aboutsummaryrefslogtreecommitdiffstats
path: root/lib/inets/src/http_server/httpd_request.erl
AgeCommit message (Collapse)Author
2018-06-18Update copyright yearHenrik Nord
2018-05-22inets: Gracefully handle bad headersIngela Anderton Andin
max_headers operated on the individual header length instead of the total length of all headers. Also headers with empty keys are now discarded.
2017-10-25inets: httpd - Fix broken handling of POST requestsIngela Anderton Andin
New chunk mechanism of body data in POST requests added in 5d01c70ca399edf28e99dc760506329689fab6ba broke handling of POST body data not using the new mechanism. Added better regression test
2017-09-13inets: httpd - Add chunk handling of client dataIngela Anderton Andin
If the client uses PUT or POST to send a HTTP body the server currently will gather the whole body in memory before passing it on to the mod-callback. For legacy reasons it also converts the binary body to a list, this is really bad for memory usage! Add new option max_client_body_chunk to enable chunked handling of content-length requests. Also make it possible for chunked-encoded data to be propagated in portions to the mod-callback. Conflicts: lib/inets/test/httpd_SUITE.erl
2015-12-08inets: Add PATCH method to client and serverPablo Lamela
2015-06-18Change license text to APLv2Bruce Yinhe
2015-05-29inets: Add customize optionIngela Anderton Andin
Many HTTP headers are optional, and it could be desirable for the server to filter and maybe even alter them without replacing the mod_* modules that generate/process them. Add new behaviour httpd_custom_api with default implementation in httpd_custom.erl. Add behaviour module in 18 as then we can specify optional callbacks.
2015-05-12inets: reject negative content-lengthHans Nilsson
2015-01-29inets: httpd - Sanity check of content-length headerIngela Anderton Andin
Gracefully handle invalid content-lenght headers instead of crashing in list_to_integer.
2014-05-23inets: httpd - Behave well on not so long but wrong request linesIngela Anderton Andin
2014-05-23inets: httpd - Reject incorrect large request lines earlyIngela Anderton Andin
2011-11-09Initial merge from r13 topic branch. With minimal cleanup.Micael Karlberg
Merge branch 'bmk/inets/httpd/xss_when_erl_encoded/r13/OTP-9655' into bmk/inets/httpd/xss_when_erl_encoded/r14/OTP-9655 Conflicts: lib/inets/doc/src/notes.xml lib/inets/src/http_lib/http_uri.erl lib/inets/src/http_lib/http_util.erl lib/inets/src/http_server/httpd_file.erl lib/inets/src/http_server/httpd_request.erl lib/inets/src/http_server/httpd_request_handler.erl lib/inets/src/http_server/httpd_util.erl lib/inets/src/inets_app/inets.appup.src lib/inets/test/httpc_SUITE.erl lib/inets/test/httpd_SUITE.erl lib/inets/test/httpd_basic_SUITE.erl lib/inets/test/httpd_test_lib.erl lib/inets/vsn.mk
2011-10-26Fixed HTML encode. First *try* to hex decode uri, and thenMicael Karlberg
do the actual html encode. OTP-9655
2011-09-29Update copyright yearsBjörn-Egil Dahlberg
2011-09-19Fixed release notes, version and cosmetics in source.Micael Karlberg
2011-09-15Updated http-server to make sure URLs in error-messagesMicael Karlberg
are URL-encoded. Added support in http-client to use URL-encoding. Also added the missing include directory for the inets application. OTP-8940 [httpd] Prevent XSS in error pages. Prevent user controlled input from being interpreted as HTML in error pages by encoding the reserved HTML characters. Michael Santos OTP-9124
2011-08-26Fix httpd directory traversal on WindowsAndrás Veres-Szentkirályi
Although the validation in httpd_request works well on platforms using forward slash as directory separator, on Windows systems, this protection can be circumvented using URLs containing backslashes. This way, any file accessible to the user running the server (even those outside the document root) can be read through HTTP. This commit solves the problem by expanding the list of path separators to '/\\'.
2010-11-29URL-encoding - add support in client and more usage in server. AlsoIngela Anderton Andin
added missing include directory.
2010-06-07OTP-7907: Allow the use of the "new" ssl (essl).Micael Karlberg
OTP-8564: Update deeprication status. OTP-8573: Inets mod_alias URL rewrite.
2010-01-13OTP-8016, OTP-8056, OTP-8103, OTP-8106, OTP-8312, OTP-8315, OTP-8327, OTP-8349,Micael Karlberg
OTP-8351, OTP-8359 & OTP-8371.
2009-11-20The R13B03 release.OTP_R13B03Erlang/OTP