Age | Commit message (Collapse) | Author |
|
If a message is received with both a Transfer-Encoding and a
Content-Length header field, it might indicate an attempt to
perform request smuggling or response splitting and must be
handled as an error in default mode (not relaxed mode).
Bug report: https://bugs.erlang.org/browse/ERL-407
|
|
|
|
Conflicts:
OTP_VERSION
erts/vsn.mk
lib/crypto/c_src/crypto.c
lib/crypto/src/crypto.erl
lib/ssh/src/ssh.erl
|
|
ERL-316, as part of 19.3, adds the port number to the Host header
upon automatic redirection. The port number is included even if it
is a well-known port (80, 443). This is different from the
behaviour of most HTTP clients, as well as httpc's own for new
requests.
The added port number can lead to problems such as this one, where
the request signature assumes the client will not send the :443
suffix on redirection to an https URL:
https://github.com/nerves-project/nerves/issues/96
I was unable to add a test case, since that would require a server
on a well-known port, but I manually verified that the GitHub/S3
signing issue was indeed resolved with this patch.
|
|
|
|
RFC2616 Sect 14.23: The Host request-header field specifies the
Internet host AND port number.
|
|
- The behavior of httpc:request when autoredirect = true is not correct
according to the latest update in RFC-7231. This patch corrects the
autoredirect behavior.
|
|
|
|
|
|
|
|
|
|
|
|
Changed httpc_response, for redirect '303 See Other' also POST
requests should be redirected (using GET). See RFC2616 sect. 10.3.4
for clarification.
|
|
|
|
The module http_uri now officially supported.
Also, the http_uri:parse/1,2 function has been
extended with more scheme support and a way
to provide your own scheme info.
OTP-9983
|
|
|
|
When a URI with a IPv6 host is parsed, the brackets that encapsulates
the nnn is removed. This value is then supplied as the host header.
This can cause problems with some servers.
A workaround for this is to use headers_as_is and provide the host
header with the requst call
To solve this a new option has been added, ipv6_host_with_brackets.
This option specifies if the host value of the host header shall include
the branckets or not. By default, it does not (as before).
OTP-9628
|
|
{error, Reason} | {ok, ParsedURL}
|
|
|
|
OTP-8564: Update deeprication status.
OTP-8573: Inets mod_alias URL rewrite.
|
|
OTP-8351, OTP-8359 & OTP-8371.
|
|
|