| Age | Commit message (Collapse) | Author |
|---|
|
is set
Patch from Leonard Garvey.
Fixes Ruby Bug 9986.
https://github.com/ruby/webrick/commit/8cff7f3995
|
|
https://github.com/ruby/webrick/commit/d51836d03d
|
|
It is currently broken, and even if it worked, it can cause problems
when debugging. See Ruby Bug 10715.
https://github.com/ruby/webrick/commit/575dea8656
|
|
This is a follow up to d9d4a28f1cdd05a0e8dabb36d747d40bbcc30f16.
The commit prevented CRLR, but did not address an isolated CR or an
isolated LF.
Co-Authored-By: NARUSE, Yui <naruse@airemix.jp>
|
|
WEBrick::HTTPProxyServer implementes HTTP proxy using
WEBrick and Net::HTTP.
WEBrick accepts HTTP/1.0 clients and
Net::HTTP uses always HTTP/1.1.
However HTTP/1.1 supports chunked transfer coding HTTP/1.0 doesn't.
Chunked transfer coding doesn't require that
content-length before the content is sent.
But non-chunked transfer coding require content-length before
the content is sent.
So, when HTTP/1.0 clients connects WEBrick::HTTPProxyServer and
origin server returns chunked response,
WEBrick::HTTPProxyServer needs to store whole content to
know the length of it.
This patch do it using tempfile.
|
|
Remove extraneous spaces after the status code that is
non-compliant with RFC, i.e `HTTP 200 OK `, to unnecessary
confusion for WEBrick users, by a risk that WEBrick instances in
the wild will have server responses flagged as suspicious or
malicious due to a similar bug in [Cobalt Strike
misconfiguration].
Reported by Matt Tennis <mtennis@paloaltonetworks.com>
[Cobalt Strike misconfiguration]: https://blog.fox-it.com/2019/02/26/identifying-cobalt-strike-team-servers-in-the-wild/
|
|
The values of @header are expected to be all strings;
WEBrick::HTTPResponse::[]=(key, val) explicitly converts the second
argument to a string and assigns it to @header hash.
However, there were some points in WEBrick internal code that assigns
non-String to @header. This change fixes the issues.
The values are checked by `header_value =~ /\r\n/` in check_header.
The type confusion caused conflict with removal of `Object#=~`
[Feature #15231].
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65984 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[#15206] [Fix GH-1976]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65505 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Prevents response splitting and HTML injection attacks in
poorly-written applications which blindly pass along user input
in redirects.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63964 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/webrick/httpresponse.rb (send_body_io): use seek if NotImplementedError
is raised in IO.copy_stream with offset.
* lib/webrick/httpservlet/filehandler.rb (multipart_body): ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63008 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Original patch by tenderlove (with minor style adjustments).
* lib/webrick/httpresponse.rb (send_header): call check_header
(check_header): raise on embedded CRLF in header value
* test/webrick/test_httpresponse.rb
(test_prevent_response_splitting_headers): new test
* (test_prevent_response_splitting_cookie_headers): ditto
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62968 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
The .write method needs to return the number of bytes written
to avoid confusing IO.copy_stream.
* lib/webrick/httpresponse.rb (ChunkedWrapper#write): return bytes written
(ChunkedWrapper#<<): return self
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62958 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
This is also compatible with range responses generated
by Rack::File (tested with rack 2.0.3).
* lib/webrick/httpresponse.rb (send_body_io): use Content-Range
* lib/webrick/httpservlet/filehandler.rb (make_partial_content):
use File object for the single range case
* test/webrick/test_filehandler.rb (get_res_body): use send_body
to test result
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62955 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Remove the redundant _send_file method since its functionality
is unnecessary with IO.copy_stream. IO.copy_stream also allows
the use of sendfile under some OSes to speed up copies to
non-TLS sockets.
Testing with "curl >/dev/null" and "ruby -run -e httpd" to
read a 1G file over Linux loopback reveals a reduction from
around ~0.770 to ~0.490 seconds on the client side.
* lib/webrick/httpresponse.rb (send_body_io): use IO.copy_stream
(_send_file): remove
[Feature #14237]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62954 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
This will make the next change to use IO.copy_stream
easier-to-read. When we can drop Ruby 2.4 support in a few
years, this will allow us to use writev(2) with multiple
arguments for headers and chunked responses.
* lib/webrick/cgi.rb (write): new wrapper method
lib/webrick/httpresponse.rb: (send_header): use socket.write
(send_body_io): ditto
(send_body_string): ditto
(send_body_proc): ditto
(_write_data): ditto
(ChunkedWrapper#write): ditto
(_send_file): ditto
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62953 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
I never knew "format" was a global method alias for "sprintf";
so it was confusing to me. Normally, one would use "sprintf"
since it's also available in many other languages, but
Integer#to_s avoids parsing a format string so it's less
bug-prone.
Furthermore, favor string interpolation over String#<< since it
is easier for the VM to optimize memory allocation (as in r60320).
Interpolation also reduces method calls and memory overhead
for inline method cache.
Finally, ensure we clear all short-lived buffers for body
responses. A similar change was made and measured for Net::*
in r58840 showing a large memory reduction on some workloads.
* webrick/httpresponse.rb (send_body_io): favor String#to_s,
reduce method calls for String#<<,
clear `buf' when done,
avoid extra String#bytesize calls
* (send_body_string): ditto
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60586 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/webrick/httpresponse.rb (send_body): call send_body_proc
(send_body_proc): new method
(class ChunkedWrapper): new class
* test/webrick/test_httpresponse.rb (test_send_body_proc): new test
(test_send_body_proc_chunked): ditto
[Feature #855]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60584 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
override the body more easily. [fix GH-1307]
* test/webrick/test_httpresponse.rb: ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54346 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
When you change this to true, you may need to add more tests.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53141 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/logger.rb: ditto.
* lib/optparse.rb: ditto.
* lib/rbconfig/obsolete.rb: ditto.
* lib/resolv.rb: ditto.
* lib/webrick/httpresponse.rb: ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@46543 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
s/resopnse/response/
[ci skip]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@44010 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
that responds to #readpartial and #read.
[ruby-trunk - Feature #8155]
* NEWS: NEWS for above
* test/webrick/test_httpresponse.rb: Tests for above.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@42427 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/webrick/cgi.rb: ditto.
* lib/webrick/config.rb: ditto.
* lib/webrick/cookie.rb: ditto.
* lib/webrick/httpauth/authenticator.rb: ditto.
* lib/webrick/httpauth/basicauth.rb: ditto.
* lib/webrick/httpauth/digestauth.rb: ditto.
* lib/webrick/httpproxy.rb: ditto.
* lib/webrick/httprequest.rb: ditto.
* lib/webrick/httpresponse.rb: ditto.
* lib/webrick/https.rb: ditto.
* lib/webrick/httpserver.rb: ditto.
* lib/webrick/httpservlet/cgihandler.rb: ditto.
* lib/webrick/httpservlet/filehandler.rb: ditto.
* lib/webrick/httpservlet/prochandler.rb: ditto.
* lib/webrick/httputils.rb: ditto.
* lib/webrick/httpversion.rb: ditto.
* lib/webrick/log.rb: ditto.
* lib/webrick/server.rb: ditto.
* lib/webrick/ssl.rb: ditto.
* lib/webrick/utils.rb: ditto.
* lib/webrick/version.rb: ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38945 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
use readpartial to get data even if the response is streaming data and
each data is smaller than @buffer_size.
patched by yu nobuoka. [ruby-dev:45471] [Bug #6230]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35253 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
are allowed to have Keep-Alive connections.
* test/webrick/test_httpresponse.rb: corresponding test.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@34024 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
are allowed to have a Keep-Alive connection. [ruby-core:41581]
* test/webrick/test_httpresponse.rb: corresponding test.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@34023 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
HTTP/1.1 connection when returning an IO object as response body
without setting HTTPResponse#chunked to true. See #855 no.1.
* test/webrick/test_httpserver.rb: Test it.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32188 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31499 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Patch by Run Paint [ruby-core:30991]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@29726 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/webrick/httpresponse.rb (WEBrick::HTTPResponse#set_error):
Fix for possible cross-site scripting (CVE-2010-0541).
Found by Apple, reported by Hideki Yamane.
Patch by Hirokazu Nishio <nishio.hirokazu AT gmail.com>.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@29002 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@22784 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
use #bytesize instead of #size. a patch submitted from
raspberry lemon in [ruby-core:18571].
* lib/webrick/httpauth/digestauth.rb, lib/webrick/httpproxy.rb,
lib/webrick/httprequest.rb, lib/webrick/httpservlet/cgi_runner.rb,
lib/webrick/httpservlet/abstract.rb, lib/webrick/httpresponse.rb,
lib/webrick/httpservlet/cgihandler.rb, lib/webrick/utils.rb: ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@20152 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
<evanfarrar at gmail.com> in [ruby-doc:1382] applied.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@16810 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
ext/json/lib/json/pure/parser.rb, ext/openssl/lib/openssl/x509.rb,
ext/win32ole/sample/olegen.rb, lib/date/format.rb, lib/irb/context.rb,
lib/irb/workspace.rb, lib/net/http.rb, lib/net/imap.rb,
lib/rdoc/generator.rb, lib/rdoc/markup/to_html.rb,
lib/rdoc/markup/to_latex.rb, lib/rdoc/parsers/parse_c.rb,
lib/rdoc/ri/formatter.rb, lib/rexml/parsers/baseparser.rb,
lib/rexml/quickpath.rb, lib/rexml/text.rb, lib/rss/parser.rb,
lib/uri/common.rb, lib/uri/generic.rb, lib/webrick/httpresponse.rb,
lib/webrick/httpservlet/filehandler.rb, lib/yaml/baseemitter.rb,
lib/yaml/encoding.rb: performance tuning arround String#gsub.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@15442 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
:InputBufferSize and :OutputBufferSize.
* lib/webrick/utils.rb (WEBrick::Utils.timeout): add new timeout
method. this implementation is expected to be compatible with
timeout.rb and faster than timeout.rb.
* lib/webrick/httprequest.rb (WEBrick::HTTPRequest#_read_data):
Timeout.timeout is replaced by WEBrick::Utils.timeout.
* lib/webrick/httprequest.rb: WEBrick::HTTPRequest::BUFSIZE is
replaced by config[:InputBufferSize].
* lib/webrick/httpresposne.rb: WEBrick::HTTPResponse::BUFSIZE is
replaced by config[:OutputBufferSize].
* lib/webrick/server.rb: get rid of unnecessary require.
* test/webrick/test_utils.rb: test for WEBrick::Utils.timeout.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@10167 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
ensure to close @body. (http://bugs.debian.org/277520)
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@7094 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
add WEBrick::Config::FileHandler[:AcceptableLanguages].
* lib/webrick/httpservlet/filehandler.rb
(WEBrick::HTTPServlet::FileHandler#set_filename): search files
having suffix of language-name which Accept-Language header field
includes if :AcceptableLanguages options is present.
* lib/webrick/httpservlet/filehandler.rb
(WEBrick::HTTPServlet::FileHandler#get_servlet): new method to
search servlet correspond to the suffix of filename.
* lib/webrick/httprequest.rb: add attributes access methods: accept,
accept_charset, accept_encoding, accept_language, content_length
and content_type.
* lib/webrick/httpresponse.rb: add attribute access methods:
content_length, content_length=, content_type and content_type=.
* lib/webrick/httputils.rb (WEBrick::HTTPUtils.mime_types):
use the second suffix to detect media type. (the first suffix
may be a language name.)
* lib/webrick/httputils.rb (WEBrick::HTTPUtils.parse_qvalues):
add method to parse Accept header field. it returns an Array of
values sorted by the qvalues.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@7033 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/webrick/cgi.rb (CGI::Socket): add check for existence of
OpenSSL module in all HTTPS related methods.
* lib/webrick/cgi.rb (CGI::Socket#cipher): should create similar
value to OpenSSL::SSLSocket#cipher.
* lib/webrick/httpresponse.rb (HTTPResponse#setup_header): should
set "connection: close" if @keep_alive is false.
* lib/webrick/https.rb (HTTPrequest#meta_vars): add supprt for
SSL_PROTOCOL, SSL_CIPHER_USEKEYSIZE and SSL_CIPHER_ALGKEYSIZE.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@5254 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Exception to avoid unexpected aborting. [ruby-core:01853]
* lib/webrick/server.rb (GenericServer#start_thread): should check
that peeraddr isn't nil before printing.
* lib/webrick/httpresponse.rb (HTTPResponse#start_thread): should
rescue Exception to avoid unexpected aborting of thread.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@5098 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/webrick/httpserver.rb (HTTPServer#run): should pass the
request's keep_alive flag to the response.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@5031 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@4130 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
