summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-10-20fix the alias supportJohn Crispin
the path compare return code was not honoured properly Signed-off-by: John Crispin <blogic@openwrt.org>
2015-10-17add a -y parameter for cgi-bin redirectsJohn Crispin
this allows an alias entry inside the root folder point at a cgi-bin script -y foo=bar will redirect /foo to /cgi-bin/bar Signed-off-by: John Crispin <blogic@openwrt.org>
2015-10-08fix chunked transfer encoding in keepalive modeJo-Philipp Wich
The two commits 5162e3b0ee7bd1d0fd6e75e1ca7993a1834b5291 "allow request handlers to disable chunked reponses" and 618493e378e2239f0d30902e47adfa134e649fdc "file: disable chunked encoding for file responses" broke the chunked transfer encoding handling for proc responses in keep-alive connections that followed a file response with http status 204 or 304. The effect of this bug is that cgi responses following a 204 or 304 one where sent neither in chunked encoding nor with a content-length header, causing browsers to stall until the keep alive timeout was reached. Fix the logic flaw by inverting the chunk prevention flag in the client state and by testing the chunked encoding preconditions every time instead of once upon client (re-)initialization. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-09-24uhttpd: fix wrong header file inclusion for PRI* constant definitionsAndrej Krpic
Signed-off-by: Andrej Krpic <ak77@tnode.com>
2015-09-07file: fix processing POST data for deferred requestsFelix Fietkau
Fixes https://dev.openwrt.org/ticket/20458 Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2015-08-17cgi: Support passing X-HTTP-Method-Override header.Karl Palsson
As uhttpd doesn't currently support PUT/DELETE/PATCH, allow passing the commonly used X-HTTP-Method-Override header to CGI scripts. This is an optional "protocol specific metadata" variable as per rfc 3875 section 4.1.18. Signed-off-by: Karl Palsson <karlp@remake.is>
2015-05-30client: use 307 instead of 302 for HTTPS redirectsJo-Philipp Wich
Use the 307 code to force agents to retain the original request method. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-05-30proc: add HTTPS environment variableJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-05-30add support for enforcing HTTPSJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-05-30file: disable chunked encoding for file responsesJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-05-30allow request handlers to disable chunked reponsesJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-03-28properly handle return codesJohn Crispin
Signed-off-by: John Crispin <blogic@openwrt.org>
2015-03-11fixes for json 0.12John Crispin
Signed-off-by: John Crispin <blogic@openwrt.org>
2015-01-25lua: don't make uhttpd_plugin symbol constantJo-Philipp Wich
uhttpd modifies the list_head member of the uhttpd_plugin struct when loading a plugin, therefore we cannot make it const, otherwise we trigger a security violation if uhttpd is built with RelRO support. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-01-25file: explicitely cast st_mtime to uint64_t when generating ETagJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-01-25ubus: don't make uhttpd_plugin symbol constantJo-Philipp Wich
uhttpd modifies the list_head member of the uhttpd_plugin struct when loading a plugin, therefore we cannot make it const, otherwise we trigger a security violation if uhttpd is built with RelRO support. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-01-18Build with largefile supportJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2014-12-22uhttpd: Fix possible memory leaks when generating directory listingAndrej Krpic
scandir() call requires free() of each returned dirent structure and parent list. Code constructing HTML response of directory listing is missing a call to free in some cases. Signed-off-by: Andrej Krpic <ak77@tnode.com>
2014-10-27mimetypes: add json and jsonp (distinct from js)Karl Palsson
.js files are being transferred as text/javascript, which, although obsolete by RFC 4329 is most backward compatible. .json and .jsonp are both transferred as application/octet-stream however, causing warnings on the console for some browsers, even though it works just fine. Add the mimetypes for .json as per RFC 4627 and .jsonp as per RFC4329 (As jsonp _is_ javascript) Signed-off-by: Karl Palsson <karlp@remake.is>
2014-10-27file: do not emit Content-Length header for 304/412 responsesJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2014-10-27utils: do not emit eof chunk for 204/304 responsesJo-Philipp Wich
According to RFC2616 10.2.5 and 10.3.5, 204 and 304 responses MUST NOT contain any message body, therfore do not emit an EOF chunk for such responses. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2014-10-27client: store http code of last emitted responseJo-Philipp Wich
Certain response types (notably 204 and 304) require a slightly different handling like emitting the response body entirely, therfore record the last code to act on it in the appropriate places. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2014-09-03lua: fix error reporting when Lua handler cannot be compiledJo-Philipp Wich
Reported-by: Sebastian Apel <sebastian.apel@gmx.de> Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2014-09-03main: use proper variable when warning about unsupported featuresJo-Philipp Wich
Reported-by: Sebastian Apel <sebastian.apel@gmx.de> Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2014-09-03file: invoke error handler in 403 case as wellJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2014-06-10ubus: add CORS header supportJo-Philipp Wich
In order to support cross-domain AJAX requests to the /ubus endpoint we need to implement the Cross-Origin Resource Sharing (CORS) spec in the ubus plugin. - Implement a new option "-X" to enable CORS support in ubus - Implement rudimentary support for "OPTIONS" HTTP requests - Implement essential CORS headers the ubus plugin The current CORS response headers merely reflect the request headers sent by the client, this way any requesting origin is automatically allowed. Cross-domain cookies (Access-Control-Allow-Credentials) are unconditionally enabled. Restricting permitted origins and toggle the credential accepting can be made configurable in a future commit to allow more fine grained control over permitted AJAX clients. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2014-06-08cgi: add _GNU_SOURCE define to fix build error on muslFelix Fietkau
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2014-04-08fix handling of / as cgi prefixFelix Fietkau
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2014-03-22main: strdup command line arguments that are modifiedFelix Fietkau
This ensures that the process will show the correct command line in ps Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2014-03-22cgi: compare the physical path instead of the url to detect quirky urlsFelix Fietkau
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2014-03-21relay: do forward data if the http request type was HEADFelix Fietkau
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2013-11-27ubus: remove indentation and whitespace from JSON responses to conserve a ↵Jo-Philipp Wich
bit of bandwidth
2013-11-21uhttpd: fix crashes in the ubus pluginFelix Fietkau
The ubus plugin calls blocking ubus functions that loop back into uloop_run. Protect the client data structure with refcounting to ensure that the outer uloop_run call does not clean up the data that the inner uloop_run call is still processing. Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2013-11-16lua: fix lua 5.2 compatibilityFelix Fietkau
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2013-11-11main: return after processing -d switchJo-Philipp Wich
2013-09-13ubus: use "ubus_rpc_session" instead of "sid" attribute name when querying ↵Jo-Philipp Wich
session.access
2013-09-13ubus: fix session example script to conform to new rpc protocolJo-Philipp Wich
2013-09-13ubus: deny requests with a "ubus_rpc_session" toplevel attribute to prevent ↵Jo-Philipp Wich
injecting different SIDs
2013-08-08ubus: pass current session id as ubus_rpc_session attribute to any called ↵Jo-Philipp Wich
procedure
2013-08-07ubus: move sid into the params array of the json-rpc request to avoid ↵Jo-Philipp Wich
information leakage via the post url
2013-08-07ubus: use per-request blob buffer to fetch list results, fixes global buffer ↵Jo-Philipp Wich
corruption with concurrent requests
2013-07-31client: prevent further read calls after a client has been freedFelix Fietkau
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2013-07-31proc: consume all data after the pipe dies, instead of looping with 100% cpu ↵Felix Fietkau
usage Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2013-07-26detect chrome before safari, chrome includes Safari/ in the UA headerFelix Fietkau
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2013-07-26disable connection_close override if a keep-alive header is foundFelix Fietkau
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2013-07-26disable keep-alive for POST requests to improve compatibilityFelix Fietkau
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2013-06-21ubus: fix handling of empty JSON-RPC batchesFelix Fietkau
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2013-06-08ubus: duplicate request buffer to avoid memory corruption with multiple requestsJo-Philipp Wich
2013-06-08ubus: use half of the script timeout as timeout for acl lookup callJo-Philipp Wich
2013-06-05ubus: implement list method to enumerate objects and signaturesJo-Philipp Wich