path: root/src/cowboy_http.erl
AgeCommit message (Collapse)Author
2020-05-20204 and 304 responses must not include a bodyLoïc Hoguin
When calling cowboy_req:reply/4 with a body a crash will occur resulting in a 500 response. When calling cowboy_req:stream_reply/2,3 and then attempting to send a body a crash will occur.
2020-05-20Increase the default max_keepalive HTTP option to 1000Loïc Hoguin
100 is very low for current deployments. 1000 is more appropriate as a default value.
2020-04-04Fix active mode and flow control during pipeliningLoïc Hoguin
We could get stuck in passive mode under certain conditions (fast and non-busy machine and perhaps other environment factors).
2020-02-07Fix HTTP/1.1 bug when a flow command is returned after finLoïc Hoguin
This resulted in a badarith error due to the current flow being set to infinity when the body has been fully read. A test case has been added reproducing the issue.
2020-01-17Fix bugs related to HTTP/1.1 pipeliningLoïc Hoguin
The flow control is now only set to infinity when we are skipping the request body of the stream that is being terminated. This fixes a bug where it was set to infinity while reading a subsequent request's body, leading to a crash. The timeout is no longer reset on stream termination. Timeout handling is already done when receiving data from the socket and doing a reset on stream termination was leading to the wrong timeout being set or the right timeout being reset needlessly.
2020-01-06Use active,NLoïc Hoguin
This reduces the number of times we need to ask for more packets, and as a result we get a fairly large boost in performance, especially with HTTP/1.1. Unfortunately this makes Cowboy require at least Erlang/OTP 21.3+ because the ssl application did not have active,N. For simplicity the version required will be Erlang/OTP 22+. In addition this change improves hibernate handling in cowboy_websocket. Hibernate will now work for HTTP/2 transport as well, and stray or unrelated messages will no longer cancel hibernate (the process will handle the message and go back into hibernation). Thanks go to Stressgrid for benchmarking an early version of this commit: https://stressgrid.com/blog/cowboy_performance_part_2/
2019-12-31No longer use erlang:get_stacktrace/0Loïc Hoguin
It has been deprecated in OTP and the new way is available on all supported OTP versions.
2019-10-10Fix a number of low hanging todosLoïc Hoguin
2019-10-09Implement flow control for HTTP/1.1Loïc Hoguin
We now stop reading from the socket unless asked to, when we reach the request body. The option initial_stream_flow_size controls how much data we read without being asked, as an optimization. We may also have received additional data along with the request headers. This commit also reworks the timeout handling for HTTP/1.1 because the stray timeout message was easily reproducible after implementing the flow control. The issue should be gone for good this time.
2019-10-07Document cowboy_tracer_hLoïc Hoguin
2019-10-07Document cowboy_metrics_hLoïc Hoguin
2019-10-05Don't discard data following a Websocket upgrade requestLoïc Hoguin
While the protocol does not allow sending data before receiving a successful Websocket upgrade response, we do not want to discard that data if it does come in.
2019-10-03Make stream_error early_error reasons consistentLoïc Hoguin
Now both HTTP/1.1 and HTTP/2 follow the documented format. HTTP/1.1 was including an extra element containing the StreamID before, which was unnecessary because it is also given as argument to the callback. HTTP/2 early_error will now include headers in its PartialReq.
2019-10-02Fix another Dialyzer warningLoïc Hoguin
2019-10-02Make sure cowboy_http doesn't receive stray timeout messagesLoïc Hoguin
2019-10-02Add more HTTP/1.1 header parsing testsLoïc Hoguin
Fix a case where Cowboy was waiting for more data that simply did not come. Now Cowboy will generate an error immediately when a header line has no colon separator. These test cases come from known request smuggling attack vectors. Cowboy was not vulnerable to any of them.
2019-09-16Fix closing of connection on response_body_too_smallLoïc Hoguin
2019-07-16Make Cowboy compatible with upcoming Ranch 2.0juhlig
2018-11-18Add the chunked option for HTTP/1.1Loïc Hoguin
It allows disabling the chunked transfer-encoding. It can also be disabled on a per-request basis, although it will be ignored for responses that are not streamed.
2018-11-16Allow overriding cowboy_http's idle_timeout per requestLoïc Hoguin
This allows requests that expect to run longer to do so without impacting the configuration of other requests.
2018-11-15Add a compress_buffering option to cowboy_compress_hLoïc Hoguin
Also changes the behavior to disable buffering by default, so that the default works in all cases, including server-sent events.
2018-11-14Don't send the content-length header in empty 304 responsesLoïc Hoguin
It's OK to send it when set explicitly, as it can be set to what the representation's size would have been.
2018-11-14Allow disabling keep-alive for HTTP/1.0 connectionsLoïc Hoguin
2018-11-09Add sendfile support to cowboy_req:stream_bodyLoïc Hoguin
It is now possible to stream one or more sendfile tuples. A simple example of what can now be done would be for example to build a tar file on the fly using the sendfile syscall for sending the files, or to support Range requests with more than one range with the sendfile syscall. When using cowboy_compress_h unfortunately we have to read the file in order to send it. More options will be added at a later time to make sure users don't read too much into memory. This is a new feature however so existing code is not affected. Also rework cowboy_http's data sending to be flatter.
2018-11-03Add an option to disable sendfile for a listenerLoïc Hoguin
2018-10-31Add compress_threshold protocol optionSteve Domin
Currently the compression threshold is set to 300 and hardcoded in the codebase. There are cases where it make sense to allow this to be configured, for instance when you want to enforce all responses to be compressed regarldess of their size.
2018-10-31Make sure we don't send error_responses on the wrong streamLoïc Hoguin
2018-10-31Improve a few types, including cowboy_req:req()Loïc Hoguin
2018-10-30Initial support for the PROXY protocol headerLoïc Hoguin
Depend on Ranch master for now since it isn't in any release yet.
2018-10-28Exit gracefully on parent exit/sys:terminate/2,3Loïc Hoguin
2018-09-12Do not send a 101 after a final response in switch_protocolLoïc Hoguin
2018-06-28Introduce undocumented option loggerLoïc Hoguin
This commit reworks the logging that Cowboy does via error_logger to make the module that will do the actual logging configurable. The logger module interface must be the same as logger and lager: a separate function per log level with the same log levels they support. The default behavior remains to call error_logger, although some messages were downgraded to warnings instead of errors. Since error_logger only supports three different log levels, some messages may get downgraded/upgraded depending on what the original log level was to make them compatible with error_logger. The {log, Level, Format, Args} command was also added to stream handlers. Stream handlers should use this command to log messages because it allows writing a stream handler to intercept some of those messages and extract information or block them as necessary. The logger option only applies to Cowboy itself, not to the messages Ranch logs, so more work remains to be done in that area.
2018-06-27Disable warnings for erlang:get_stacktrace/0 in OTP-21+Loïc Hoguin
2018-06-25Add streaming without chunking for HTTP/1.1Eric Meadows-Jönsson
If content-length is set in the response headers we can skip chunked transfer-encoding.
2018-05-18Remove the trailer header from HTTP/1.1 response if no TELoïc Hoguin
2018-05-18Don't send transfer-encoding when streaming 204 responsesLoïc Hoguin
2018-05-18Do not process HTTP/1.1 requests coming in after the lastLoïc Hoguin
2018-05-18Add more validation of absolute-form request targetsLoïc Hoguin
2018-05-16Add option linger_timeout to cowboy_httpLoïc Hoguin
2018-05-16Wrap the sendfile call in a try/catch for HTTPLoïc Hoguin
This should reduce the amount of noise in RabbitMQ.
2018-03-26Fix the flushing of messages when switching to WebsocketLoïc Hoguin
We now flush messages that are specific to cowboy_http only. Stream handlers should also flush their own specific messages if necessary, although timeouts will be flushed regardless of where they originate from. Also renames the http_SUITE to old_http_SUITE to distinguish new tests from old tests. Most old tests need to be removed or converted eventually as they're legacy tests from Cowboy 1.0.
2018-03-14Add case for handling infinity for idle/request_timeoutBartek Walkowicz
Currently cowboy assumes that idle_timeout or request_timeout is a number and always starts timers. Similar situation takes place in case of preface_timeout for http2. This commit adds case for handling infinity as a timeout, allowing to not start mentioned timers.
2018-03-13Handle system messages in cowboy_websocketLoïc Hoguin
2018-03-13Handle supervisor calls properly everywhereLoïc Hoguin
2017-12-13Fix Dialyzer warningsLoïc Hoguin
2017-12-12Fix HTTP/1.1 pipeliningLoïc Hoguin
Cases where a request body was involved could sometimes fail depending on timing. Also fix all of the old http_SUITE tests.
2017-12-07Add more rfc7231 tests and a new max_skip_body_length optionLoïc Hoguin
The option controls how much body we accept to skip for HTTP/1.1 connections when the user code did not consume the body fully. It defaults to 1MB.
2017-12-06Fix 408 not sending connection: close for HTTP/1.1Loïc Hoguin
Also make sure the header is sent for all types of early_error that result in the closing of the connection.
2017-12-06Also disable the TRACE method entirelyLoïc Hoguin
2017-12-06Disable the CONNECT method completelyLoïc Hoguin
It's safer than allow it with the wrong behavior.