aboutsummaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)Author
2013-01-17Add cowboy_bstr:capitalize_token/1Loïc Hoguin
For optional header name capitalization. See the guide section about it.
2013-01-17Add cowboy_websocket:close_code/0Loïc Hoguin
Also fixes a warning.
2013-01-14Add Sec-Websocket-Protocol header parsingLoïc Hoguin
2013-01-14Improve websocket close handlingLoïc Hoguin
We now always send a failure reason (bad protocol, bad encoding, etc.) unless the closure was initiated by the client and it didn't send a close code. We now check that the close frames have a payload that is valid UTF-8, unless they don't have a payload at all. We now do not crash the process anymore when bad opcodes are sent, or when the opcode 0 is sent before fragmentation was initiated. Overall this makes us closer to full compliance with the RFC.
2013-01-13Websocket text frames are now checked for UTF-8 correctnessLoïc Hoguin
The autobahntestsuite now passes 100% of the tests. We are getting close to fully implementing the Websocket RFC.
2013-01-12Unmask websocket frames on the fly and optimize the codeLoïc Hoguin
No change in functionality, but this will allow us to validate that text frames are utf8 without having to receive the frame entirely.
2013-01-12All frames sent from client to server MUST be maskedLoïc Hoguin
Good in theory, but implementations may vary. If something stops working after this commit we might need some tweaks to support existing clients. Please try it and give feedback.
2013-01-10Remove support for Websocket hixie76 draftLoïc Hoguin
It was only used by Safari 5.0.1 and possibly 5.1. Their market share is dropping as we speak. It was also insecure (disabled in Firefox for that reason). This will allow us to make much more efficient and cleaner code for the rest of the Websocket versions we support (drafts 7 to 17 + RFC), which are pretty much all versions seen in the wild excluding the one we're removing here.
2013-01-07Add optional automatic response body compressionLoïc Hoguin
This behavior can be enabled with the `compress` protocol option. See the `compress_response` example for more details. All tests are now ran with and without compression for both HTTP and HTTPS.
2013-01-06Add protection against slowloris vulnerabilityLoïc Hoguin
This changes the behavior of the `timeout` protocol option to mean "Time in which the full request line and headers must be received". The default of 5s should be fine for all normal uses. This change has no noticeable impact on performance and is thus enabled by default for everyone. It can be disabled by setting `timeout` to `infinity` although that is definitely not encouraged. Inspired by the contribution from @naryl on github.
2013-01-05Add cowboy_req:set_resp_body_fun/2Loïc Hoguin
This allows streaming a body without knowing the length in advance. Also allows {stream, StreamFun} response body in the REST code.
2013-01-05Remove cowboy_req:transport/1Loïc Hoguin
It was added to help with response body streaming functions. But it was a clumsy solution that we discarded in favor of passing socket and transport to said function. It was also very odd compared to the rest of the cowboy_req interface. If you used this function before, worry not, here's its proper equivalent. [Socket, Transport] = cowboy_req:get([socket, transport], Req)
2013-01-05Change the response body streaming fun interfaceLoïc Hoguin
Before we were required to get the socket and transport ourselves, now they're passed to the function.
2013-01-04Hello 2013Loïc Hoguin
2013-01-03Add middleware supportLoïc Hoguin
Middlewares allow customizing the request processing. All existing Cowboy project are incompatible with this commit. You need to change `{dispatch, Dispatch}` in the protocol options to `{env, [{dispatch, Dispatch}]}` to fix your code.
2013-01-03Fix small error in doc commentLoïc Hoguin
2012-12-26Remove cowboy_req:body/2Loïc Hoguin
This function was badly thought out and would cause more harm than good if used at all. Recommendation will be for people who need to limit body length to check it beforehand or when not possible to use the stream_body API.
2012-12-23Revert "Use lists:keyreplace/4 instead of lists:keydelete/3 + cons"Loïc Hoguin
This reverts commit cc65a723d70bb078b048bab81eeb8a4bd7ed39ce.
2012-12-22use the original request when available for error_terminateTom Burdick
this change makes sure that once a request has been created the error_terminate/3 function uses the original request instead of making a new empty one with undefined values making the request attributes easier to look at in many error cases Conflicts: src/cowboy_protocol.erl
2012-12-22Merge branch 'undefined_url' of git://github.com/treetopllc/cowboyLoïc Hoguin
2012-12-22Merge branch 'fix-websocket-timeout' of git://github.com/jeremyong/cowboyLoïc Hoguin
2012-12-22Cancel timer only on websocket_data receives or sendsJeremy Ong
This commit prevents erlang messages from keeping a websocket connection alive. Previously, the timer was canceled upon any activity. Now, the timeout is only canceled when actual data is sent from the client. The handler_loop_timeout/1 function is called from websocket_data/4 instead of handler_before_loop/4. It is also called after every successful reply in handler_call/4.
2012-12-22Make sure an incorrect port returns a 400 errorLoïc Hoguin
2012-12-22Use lists:keyreplace/4 instead of lists:keydelete/3 + consLoïc Hoguin
2012-12-20We accept iodata() when setting cookies; fix thatLoïc Hoguin
2012-12-20Fix parsing of the Cookie headerLoïc Hoguin
This should be equivalent to what we do in Set-Cookie. Real-world testing is needed to confirm it works as intended.
2012-12-18Improve errors when the path provided is incorrectLoïc Hoguin
2012-12-17Merge branch 'master' of git://github.com/Menirad/cowboyLoïc Hoguin
2012-12-17Fix cowboy_http:cookie_to_iodata/3Loïc Hoguin
No more trying to quote, this is still completely broken everywhere.
2012-12-14Fix multipart parser when the boundary is not fully read yetThomas Nordström
2012-12-13Merge branch 'adt-consistent-errors' of git://github.com/Vagabond/cowboyLoïc Hoguin
2012-12-13Add missing quotes to quoting for cookie valuesLoïc Hoguin
2012-12-13Make the arguments to error_logger more consistentAndrew Thompson
The purpose of this patch is to make the arguments cowboy passes to error_logger more consistent. With this patch there's only 3 variations on the error_logger argument list; a 5 element list, an 8 element list and a 10 element list. In all cases, the first 3 arguments are the Module, Function and Arity of the function being called and the second-to-last argument is always the Request. Additionally, for lists longer than 5 elements, the last argument is always the stack-trace. The added consistency of the argument ordering makes it much easier to write code in lager's error_logger handler to catch these messages and write a pretty one-liner (while writing the full message to the crash.log).
2012-12-10Merge pull request #335 from derdesign/masterLoïc Hoguin
Fix broken 'make docs'
2012-12-10Fix broken 'make docs'derdesign
2012-12-11Fix charset not working properly for RESTLoïc Hoguin
2012-12-08Add {close, StatusCode, Payload} and fix {close, Payload}Loïc Hoguin
2012-12-07Merge branch 'websocket_terminate_not_called' of git://github.com/dergraf/cowboyLoïc Hoguin
2012-12-07Make cookies use universal time instead of local timeLoïc Hoguin
Includes: * cowboy_clock:rfc2109/1 now expects UTC datetime * Rewrite of the cookie code to cowboy_http * Removal of cowboy_cookies * Add type cowboy_req:cookie_opts/0 Cookies should now be set using cowboy_req:set_resp_cookie/3. Code calling cowboy_cookies directly will need to be updated.
2012-12-06call websocket_terminate in case of a handshake errorAndre Graf
2012-12-05Make a few more missing headers lowercaseLoïc Hoguin
2012-12-03Remove the dependency on httpd_utilLoïc Hoguin
Add the function cowboy_clock:rfc1123/1 that formats the given date to the RFC1123 format.
2012-12-03Allow passing the Req and an updated Opts when upgrading protocolsLoïc Hoguin
2012-12-02Add more frame types available in websocket repliesLoïc Hoguin
We can now reply empty close, ping and pong frames, or close frames with a payload. This means that we can send a frame and then close the connection in a single operation. If a close packet is sent, the connection is closed immediately, even if there was frames that remained to be sent. Cowboy will silently drop any extra frames in the list given as a reply.
2012-12-01Return full packet as multipart body if possibleMagnus Klaar
2012-12-01Use Transport:sendfile/2 from RanchLoïc Hoguin
This removes a bunch of unneeded code, including code that was made for R14 which we don't support anymore. Note that the dependency on Ranch was updated, so you will need to update Ranch for the new code to work.
2012-11-30Return a 400 error if the Accept header was incorrectLoïc Hoguin
2012-11-29Add a better error message when user callbacks are not exportedLoïc Hoguin
2012-11-29static: Allow passing the mimetype fun as a {M, F} tupleLoïc Hoguin
2012-11-28Update the cowboy_websocket_handler specsLoïc Hoguin
We can send many payloads at once.