path: root/doc/src/manual
AgeCommit message (Collapse)Author
2020-05-20Increase the default max_keepalive HTTP option to 1000Loïc Hoguin
100 is very low for current deployments. 1000 is more appropriate as a default value.
2020-04-08Document the HTTP/2 linger_timeout optionLoïc Hoguin
2020-04-08Clarify that protocol opts may be defined by stream handlersLoïc Hoguin
2020-03-30Add more headers to cowboy_req:parse_header/2,3Loïc Hoguin
2020-03-29Increase the default max_received_frame_rateLoïc Hoguin
Allow 10000 frames every 10 seconds instead of just 1000, as the limit was too quickly reached in some deployments.
2020-01-06Fix cowboy_req:parse_header manual for unknown headersLoïc Hoguin
2020-01-06Use active,NLoïc Hoguin
This reduces the number of times we need to ask for more packets, and as a result we get a fairly large boost in performance, especially with HTTP/1.1. Unfortunately this makes Cowboy require at least Erlang/OTP 21.3+ because the ssl application did not have active,N. For simplicity the version required will be Erlang/OTP 22+. In addition this change improves hibernate handling in cowboy_websocket. Hibernate will now work for HTTP/2 transport as well, and stray or unrelated messages will no longer cancel hibernate (the process will handle the message and go back into hibernation). Thanks go to Stressgrid for benchmarking an early version of this commit: https://stressgrid.com/blog/cowboy_performance_part_2/
2019-12-31No longer use erlang:get_stacktrace/0Loïc Hoguin
It has been deprecated in OTP and the new way is available on all supported OTP versions.
2019-10-10Fix a number of low hanging todosLoïc Hoguin
2019-10-10Add shutdown_reason Websocket commandLoïc Hoguin
This allows changing the normal exit reason of Websocket processes, providing a way to signal other processes of why the exit occurred.
2019-10-09Implement flow control for HTTP/1.1Loïc Hoguin
We now stop reading from the socket unless asked to, when we reach the request body. The option initial_stream_flow_size controls how much data we read without being asked, as an optimization. We may also have received additional data along with the request headers. This commit also reworks the timeout handling for HTTP/1.1 because the stray timeout message was easily reproducible after implementing the flow control. The issue should be gone for good this time.
2019-10-07Document no date/server headers from response/headers commandsLoïc Hoguin
2019-10-07Add cowboy_req:cast/2Loïc Hoguin
Better than sending messages manually.
2019-10-07Document the set_options stream handler commandLoïc Hoguin
2019-10-07Document the log stream handler commandLoïc Hoguin
2019-10-07Document the logger optionLoïc Hoguin
2019-10-07Document cowboy_tracer_hLoïc Hoguin
2019-10-07Document cowboy_metrics_hLoïc Hoguin
2019-10-06Document the commands based Websocket interfaceLoïc Hoguin
The old interface with ok|reply|stop tuples is deprecated.
2019-10-06Document how to recover from cookie parsing errorsLoïc Hoguin
2019-10-05Add Websocket option validate_utf8Loïc Hoguin
This allows disabling the UTF-8 validation check for text and close frames.
2019-10-05Add cowboy_req:filter_cookies/2Loïc Hoguin
2019-10-03Document media type wildcard in content_types_acceptedLoïc Hoguin
2019-10-02Fix HTTP/2 CVEsLoïc Hoguin
A number of HTTP/2 CVEs were documented recently: https://www.kb.cert.org/vuls/id/605641/ This commit, along with a few changes and additions in Cowlib, fix or improve protection against all of them. For CVE-2019-9511, also known as Data Dribble, the new option stream_window_data_threshold can be used to control how little the DATA frames that Cowboy sends can get. For CVE-2019-9516, also known as 0-Length Headers Leak, Cowboy will now simply reject streams containing 0-length header names. For CVE-2019-9517, also known as Internal Data Buffering, the backpressure changes were already pretty good at preventing this issue, but a new option max_connection_buffer_size was added for even better control over how much memory we are willing to allocate. For CVE-2019-9512, also known as Ping Flood; CVE-2019-9515, also known as Settings Flood; CVE-2019-9518, also known as Empty Frame Flooding; and similar undocumented scenarios, a frame rate limiting mechanism was added. By default Cowboy will now allow 1000 frames every 10 seconds. This can be configured via max_received_frame_rate. For CVE-2019-9514, also known as Reset Flood, another rate limiting mechanism was added and can be configured via max_reset_stream_rate. By default Cowboy will do up to 10 stream resets every 10 seconds. Finally, nothing was done for CVE-2019-9513, also known as Resource Loop, because Cowboy does not currently implement the HTTP/2 priority mechanism (in parts because these issues were well known from the start). Tests were added for all cases except Internal Data Buffering, which I'm not sure how to test, and Resource Loop, which is not currently relevant.
2019-09-28Add persistent_term support to the routerLoïc Hoguin
2019-09-14Implement backpressure on cowboy_req:stream_bodyLoïc Hoguin
This should limit the amount of memory that Cowboy is using when a handler is sending data much faster than the network. The new max_stream_buffer_size is a soft limit and only has an effect when the cowboy_stream_h handler is used.
2019-09-06Fix using custom fields in ReqLoïc Hoguin
2019-09-06Document unit for options that are in bytesLoïc Hoguin
2019-09-05Fix and optimize sending of WINDOW_UPDATE framesLoïc Hoguin
For long-running connections it was possible for the connection window to become larger than allowed by the protocol because the window increases claimed by stream handlers were never reclaimed even if no data was consumed. The new code applies heuristics to fix this and reduce the number of WINDOW_UPDATE frames that are sent. It includes six new options to control that behavior: margin, max and threshold for both the connection and stream windows. The margin is some extra space added on top of the requested read size. The max is the maximum window size at any given time. The threshold is a minimum window size that must be reached before we even consider sending more WINDOW_UPDATE frames. We also avoid sending WINDOW_UPDATE frames when there is already enough space in the window, or when the read size is 0. Cowlib is set to master until a new tag is done.
2019-05-13Fix a few examples using cert instead of certfileLoïc Hoguin
2019-04-02Fix calling convention for set_resp_cookie/3Jesper Louis Andersen
If not providing optional values, they are set to `#{}` and are the last parameter according to the source code. Reflect this in the documentation.
2018-11-18Document cowboy_stream_h/cowboy_compress_hLoïc Hoguin
2018-11-18Add the chunked option for HTTP/1.1Loïc Hoguin
It allows disabling the chunked transfer-encoding. It can also be disabled on a per-request basis, although it will be ignored for responses that are not streamed.
2018-11-16Add the idle_timeout option to HTTP/2Loïc Hoguin
2018-11-14Add some missing items to a few module changelogsLoïc Hoguin
2018-11-14Allow disabling keep-alive for HTTP/1.0 connectionsLoïc Hoguin
2018-11-14Document the proxy_header protocol optionLoïc Hoguin
2018-11-12Add deflate options for Websocket compressionLoïc Hoguin
They allow the server to configure what it is willing to accept for both the negotiated configuration (takeover and window bits) and the other zlib options (level, mem_level and strategy). This can be used to reduce the memory and/or CPU footprint of the compressed data, which comes with a cost in compression ratio.
2018-11-09Add sendfile support to cowboy_req:stream_bodyLoïc Hoguin
It is now possible to stream one or more sendfile tuples. A simple example of what can now be done would be for example to build a tar file on the fly using the sendfile syscall for sending the files, or to support Range requests with more than one range with the sendfile syscall. When using cowboy_compress_h unfortunately we have to read the file in order to send it. More options will be added at a later time to make sure users don't read too much into memory. This is a new feature however so existing code is not affected. Also rework cowboy_http's data sending to be flatter.
2018-11-05Test stop against all relevant REST callbacksLoïc Hoguin
2018-11-04Add the rate_limited/2 REST callbackLoïc Hoguin
2018-11-03Add an option to disable sendfile for a listenerLoïc Hoguin
2018-11-02Add a charset option to cowboy_staticLoïc Hoguin
2018-11-02Add tests for charsets_providedLoïc Hoguin
Fix cases where the q-value is 0 and where a wildcard was sent in the accept-charset header. Also don't send a charset in the content-type of the response if the media type is not text. Thanks to Philip Witty for help figuring this out.
2018-11-02Better handle content negotiation when accept contains charsetsLoïc Hoguin
Thanks to Philip Witty for help figuring this out.
2018-10-28Exit gracefully on parent exit/sys:terminate/2,3Loïc Hoguin
2018-09-12Do not send a 101 after a final response in switch_protocolLoïc Hoguin
2018-09-07Add cowboy_req:read_and_match_urlencoded_body/2,3Loïc Hoguin
2018-09-07Fix some grammatical errors in the manualLoïc Hoguin
2018-06-28Introduce undocumented option loggerLoïc Hoguin
This commit reworks the logging that Cowboy does via error_logger to make the module that will do the actual logging configurable. The logger module interface must be the same as logger and lager: a separate function per log level with the same log levels they support. The default behavior remains to call error_logger, although some messages were downgraded to warnings instead of errors. Since error_logger only supports three different log levels, some messages may get downgraded/upgraded depending on what the original log level was to make them compatible with error_logger. The {log, Level, Format, Args} command was also added to stream handlers. Stream handlers should use this command to log messages because it allows writing a stream handler to intercept some of those messages and extract information or block them as necessary. The logger option only applies to Cowboy itself, not to the messages Ranch logs, so more work remains to be done in that area.