aboutsummaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)Author
2024-01-16REST: Allow generate_etag to return undefinedLoïc Hoguin
This allows conditionally generating an etag.
2024-01-15Reject responses with explicit set-cookie headergeeksilva97
LH: The tests received a lot of fixes and tweaking. I also reworded the error message to be more concise.
2024-01-15Fix wrong HTTP/1 timeout being used in some casesLoïc Hoguin
Added many tests to ensure the right timeout is picked in the appropriate situation. Should there be any issues remaining we can add more tests.
2024-01-09Better error message when trying to reply twiceLoïc Hoguin
Also crash if trying to push after a reply was sent.
2024-01-09Shorten the 204/304 error messageLoïc Hoguin
2024-01-09Improve the error when trying to send a 204/304 with a bodyLoïc Hoguin
2024-01-08Document body reading in auto modeLoïc Hoguin
It is now tested both via cowboy_req:read_body and via cowboy_req:cast. Removes a bad example from the guide of body reading with period of infinity, which does not work.
2024-01-08Ensure HTTP/1.1 Websocket resets the trap_exit flagLoïc Hoguin
While we are identified as a supervisor in the tree, we no longer manage children processes at that point, so do not need to trap exit signals. Users can still enable trap_exit if they prefer to.
2024-01-08Always add vary: accept-encoding in cowboy_compress_hLoïc Hoguin
We must add it even if we don't end up compressing because it indicates that we might. This indication doesn't mean that the user agent's accept-encoding values will ever result in content encoding being applied.
2024-01-05Reject HTTP/1 requests with both content-length and transfer-encodingLoïc Hoguin
The previous behavior was to accept them and drop the content-length header as per the RFC recommendation. But since this behavior is not normal it is safer to just reject such requests than risk security issues.
2024-01-05Don't automatically compress when response has etagLoïc Hoguin
In the cowboy_compress_h stream handler. Otherwise this could cause issues with caching, with the etag being the same for compressed/uncompressed content. Users that wish to send etags AND compress will have to do it manually for the time being.
2024-01-05Add cowboy:get_env/2,3Loïc Hoguin
2024-01-05Fix Dialyzer warnings caused by my decompress changesLoïc Hoguin
2024-01-04Rework and improve the decompress stream handlerLoïc Hoguin
The read buffer was changed into an iovec to avoid doing too many binary concatenations and allocations. Decompression happens transparently: when decoding gzip, the content-encoding header is removed (we only decode when "gzip" is the only encoding so nothing remains). We always add a content_decoded key to the Req object. This key contains a list of codings that were decoded, in the reverse order in which they were. Currently it can only be empty or contain <<"gzip">> but future improvements or user handlers may see it contain more values. The option to disable decompression was renamed to decompress_enabled and defaults to true. It is no longer possible to enable/disable decompression in the middle of reading the body: this ensures that the data we pass forward is always valid. Various smaller improvements were made to the code, tests and manual pages.
2023-12-21Add cowboy_decompress_h stream handlerjdamanalo
2023-12-21Don't update an HTTP/2 stream's window if stream stoppedLoïc Hoguin
2023-12-21Exit gracefully on {error,closed} when reading the PROXY headerNelson Vides
LH: Simplified the test a little.
2023-12-21Optionally reset the idle timeout when sending dataRobert J. Macomber
A new option reset_idle_timeout_on_send has been added. When set to 'true', the idle timeout is reset not only when data is received, but also when data is sent. This allows sending large responses without having to worry about timeouts triggering. The default is currently unchanged but might change in a future release. LH: Greatly reworked the implementation so that the timeout gets reset on almost all socket writes. This essentially completely supersets the original work. Tests are mostly the same although I refactored a bit to avoid test code duplication. This commit also changes HTTP/2 behavior a little when data is received: Cowboy will not attempt to update the window before running stream handler commands to avoid sending WINDOW_UPDATE frames twice. Now it has some small heuristic to ensure they can only be sent once at most.
2023-12-19Remove next_protocols_advertisedViktor Söderqvist
2023-12-19Shave off a few more seconds from rfc7540_SUITELoïc Hoguin
2023-12-18Fix shutdown for HTTP/1.1 pipelineDmitri Vereshchagin
Sending extra response prevented by terminating all streams except the one currently executing. LH: Reworded some variables to make what happens more obvious.
2023-12-15Reject invalid Connection headerBoris Pozdnyakov
LH: Small tweaks and added an HTTP/1.0 test.
2023-12-15Add timeout to cowboy_loopjdamanalo
LH: I have added a test that does both hibernate and timeout and fixed a related issue. I also tweaked the docs and tests.
2023-12-12Handle socket errors in HTTP/1.1 and HTTP/2Loïc Hoguin
Doing so will let us notice when the connection is gone instead of waiting for timeouts, at least in the cases where the remote socket was closed properly. Timeouts are still needed in case of TCP half-open problems. This change means that the order of stream handler commands is more important than before because socket errors may occur during the processing of commands.
2023-12-06Add 'max_cancel_stream_rate' config for the rapid reset attackViktor Söderqvist
Co-authored-by: Björn Svensson <[email protected]>
2022-09-19Fix data sent after RST_STREAM in HTTP/2 in rare casesLoïc Hoguin
2020-11-27AcceptCallback may now return created/see_other tuples for POSTMartin Björklund
They replace and deprecate the {true,URI} return value.
2020-11-27Also include trace messages when timestamp flag isn't usedSebastian Strollo
2020-11-27Use functions for inititalizing rate limitingSimon Johansson
... to ensure that the same values are used in all places.
2020-11-27Graceful shutdownViktor Söderqvist
Note: This commit makes cowboy depend on cowlib master. Graceful shutdown for HTTP/2: 1. A GOAWAY frame with the last stream id set to 2^31-1 is sent and a timer is started (goaway_initial_timeout, default 1000ms), to wait for any in-flight requests sent by the client, and the status is set to 'closing_initiated'. If the client responds with GOAWAY and closes the connection, we're done. 2. A second GOAWAY frame is sent with the actual last stream id and the status is set to 'closing'. If no streams exist, the connection terminates. Otherwise a second timer (goaway_complete_timeout, default 3000ms) is started, to wait for the streams to complete. New streams are not accepted when status is 'closing'. 3. If all streams haven't completed after the second timeout, the connection is forcefully terminated. Graceful shutdown for HTTP/1.x: 1. If a request is currently being handled, it is waited for and the response is sent back to the client with the header "Connection: close". Then, the connection is closed. 2. If the current request handler is not finished within the time configured in transport option 'shutdown' (default 5000ms), the connection process is killed by its supervisor (ranch). Implemented for HTTP/1.x and HTTP/2 in the following scenarios: * When receiving exit signal 'shutdown' from the supervisor (e.g. when cowboy:stop_listener/3 is called). * When a connection process is requested to terminate using sys:terminate/2,3. LH: Edited tests a bit and added todos for useful tests to add.
2020-11-23Don't produce an error report for normal stream process exitsLoïc Hoguin
2020-07-03Fix concurrent body streaming getting stuck with HTTP/2Loïc Hoguin
2020-05-20204 and 304 responses must not include a bodyLoïc Hoguin
When calling cowboy_req:reply/4 with a body a crash will occur resulting in a 500 response. When calling cowboy_req:stream_reply/2,3 and then attempting to send a body a crash will occur.
2020-05-20Increase the default max_keepalive HTTP option to 1000Loïc Hoguin
100 is very low for current deployments. 1000 is more appropriate as a default value.
2020-04-06Experiment with a linger_timeout for HTTP/2Loïc Hoguin
This is mostly to ensure that the GOAWAY frame is properly received on Windows in some tests, but should be benefitial also in production in particular when clients are slower.
2020-04-04Fix active mode and flow control during pipeliningLoïc Hoguin
We could get stuck in passive mode under certain conditions (fast and non-busy machine and perhaps other environment factors).
2020-04-01Fix h2spec "invalid preface sequence" testLoïc Hoguin
Introduce a currently undocumented option to allow disabling cowboy_http when using a clear listener.
2020-03-30Add more headers to cowboy_req:parse_header/2,3Loïc Hoguin
2020-03-29Add more router testsLoïc Hoguin
2020-03-29Increase the default max_received_frame_rateLoïc Hoguin
Allow 10000 frames every 10 seconds instead of just 1000, as the limit was too quickly reached in some deployments.
2020-02-07Fix HTTP/1.1 bug when a flow command is returned after finLoïc Hoguin
This resulted in a badarith error due to the current flow being set to infinity when the body has been fully read. A test case has been added reproducing the issue.
2020-01-17Fix bugs related to HTTP/1.1 pipeliningLoïc Hoguin
The flow control is now only set to infinity when we are skipping the request body of the stream that is being terminated. This fixes a bug where it was set to infinity while reading a subsequent request's body, leading to a crash. The timeout is no longer reset on stream termination. Timeout handling is already done when receiving data from the socket and doing a reset on stream termination was leading to the wrong timeout being set or the right timeout being reset needlessly.
2020-01-06Use active,NLoïc Hoguin
This reduces the number of times we need to ask for more packets, and as a result we get a fairly large boost in performance, especially with HTTP/1.1. Unfortunately this makes Cowboy require at least Erlang/OTP 21.3+ because the ssl application did not have active,N. For simplicity the version required will be Erlang/OTP 22+. In addition this change improves hibernate handling in cowboy_websocket. Hibernate will now work for HTTP/2 transport as well, and stray or unrelated messages will no longer cancel hibernate (the process will handle the message and go back into hibernation). Thanks go to Stressgrid for benchmarking an early version of this commit: https://stressgrid.com/blog/cowboy_performance_part_2/
2020-01-02Reduce number of Transport:send/2 calls for HTTP/2Loïc Hoguin
When sending a complete response it is far more efficient to send the headers and the body in one Transport:send/2 call instead of two or more, at least for small responses. This is the HTTP/2 counterpart to what was done for HTTP/1.1 many years ago in bfab8d4b22d858e7cffa97d04210a62fae56681c. In HTTP/2's case however the implementation is a little more difficult due to flow control. On the other hand the optimization will apply not only for headers/body but also for the body of multiple separate responses, which may need to be sent all at the same time when we receive a WINDOW_UPDATE frame. When a body is sent using sendfile however a separate call is still made.
2019-12-31No longer use erlang:get_stacktrace/0Loïc Hoguin
It has been deprecated in OTP and the new way is available on all supported OTP versions.
2019-12-31Ignore malformed accept-encoding headers in cowboy_compress_hMarcos Ferreira
2019-10-10Don't log stray messages for lingering HTTP/2 streamsLoïc Hoguin
2019-10-10Fix a number of low hanging todosLoïc Hoguin
2019-10-10Newly documented cow_cookie:cookie_opts() is now a mapLoïc Hoguin
2019-10-10Add shutdown_reason Websocket commandLoïc Hoguin
This allows changing the normal exit reason of Websocket processes, providing a way to signal other processes of why the exit occurred.