path: root/src
AgeCommit message (Collapse)Author
2020-05-20204 and 304 responses must not include a bodyLoïc Hoguin
When calling cowboy_req:reply/4 with a body a crash will occur resulting in a 500 response. When calling cowboy_req:stream_reply/2,3 and then attempting to send a body a crash will occur.
2020-05-20Increase the default max_keepalive HTTP option to 1000Loïc Hoguin
100 is very low for current deployments. 1000 is more appropriate as a default value.
2020-04-06Experiment with a linger_timeout for HTTP/2Loïc Hoguin
This is mostly to ensure that the GOAWAY frame is properly received on Windows in some tests, but should be benefitial also in production in particular when clients are slower.
2020-04-04Fix active mode and flow control during pipeliningLoïc Hoguin
We could get stuck in passive mode under certain conditions (fast and non-busy machine and perhaps other environment factors).
2020-04-01Fix h2spec "invalid preface sequence" testLoïc Hoguin
Introduce a currently undocumented option to allow disabling cowboy_http when using a clear listener.
2020-03-30Add more headers to cowboy_req:parse_header/2,3Loïc Hoguin
2020-03-29Add more router testsLoïc Hoguin
2020-03-29Increase the default max_received_frame_rateLoïc Hoguin
Allow 10000 frames every 10 seconds instead of just 1000, as the limit was too quickly reached in some deployments.
2020-02-07Fix HTTP/1.1 bug when a flow command is returned after finLoïc Hoguin
This resulted in a badarith error due to the current flow being set to infinity when the body has been fully read. A test case has been added reproducing the issue.
2020-01-17Fix bugs related to HTTP/1.1 pipeliningLoïc Hoguin
The flow control is now only set to infinity when we are skipping the request body of the stream that is being terminated. This fixes a bug where it was set to infinity while reading a subsequent request's body, leading to a crash. The timeout is no longer reset on stream termination. Timeout handling is already done when receiving data from the socket and doing a reset on stream termination was leading to the wrong timeout being set or the right timeout being reset needlessly.
2020-01-06Use active,NLoïc Hoguin
This reduces the number of times we need to ask for more packets, and as a result we get a fairly large boost in performance, especially with HTTP/1.1. Unfortunately this makes Cowboy require at least Erlang/OTP 21.3+ because the ssl application did not have active,N. For simplicity the version required will be Erlang/OTP 22+. In addition this change improves hibernate handling in cowboy_websocket. Hibernate will now work for HTTP/2 transport as well, and stray or unrelated messages will no longer cancel hibernate (the process will handle the message and go back into hibernation). Thanks go to Stressgrid for benchmarking an early version of this commit: https://stressgrid.com/blog/cowboy_performance_part_2/
2020-01-02Reduce number of Transport:send/2 calls for HTTP/2Loïc Hoguin
When sending a complete response it is far more efficient to send the headers and the body in one Transport:send/2 call instead of two or more, at least for small responses. This is the HTTP/2 counterpart to what was done for HTTP/1.1 many years ago in bfab8d4b22d858e7cffa97d04210a62fae56681c. In HTTP/2's case however the implementation is a little more difficult due to flow control. On the other hand the optimization will apply not only for headers/body but also for the body of multiple separate responses, which may need to be sent all at the same time when we receive a WINDOW_UPDATE frame. When a body is sent using sendfile however a separate call is still made.
2019-12-31No longer use erlang:get_stacktrace/0Loïc Hoguin
It has been deprecated in OTP and the new way is available on all supported OTP versions.
2019-12-31Ignore malformed accept-encoding headers in cowboy_compress_hMarcos Ferreira
2019-10-10Don't log stray messages for lingering HTTP/2 streamsLoïc Hoguin
2019-10-10Fix a number of low hanging todosLoïc Hoguin
2019-10-10Newly documented cow_cookie:cookie_opts() is now a mapLoïc Hoguin
2019-10-10Add shutdown_reason Websocket commandLoïc Hoguin
This allows changing the normal exit reason of Websocket processes, providing a way to signal other processes of why the exit occurred.
2019-10-09Implement flow control for HTTP/1.1Loïc Hoguin
We now stop reading from the socket unless asked to, when we reach the request body. The option initial_stream_flow_size controls how much data we read without being asked, as an optimization. We may also have received additional data along with the request headers. This commit also reworks the timeout handling for HTTP/1.1 because the stray timeout message was easily reproducible after implementing the flow control. The issue should be gone for good this time.
2019-10-07Add cowboy_req:cast/2Loïc Hoguin
Better than sending messages manually.
2019-10-07Document cowboy_tracer_hLoïc Hoguin
2019-10-07Document cowboy_metrics_hLoïc Hoguin
2019-10-05Add Websocket option validate_utf8Loïc Hoguin
This allows disabling the UTF-8 validation check for text and close frames.
2019-10-05Don't discard data following a Websocket upgrade requestLoïc Hoguin
While the protocol does not allow sending data before receiving a successful Websocket upgrade response, we do not want to discard that data if it does come in.
2019-10-05Add cowboy_req:filter_cookies/2Loïc Hoguin
2019-10-04Make cowboy_compress_h add vary: accept-encodingLoïc Hoguin
2019-10-03Document media type wildcard in content_types_acceptedLoïc Hoguin
2019-10-03Make stream_error early_error reasons consistentLoïc Hoguin
Now both HTTP/1.1 and HTTP/2 follow the documented format. HTTP/1.1 was including an extra element containing the StreamID before, which was unnecessary because it is also given as argument to the callback. HTTP/2 early_error will now include headers in its PartialReq.
2019-10-02Fix another Dialyzer warningLoïc Hoguin
2019-10-02Ensure we can stream the response body from any processLoïc Hoguin
2019-10-02Ensure we can read the request body from any processLoïc Hoguin
2019-10-02Make sure cowboy_http doesn't receive stray timeout messagesLoïc Hoguin
2019-10-02Add {set_options, #{metrics_user_data := Map}}Loïc Hoguin
This allows giving custom metadata to the metrics stream handler. This can be useful to for example provide the name of the module handling the request which is only known after routing. But any user data is allowed. When called multiple times the user data maps are merged.
2019-10-02Add more HTTP/1.1 header parsing testsLoïc Hoguin
Fix a case where Cowboy was waiting for more data that simply did not come. Now Cowboy will generate an error immediately when a header line has no colon separator. These test cases come from known request smuggling attack vectors. Cowboy was not vulnerable to any of them.
2019-10-02Fix a Dialyzer warning and improve some typesLoïc Hoguin
2019-10-02Fix HTTP/2 CVEsLoïc Hoguin
A number of HTTP/2 CVEs were documented recently: https://www.kb.cert.org/vuls/id/605641/ This commit, along with a few changes and additions in Cowlib, fix or improve protection against all of them. For CVE-2019-9511, also known as Data Dribble, the new option stream_window_data_threshold can be used to control how little the DATA frames that Cowboy sends can get. For CVE-2019-9516, also known as 0-Length Headers Leak, Cowboy will now simply reject streams containing 0-length header names. For CVE-2019-9517, also known as Internal Data Buffering, the backpressure changes were already pretty good at preventing this issue, but a new option max_connection_buffer_size was added for even better control over how much memory we are willing to allocate. For CVE-2019-9512, also known as Ping Flood; CVE-2019-9515, also known as Settings Flood; CVE-2019-9518, also known as Empty Frame Flooding; and similar undocumented scenarios, a frame rate limiting mechanism was added. By default Cowboy will now allow 1000 frames every 10 seconds. This can be configured via max_received_frame_rate. For CVE-2019-9514, also known as Reset Flood, another rate limiting mechanism was added and can be configured via max_reset_stream_rate. By default Cowboy will do up to 10 stream resets every 10 seconds. Finally, nothing was done for CVE-2019-9513, also known as Resource Loop, because Cowboy does not currently implement the HTTP/2 priority mechanism (in parts because these issues were well known from the start). Tests were added for all cases except Internal Data Buffering, which I'm not sure how to test, and Resource Loop, which is not currently relevant.
2019-10-02Remove lingering_data tuple handlingLoïc Hoguin
2019-09-28Add persistent_term support to the routerLoïc Hoguin
2019-09-16Fix closing of connection on response_body_too_smallLoïc Hoguin
2019-09-14Implement backpressure on cowboy_req:stream_bodyLoïc Hoguin
This should limit the amount of memory that Cowboy is using when a handler is sending data much faster than the network. The new max_stream_buffer_size is a soft limit and only has an effect when the cowboy_stream_h handler is used.
2019-09-07Improve the cowboy_static consistency across platformsLoïc Hoguin
As a result we explictly reject path_info components that include a forward slash, backward slash or NUL character. This only applies to the [...] part of the path for dir/priv_dir configuration. Also improve the tests so that they work on Windows.
2019-09-06Fix using custom fields in ReqLoïc Hoguin
2019-09-05Fix and optimize sending of WINDOW_UPDATE framesLoïc Hoguin
For long-running connections it was possible for the connection window to become larger than allowed by the protocol because the window increases claimed by stream handlers were never reclaimed even if no data was consumed. The new code applies heuristics to fix this and reduce the number of WINDOW_UPDATE frames that are sent. It includes six new options to control that behavior: margin, max and threshold for both the connection and stream windows. The margin is some extra space added on top of the requested read size. The max is the maximum window size at any given time. The threshold is a minimum window size that must be reached before we even consider sending more WINDOW_UPDATE frames. We also avoid sending WINDOW_UPDATE frames when there is already enough space in the window, or when the read size is 0. Cowlib is set to master until a new tag is done.
2019-08-16Gracefully shut down HTTP/2 connections on GOAWAYLoïc Hoguin
2019-07-16Make Cowboy compatible with upcoming Ranch 2.0juhlig
2019-07-16Data received after RST_STREAM counts toward windowTony Han
2019-04-03Bind erlang:get_stacktrace prior to making other callsSteve Strong
If we bind too late there might be an exception triggered in the terminate function and we will not get the correct stacktrace as a result.
2019-04-01Fallback to host header if authority is missingFredrik Enestad
2018-11-21Move many old HTTP test cases to the rest_handler test suiteLoïc Hoguin
A bug was fixed in cowboy_rest where when content_types_provided returned a media type with a wildcard as first in the list, and a request comes in without an accept header, then the media_type value in the Req object would contain '*' instead of [] for the parameters.
2018-11-19Add an additional test to the static test suiteLoïc Hoguin