aboutsummaryrefslogtreecommitdiffstats
path: root/src/cowboy_http.erl
AgeCommit message (Collapse)Author
2017-12-07Add more rfc7231 tests and a new max_skip_body_length optionLoïc Hoguin
The option controls how much body we accept to skip for HTTP/1.1 connections when the user code did not consume the body fully. It defaults to 1MB.
2017-12-06Fix 408 not sending connection: close for HTTP/1.1Loïc Hoguin
Also make sure the header is sent for all types of early_error that result in the closing of the connection.
2017-12-06Also disable the TRACE method entirelyLoïc Hoguin
2017-12-06Disable the CONNECT method completelyLoïc Hoguin
It's safer than allow it with the wrong behavior.
2017-11-29Don't send chunked bodies when the method is HEADLoïc Hoguin
2017-11-29Reject absolute URIs with no authority componentsLoïc Hoguin
2017-11-29Reject absolute URIs with userinfo components in HTTP/1.1Loïc Hoguin
2017-11-29Reject whitespace before/after HTTP/1.1 header names properlyLoïc Hoguin
2017-11-22Add more rfc7230 tests and better handle bad chunk sizesLoïc Hoguin
Bad chunk sizes used to be accepted and could result in a badly parsed body or a timeout. They are now properly rejected. Chunk extensions now have a hard limit of 129 characters. I haven't heard of anyone using them and Cowboy does not provide an interface for them, but we can always increase or make configurable if it ever becomes necessary (but I honestly doubt it). Also a test from the old http suite could be removed. Yay!
2017-11-20Add more rfc7230 tests and improve transfer-encodingLoïc Hoguin
It's worth noting that transfer-encoding now takes precedence over content-length as recommended by the RFC, so that when both headers are sent we only care about transfer-encoding and explicitly remove content-length from the headers.
2017-11-20Add a test for early errors that occur on the request-lineLoïc Hoguin
2017-11-20Remove a useless todoLoïc Hoguin
2017-11-20Add more rfc7230 testsLoïc Hoguin
Also fixes the handling of the max_headers option for HTTP/1.1. It is now a strict limit and not dependent on whether data is already in the buffer.
2017-11-15Add preliminary support for trailers in responsesLoïc Hoguin
This depends on changes in Cowlib that are only available on master.
2017-11-13Fix packet being dropped when using switch_protocolLoïc Hoguin
This only happens if the switch takes too long, and should not happen unless a spawned process refuses to shut down immediately.
2017-11-01Fix two edge cases for cowboy_req:stream_bodyLoïc Hoguin
Sending data of size 0 with the fin flag set resulted in nothing being sent to the client and still considering the response to be finished for HTTP/1.1. For both HTTP/1.1 and HTTP/2, the final chunk of body that is sent automatically by Cowboy at the end of a response that the user did not properly terminate was not passing through stream handlers. This resulted in issues like compression being incorrect. Some tests still fail under 20.1.3. They are due to recent zlib changes and should be fixed in a future patch release. Unfortunately it does not seem to be any 20.1 version that is safe to use for Cowboy, although some will work better than others.
2017-10-31Fix another warningLoïc Hoguin
2017-10-31Add informational responses to metricsLoïc Hoguin
2017-10-25Introduce cowboy_req:sock/1 and cowboy_req:cert/1Loïc Hoguin
To obtain the local socket ip/port and the client TLS certificate, respectively.
2017-10-22Ensure stream terminate is called when switching protocolsLoïc Hoguin
2017-10-21Fix sending of final chunk in HTTP/1.1Loïc Hoguin
I broke this when fixing stream handlers earlier.
2017-10-21Fix stream handler state being discarded on terminateLoïc Hoguin
When we have to send a response before terminating a stream, we call info. The state returned by this info call was discarded when we called terminate after that. This commit fixes it. There are no tests for this, however the new metrics test in the next commit requires the correct behavior so this is ultimately covered.
2017-10-20Fix HTTP/1.1 stopping streams too earlyLoïc Hoguin
It is possible in some cases to move on to the next request without waiting, but that can be done as an optimization later on if necessary.
2017-09-27Ensure the behavior on stream handler crash is consistentLoïc Hoguin
Also corrects the lack of error response when HTTP/1.1 is used.
2017-09-25Cleanup various commentsLoïc Hoguin
2017-09-25Move body length count to cowboy_stream_h instead of protocolsLoïc Hoguin
The documentation was correct, the code was not. This should make it easier to implement new protocols. Note that for HTTP/2 we will need to add some form of counting later on to check for malformed requests, but we can do simpler and just reduce from the expected length and then check if that's 0 when IsFin=fin.
2017-09-21Centralize stream handler error reporting in cowboy_streamLoïc Hoguin
2017-09-14Improve how we detect request errorsLoïc Hoguin
When the request process exits with a {request_error, Reason, Human} exit reason, Cowboy will return a 400 status code instead of 500. Cowboy may also return a more specific status code depending on the error. Currently it may also return 408 or 413. This should prove to be more solid that looking inside the stack trace.
2017-08-08Implement the shutdown timeout for request processesLoïc Hoguin
This should work very similar to normal supervisors, in particular during the shutdown sequence when the connection process goes down or switches to Websocket. Processes that need to enforce the shutdown timeout will be required to trap exits, just like in a supervisor. In a vanilla Cowboy, this only matters at connection shutdown, as Cowboy will otherwise wait for the request process to be down before stopping the stream. Tests are currently missing.
2017-06-02Fix terminate not being called on connection close in HTTP/1.1Loïc Hoguin
Introduces the new stream_handler_SUITE test suite. More cases will be added later on.
2017-05-05Properly handle 101 upgrade responses for WebsocketLoïc Hoguin
2017-05-05Add inactivity_timeout and other options improvementsLoïc Hoguin
2017-05-03Kill all children processes when terminating the connectionLoïc Hoguin
This is a more or less temporary solution to an existing problem. In the future we will need to enforce a shutdown timeout for these processes.
2017-05-03Add the idle_timeout HTTP/1.1 protocol optionLoïc Hoguin
This fixes the connection being dropped because of request_timeout despite there being some active streams.
2017-04-18Make the default 204 response go through stream handlersLoïc Hoguin
2017-04-18Pass the HTTP/2 switch_protocol event to stream handlersLoïc Hoguin
To accomplish this the code for sending the 101 response was moved to the cowboy_http2 module.
2017-03-27Add the early_error cowboy_stream callbackLoïc Hoguin
This callback is called when an error occurs before the request (including headers, excluding body) was fully received. The init/3 callback will not be called. The callback receives the partial Req object (possibly empty), the reason for the error and the response command that the server will send. It allows you to be aware of the error and possibly modify the response before it is sent.
2017-02-18Allow passing options to sub protocolsLoïc Hoguin
Before this commit we had an issue where configuring a Websocket connection was simply not possible without doing magic, adding callbacks or extra return values. The init/2 function only allowed setting hibernate and timeout options. After this commit, when switching to a different type of handler you can either return {module, Req, State} or {module, Req, State, Opts} where Opts is any value (as far as the sub protocol interface is concerned) and is ultimately checked by the custom handlers. A large protocol like Websocket would accept only a map there, with many different options, while a small interface like loop handlers would allow passing hibernate and nothing else. For Websocket, hibernate must be set from the websocket_init/1 callback, because init/2 executes in a separate process. Sub protocols now have two callbacks: one with the Opts value, one without. The loop handler code was largely reworked and simplified. It does not need to manage a timeout or read from the socket anymore, it's the job of the protocol code. A lot of unnecessary stuff was therefore removed. Websocket compression must now be enabled from the handler options instead of per listener. This means that a project can have two separate Websocket handlers with different options. Compression is still disabled by default, and the idle_timeout value was changed from inifnity to 60000 (60 seconds), as that's safer and is also a good value for mobile devices.
2017-02-05Remove or fix a small number of todo commentsLoïc Hoguin
One had the todo text fixed, another had the task to do done.
2017-02-05Add missing human-readable errors for HTTP/1.1Loïc Hoguin
2017-01-20Fix protocol breaking when user tries to send empty chunkLoïc Hoguin
The {data, IsFin, Data} uses IsFin to indicate whether this is the last chunk, while chunked transfer-encoding uses the length of Data, and ends when it is 0. We must therefore not send chunks with empty data.
2017-01-16Add support for multiple stream handlersLoïc Hoguin
The stream handlers can be specified using the protocol option 'stream_handlers'. It defaults to [cowboy_stream_h]. The cowboy_stream_h module currently does not forward the calls to further stream handlers. It feels like an edge case; usually we'd want to put our own handlers between the protocol code and the request process. I am therefore going to focus on other things for now. The various types and specifications for stream handlers have been updated and the cowboy_stream module can now be safely used as a behavior. The interface might change a little more, though. This commit does not include tests or documentation. They will follow separately.
2017-01-03Return status 431 if the request header field is too largeJosé Valim
This commit changes Cowboy to follow RFC6585.
2017-01-02Welcome to 2017Loïc Hoguin
2017-01-02Remaining Dialyzer fixesLoïc Hoguin
2017-01-02Numerous Dialyzer fixesLoïc Hoguin
2016-08-11Use cow_http_hd:parse_host directlyLoïc Hoguin
Removes some duplicate code from cowboy_http.
2016-08-11Use integer_to_binary when possibleLoïc Hoguin
2016-08-10Use binary_to_integer instead of to list and backLoïc Hoguin
2016-08-10Make reply functions return ReqLoïc Hoguin