| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
ERL-316, as part of 19.3, adds the port number to the Host header
upon automatic redirection. The port number is included even if it
is a well-known port (80, 443). This is different from the
behaviour of most HTTP clients, as well as httpc's own for new
requests.
The added port number can lead to problems such as this one, where
the request signature assumes the client will not send the :443
suffix on redirection to an https URL:
https://github.com/nerves-project/nerves/issues/96
I was unable to add a test case, since that would require a server
on a well-known port, but I manually verified that the GitHub/S3
signing issue was indeed resolved with this patch.
|
|
|
|
This supersedes PR #1185 (submitted by @KrzysiekJ) that changed
all occurrences of ref() with reference() in inets files.
However, there is little point in having these types only in comments.
So, these types are now exposed as type declarations for the record
fields they appear. While at it, uncommented more commented out type
declarations and declared types for records defined in the affected
modules and header files.
Some type-unfriendly and obsolete code related to supporting code
ungrades with a really old OTP release was also removed.
|
|
|
|
* ia/maint/inets/mod_alias/OTP-13248:
inets: Prepare for release
inets: Traverse all aliases looking for the longest match
inets: Use re instead of inets_regexp
# Conflicts:
# lib/inets/vsn.mk
|
|
|
|
or fails
Also remove legacy debug macros and add help function httpd_util:error_log/2
to avoid code duplication.
|
|
Before 77acb47 http:request/1 could parse server responses with
whitespace after the HTTP chunk size (some embedded legacy devices still
do this).
This patch restores this functionality.
|
|
|
|
ssl:start/[1,2] is a shell convenience function and should not be called
by other applications.
inet_db:start is an internal function that we should not have to call.
This was done for legacy reasons and is no longer needed.
|
|
Remove point less instructions looking for return values, that
in most cases no long exist, of which the result would anyhow be ignored
|
|
Was already possible for HTTPS. Also remove use of legacy option
inet6fb4. IPv6 standard moved away from beeing able to fallback to IPv4
so this option makes little sense, will use inet (Ipv4) as default instead of
inet6fb4.
|
|
|
|
The chunked length header should be checked as well as
headers present in the chunk trailer part, ignored extensions are counted
as header bytes. Also the decode trailer function will stop as soon
as the header size is exceed, when that happens.
|
|
Also use integer_to_list/2 and list_to_integer/2 instead of reimplementing it.
|
|
* scrapinghub/http_uri_scheme_validation:
inets: scheme validation fun for http_uri
OTP-13071
|
|
http_uri:parse_scheme function should allow checking
scheme of URIs otherwise it could be easily abused to
reach limit number of atoms in the VM
|
|
httpc should not fail when response contains (now deprecated)
multiline HTTP headers constructed with obs-folds. And as
RFC7230 specifies user agent should replace obs-folds with
spaces.
|
|
|
|
|
|
|
|
Gracefully handle invalid content-lenght headers instead of
crashing in list_to_integer.
|
|
This fixes a bug in httpc where redirection URIs could lead to bad requests if they
contained fragments.
|
|
|
|
|
|
Conflicts:
lib/inets/doc/src/notes.xml
lib/inets/src/http_lib/http_transport.erl
lib/inets/src/inets_app/inets.appup.src
lib/inets/vsn.mk
lib/ssl/doc/src/notes.xml
lib/ssl/src/ssl.appup.src
lib/ssl/src/ssl.erl
lib/ssl/src/ssl_internal.hrl
lib/ssl/src/tls_connection.erl
lib/ssl/vsn.mk
|
|
added as option to inets conf file
|
|
|
|
http_chunk:decode/4, the side-effecting chunk decoder, was only used
by httpc_handler:handle_http_body/2 but now it's completely unused.
|
|
In R16B01, the http_request:http_headers/1 function removes the content-length
field from the HTTP headers if the content length is zero. This results in
some (perhaps many) HTTP servers rejecting POSTs and PUTs without data with
a 411 status word. From RFC2616, section 14.13: "Any Content-Length greater than
or EQUAL to zero is a valid value".
|
|
|
|
httpc: CTfy test suite
httpd: Simplify ssl configuration OTP-10846
|
|
|
|
OTP-10106
OTP-10107
|
|
The module http_uri now officially supported.
Also, the http_uri:parse/1,2 function has been
extended with more scheme support and a way
to provide your own scheme info.
OTP-9983
|
|
This version of the module was provided by Johan Tj�der.
It adds support for more methods (more than http and https).
OTP-9983
|
|
Conflicts:
lib/inets/doc/src/notes.xml
lib/inets/src/http_lib/http_uri.erl
lib/inets/src/inets_app/inets.appup.src
lib/inets/vsn.mk
|
|
Merge branch 'bmk/inets/httpd/xss_when_erl_encoded/r13/OTP-9655' into bmk/inets/httpd/xss_when_erl_encoded/r14/OTP-9655
Conflicts:
lib/inets/doc/src/notes.xml
lib/inets/src/http_lib/http_uri.erl
lib/inets/src/http_lib/http_util.erl
lib/inets/src/http_server/httpd_file.erl
lib/inets/src/http_server/httpd_request.erl
lib/inets/src/http_server/httpd_request_handler.erl
lib/inets/src/http_server/httpd_util.erl
lib/inets/src/inets_app/inets.appup.src
lib/inets/test/httpc_SUITE.erl
lib/inets/test/httpd_SUITE.erl
lib/inets/test/httpd_basic_SUITE.erl
lib/inets/test/httpd_test_lib.erl
lib/inets/vsn.mk
|
|
OTP-9655
|
|
OTP-9655
|
|
URL was encoded (hex-encoded).
OTP-9655
|
|
When a URI with a IPv6 host is parsed, the brackets that encapsulates
the nnn is removed. This value is then supplied as the host header.
This can cause problems with some servers.
A workaround for this is to use headers_as_is and provide the host
header with the requst call
To solve this a new option has been added, ipv6_host_with_brackets.
This option specifies if the host value of the host header shall include
the branckets or not. By default, it does not (as before).
OTP-9628
|
|
{error, Reason} | {ok, ParsedURL}
|
|
Conflicts:
lib/inets/doc/src/notes.xml
lib/inets/src/inets_app/inets.appup.src
lib/inets/test/httpc_cookie_SUITE.erl
lib/inets/vsn.mk
|
|
are URL-encoded. Added support in http-client to use
URL-encoding. Also added the missing include directory
for the inets application.
OTP-8940
[httpd] Prevent XSS in error pages.
Prevent user controlled input from being interpreted
as HTML in error pages by encoding the reserved HTML
characters.
Michael Santos
OTP-9124
|
|
That is, if the parsing fails, the date should be ignored.
Also added support for (yet another) date format: "Tue Jan 01 08:00:01 2036 GMT"
OTP-9433
|
|
The ossl option is no longer valid since the old ssl (OpenSSL
based ssl variant) has been removed from the ssl app.
OTP-9522
|
