Age | Commit message (Collapse) | Author |
|
When calling cowboy_req:reply/4 with a body a crash will occur
resulting in a 500 response. When calling cowboy_req:stream_reply/2,3
and then attempting to send a body a crash will occur.
|
|
100 is very low for current deployments. 1000 is more
appropriate as a default value.
|
|
This causes the test to get stuck because both the client and
server end up waiting in Transport:send for the other side to
read data from the socket.
|
|
The experiment was successful in Gun, let's see if it helps
with Cowboy as well.
|
|
The flow control is now only set to infinity when we are
skipping the request body of the stream that is being
terminated. This fixes a bug where it was set to infinity
while reading a subsequent request's body, leading to a
crash.
The timeout is no longer reset on stream termination.
Timeout handling is already done when receiving data
from the socket and doing a reset on stream termination
was leading to the wrong timeout being set or the right
timeout being reset needlessly.
|
|
Fix a case where Cowboy was waiting for more data that simply
did not come. Now Cowboy will generate an error immediately
when a header line has no colon separator.
These test cases come from known request smuggling attack
vectors. Cowboy was not vulnerable to any of them.
|
|
|
|
|
|
|
|
|
|
Cowboy is 19+ so it's OK to use it.
|
|
It's OK to send it when set explicitly, as it can be set
to what the representation's size would have been.
|
|
|
|
|
|
We now check that the connection gets closed.
|
|
It was not working at all.
|
|
We don't implement CONNECT yet so we unconditionally return
a 501 for these requests and that makes this test fail.
|
|
|
|
|
|
Support for these was broken during the development
of Cowboy 2.0. It is now fixed and better handled
than it ever was.
|
|
|
|
|
|
|
|
|
|
|
|
A few more bugs detected. I'm at the end of the list. I need to
do a second reading, implement what I can, fix what I can and
then the suite should be complete.
|
|
A few seems to highlight more bugs. They have no fix yet.
|
|
Found more bugs! Unfortunately no fix for them in this commit.
|
|
|
|
Bad chunk sizes used to be accepted and could result in
a badly parsed body or a timeout. They are now properly
rejected.
Chunk extensions now have a hard limit of 129 characters.
I haven't heard of anyone using them and Cowboy does not
provide an interface for them, but we can always increase
or make configurable if it ever becomes necessary (but
I honestly doubt it).
Also a test from the old http suite could be removed. Yay!
|
|
It's worth noting that transfer-encoding now takes precedence
over content-length as recommended by the RFC, so that when
both headers are sent we only care about transfer-encoding
and explicitly remove content-length from the headers.
|
|
Also fixes the handling of the max_headers option for HTTP/1.1.
It is now a strict limit and not dependent on whether data is
already in the buffer.
|
|
|
|
Putting them in the correct test suite, with the proper
documentation etc.
|
|
|
|
Breaking changes with previous commit. This is a very large change,
and I am giving up on making a single commit that fixes everything.
More commits will follow slowly adding back features, introducing
new tests and fixing the documentation.
This change contains most of the work toward unifying the interface
for handling both HTTP/1.1 and HTTP/2. HTTP/1.1 connections are now
no longer 1 process per connection; instead by default 1 process per
request is also created. This has a number of pros and cons.
Because it has cons, we also allow users to use a lower-level API
that acts on "streams" (requests/responses) directly at the connection
process-level. If performance is a concern, one can always write a
stream handler. The performance in this case will be even greater
than with Cowboy 1, although all the special handlers are unavailable.
When switching to Websocket, after the handler returns from init/2,
Cowboy stops the stream and the Websocket protocol takes over the
connection process. Websocket then calls websocket_init/2 for any
additional initialization such as timers, because the process is
different in init/2 and websocket_*/* functions. This however would
allow us to use websocket_init/2 for sending messages on connect,
instead of sending ourselves a message and be subject to races.
Note that websocket_init/2 is optional.
This is all a big change and while most of the tests pass, some
functionality currently doesn't. SPDY is broken and will be removed
soon in favor of HTTP/2. Automatic compression is currently disabled.
The cowboy_req interface probably still have a few functions that
need to be updated. The docs and examples do not refer the current
functionality anymore.
Everything will be fixed over time. Feedback is more than welcome.
Open a ticket!
|
|
This is a large commit.
The rfc7230 test suite adds many tests from the RFC7230 document.
Gun has been updated quite a bit recently, which broke the Cowboy
suites. This is now fixed with this commit.
A new hook onfirstrequest has been added. It was very useful during
debugging of the test suites.
The initial process code has changed a little; more changes are
expected with the switch to maps for options.
|