the desire to keep
the code simple, the actual maximum header may be 4093 bytes
larger than 112 KB, but we're splitting hairs at that point.
* lib/webrick/httprequest.rb: define MAX_HEADER_LENGTH
(read_header): raise when headers exceed max length
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62960 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/webrick/httprequest.rb (setup_forwarded_info): Use the first
value in X-Forwarded-Proto, if header contains multiple comma
separated values. Some middlewares may add these values to the
list, not replacing. [Fix GH-1386]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55484 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
When you change this to true, you may need to add more tests.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53141 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
From: John Bachir <[email protected]>
* bootstraptest/test_io.rb (assert_finish):
normalize rescue for Timeout::Error
* lib/net/ftp.rb (Net#read_timeout): ditto for doc
* lib/resolv.rb (Resolv::ResolvTimeout): ditto for subclass
* lib/webrick/httprequest.rb (_read_data): ditto for rescue
* sample/timeout.rb (p timeout): ditto for call
* test/drb/drbtest.rb (test_06_timeout): ditto
* test/ruby/test_readpartial.rb (test_open_pipe): ditto
* test/thread/test_queue.rb (test_queue_thread_raise): ditto
* thread.c (rb_thread_s_handle_interrupt): ditto for doc
[ruby-core:65481] [misc #10339]
TimeoutError is a legacy constant, Timeout::Error is the canonical constant.
This patch normalizes all code and comments to reference Timeout::Error.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@47838 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
by @udzura [fix GH-466]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@44023 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40829 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/webrick/cgi.rb: ditto.
* lib/webrick/config.rb: ditto.
* lib/webrick/cookie.rb: ditto.
* lib/webrick/httpauth/authenticator.rb: ditto.
* lib/webrick/httpauth/basicauth.rb: ditto.
* lib/webrick/httpauth/digestauth.rb: ditto.
* lib/webrick/httpproxy.rb: ditto.
* lib/webrick/httprequest.rb: ditto.
* lib/webrick/httpresponse.rb: ditto.
* lib/webrick/https.rb: ditto.
* lib/webrick/httpserver.rb: ditto.
* lib/webrick/httpservlet/cgihandler.rb: ditto.
* lib/webrick/httpservlet/filehandler.rb: ditto.
* lib/webrick/httpservlet/prochandler.rb: ditto.
* lib/webrick/httputils.rb: ditto.
* lib/webrick/httpversion.rb: ditto.
* lib/webrick/log.rb: ditto.
* lib/webrick/server.rb: ditto.
* lib/webrick/ssl.rb: ditto.
* lib/webrick/utils.rb: ditto.
* lib/webrick/version.rb: ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38945 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Allow HTTP/0.9 request which doesn't has any header or body.
patched by Felix Jodoin. [ruby-core:38040] [Bug #5022]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32593 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
header failed when the request is from 2 or more Apache reverse
proxies. It's said that all X-Forwarded-* headers will contain more
than one (comma-separated) value if the original request already
contained one of these headers. Since we could use these values as
Host header, we choose the initial(first) value. See #4922.
* test/webrick/test_httprequest.rb (test_forwarded): Test it.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32222 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31499 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
length to 2083. This is from Internet Explorer's max uri
length. http://support.microsoft.com/kb/208427 [ruby-core:32924]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@29617 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
method for generating HTTP/1.1 100 continue response if the client
expects it, otherwise does nothing. Patch by Brian Candler.
ref #855.
* test/webrick/test_httprequest.rb: test added.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@29218 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
rollup leading slashes. [ruby-core:31657]
patched by Jamison Wilde
NOTE: //authority/path is valid relative URI both RFC2396 and
RFC3986. So when give a relative URI-like string to URI lib,
users must care leading slashes.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@28945 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/webrick/httpstatus.rb : ditto.
* lib/webrick/httprequest.rb : ditto.
* lib/webrick/httputils.rb : ditto.
* test/webrick/test_cgi.rb (TestWEBrickCGI::test_bad_): Test for it.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@26267 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@22784 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
use possessive match for path retrieval to avoid huge recursion
for insanely long path.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@20244 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
use #bytesize instead of #size. a patch submitted from
raspberry lemon in [ruby-core:18571].
* lib/webrick/httpauth/digestauth.rb, lib/webrick/httpproxy.rb,
lib/webrick/httprequest.rb, lib/webrick/httpservlet/cgi_runner.rb,
lib/webrick/httpservlet/abstract.rb, lib/webrick/httpresponse.rb,
lib/webrick/httpservlet/cgihandler.rb, lib/webrick/utils.rb: ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@20152 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/rdoc/generator/html.rb: ditto.
* lib/rdoc/options.rb: Fix shadowed variable warning.
* lib/webrick/httprequest.rb: Fix redefined method warning.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@15904 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
WEBrick::HTTPRequest#{host,port,request_uri} is derived having
regards to X-Forwarded-Proto and X-Forwarded-Host.
* lib/webrick/httprequest.rb
(WEBrick::HTTPRequest#server_name?): new method.
(WEBrick::HTTPRequest#remote_ip?): new method.
(WEBrick::HTTPRequest#ssl?): new method.
* string.c (rb_enc_cr_str_buf_cat): fix self appending.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@14968 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
header fields shold be read with maximum length. [ruby-talk:231745]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@14260 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
come earlier than String.
* lib/soap/mapping/rubytypeFactory.rb (RubytypeFactory::obj2soap):
ditto.
* lib/set.rb (TC_Set::test_s_new): strings are no longer
Enumerable
* lib/soap/property.rb (Property::load): ditto.
* lib/webrick/httputils.rb (WEBrick::HTTPUtils::parse_header): ditto.
* lib/soap/mimemessage.rb (MIMEMessage::Headers::parse): ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@11259 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
for the value of IPv6 address in the Host: header field.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@10646 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
:InputBufferSize and :OutputBufferSize.
* lib/webrick/utils.rb (WEBrick::Utils.timeout): add new timeout
method. this implementation is expected to be compatible with
timeout.rb and faster than timeout.rb.
* lib/webrick/httprequest.rb (WEBrick::HTTPRequest#_read_data):
Timeout.timeout is replaced by WEBrick::Utils.timeout.
* lib/webrick/httprequest.rb: WEBrick::HTTPRequest::BUFSIZE is
replaced by config[:InputBufferSize].
* lib/webrick/httpresposne.rb: WEBrick::HTTPResponse::BUFSIZE is
replaced by config[:OutputBufferSize].
* lib/webrick/server.rb: get rid of unnecessary require.
* test/webrick/test_utils.rb: test for WEBrick::Utils.timeout.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@10167 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
refer the value of QUERY_STRING. [ruby-list:41186]
* lib/webrick/httprequest.rb (WEBrick::HTTPRequest#query_string=):
add new method.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@9328 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
should check if path_info is not nil. [webrickja:126]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@7100 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
initial value of accpet-* should be array.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@7054 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
add WEBrick::Config::FileHandler[:AcceptableLanguages].
* lib/webrick/httpservlet/filehandler.rb
(WEBrick::HTTPServlet::FileHandler#set_filename): search files
having suffix of language-name which Accept-Language header field
includes if :AcceptableLanguages options is present.
* lib/webrick/httpservlet/filehandler.rb
(WEBrick::HTTPServlet::FileHandler#get_servlet): new method to
search servlet correspond to the suffix of filename.
* lib/webrick/httprequest.rb: add attributes access methods: accept,
accept_charset, accept_encoding, accept_language, content_length
and content_type.
* lib/webrick/httpresponse.rb: add attribute access methods:
content_length, content_length=, content_type and content_type=.
* lib/webrick/httputils.rb (WEBrick::HTTPUtils.mime_types):
use the second suffix to detect media type. (the first suffix
may be a language name.)
* lib/webrick/httputils.rb (WEBrick::HTTPUtils.parse_qvalues):
add method to parse Accept header field. it returns an Array of
values sorted by the qvalues.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@7033 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/webrick/cgi.rb (CGI#start): NPH scripts return status line
instead of Status: header field.
* lib/webrick/cgi.rb (CGI::Socket): refine some coditions.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@5229 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
HTTP_CONTENT_TYPE and HTTP_CONTENT_LENGTH.
* lib/webrick/https.rb (HTTPRequest#parse): should check presence
of cert() method to detect SSLSocket.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@5221 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@4537 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
instead of config[:Port] or req.request_uri.port.
* lib/webrick/httprequest.rb (HTTPRequest#meta_vars): ditto.
* lib/webrick/httpservlet/filehandler.rb (FileHandler#dir_list): ditto.
* lib/webrick/config.rb: :Listen option never be used.
* lib/webrick/server.rb (GenericServer#initialize): don't use :Listen
option and add warning message.
* lib/webrick/log.rb (BasicLog#<<): shortcut of log(INFO, ...).
* lib/webrick/httpserver.rb (HTTPServer#accesslog): use << for logging.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@4528 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@4130 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
