| Age | Commit message (Collapse) | Author |
|---|
|
Previous refactoring of the basic auth handling code broke the logic in
such a way that basic auth was only performed if a client sent an
Authorization header in its request, but it was never prompted for by
the server.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Mimic other web servers like Nginx or Apache and expose the parsed basic
auth information as HTTP_AUTH_USER and HTTP_AUTH_PASS environment variables
to CGI processes.
This also restores login-from-basic-auth functionality in LuCI.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Store the parsed username and password information as HTTP headers in the
clients header blob buffer for later use by proc.c
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
If a HTTP header variable has no corresponding value, then do not set it
to the empty string but to NULL, so that cgi.c will later skip it when
setting up the process environment.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Provides a small speedup when resuming the connection.
Signed-off by: Rosen Penev <rosenp@gmail.com>
|
|
When calculating the matching prefix length, make sure to not take the trailing
slash into account in order to ensure that the resulting PATH_INFO string
always starts with a slash.
This ensures that an url like "/foo" against the matching prefix "/" or
"/foo/bar" against "/foo/" result in "/foo" and "/bar" respectively.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
The special prefix of "/" should match any url by definition but the final
assertion which ensures that the matched prefix ends in '\0' or '/' is causing
matches against the "/" prefix to fail.
Add some extra code to handle this special case to implemented the expected
behaviour.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
The check_cgi_path() function would segfault if we ever support running
uhttpd without any CGI prefix.
Add a check to prevent running uh_patch_match() when the prefix is unset.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
This allows the request handler to add extra headers to the response
even in the redirect case.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
Add a CMake FIND_PATH and INCLUDE_DIRECTORIES searching for libubox/usock.h.
Some external toolchains which do not include standard locations would fail to
find the header otherwise.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
|
|
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
transfer
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
In a json_script file you can specify rules for rewriting the URL or
redirecting the browser either unconditionally, or as a fallback where
it would otherwise print a 404 error
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
the path compare return code was not honoured properly
Signed-off-by: John Crispin <blogic@openwrt.org>
|
|
this allows an alias entry inside the root folder point at a cgi-bin script
-y foo=bar will redirect /foo to /cgi-bin/bar
Signed-off-by: John Crispin <blogic@openwrt.org>
|
|
The two commits
5162e3b0ee7bd1d0fd6e75e1ca7993a1834b5291
"allow request handlers to disable chunked reponses"
and
618493e378e2239f0d30902e47adfa134e649fdc
"file: disable chunked encoding for file responses"
broke the chunked transfer encoding handling for proc responses in keep-alive
connections that followed a file response with http status 204 or 304.
The effect of this bug is that cgi responses following a 204 or 304 one where
sent neither in chunked encoding nor with a content-length header, causing
browsers to stall until the keep alive timeout was reached.
Fix the logic flaw by inverting the chunk prevention flag in the client state
and by testing the chunked encoding preconditions every time instead of
once upon client (re-)initialization.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Andrej Krpic <ak77@tnode.com>
|
|
Fixes https://dev.openwrt.org/ticket/20458
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
As uhttpd doesn't currently support PUT/DELETE/PATCH, allow passing the
commonly used X-HTTP-Method-Override header to CGI scripts.
This is an optional "protocol specific metadata" variable as per rfc
3875 section 4.1.18.
Signed-off-by: Karl Palsson <karlp@remake.is>
|
|
Use the 307 code to force agents to retain the original request method.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: John Crispin <blogic@openwrt.org>
|
|
Signed-off-by: John Crispin <blogic@openwrt.org>
|
|
uhttpd modifies the list_head member of the uhttpd_plugin struct when
loading a plugin, therefore we cannot make it const, otherwise we
trigger a security violation if uhttpd is built with RelRO support.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
uhttpd modifies the list_head member of the uhttpd_plugin struct when
loading a plugin, therefore we cannot make it const, otherwise we
trigger a security violation if uhttpd is built with RelRO support.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
scandir() call requires free() of each returned dirent structure
and parent list. Code constructing HTML response of directory
listing is missing a call to free in some cases.
Signed-off-by: Andrej Krpic <ak77@tnode.com>
|
|
.js files are being transferred as text/javascript, which, although
obsolete by RFC 4329 is most backward compatible.
.json and .jsonp are both transferred as application/octet-stream
however, causing warnings on the console for some browsers, even though
it works just fine.
Add the mimetypes for .json as per RFC 4627 and .jsonp as per RFC4329
(As jsonp _is_ javascript)
Signed-off-by: Karl Palsson <karlp@remake.is>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
According to RFC2616 10.2.5 and 10.3.5, 204 and 304 responses MUST NOT contain any
message body, therfore do not emit an EOF chunk for such responses.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Certain response types (notably 204 and 304) require a slightly different
handling like emitting the response body entirely, therfore record the last
code to act on it in the appropriate places.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Reported-by: Sebastian Apel <sebastian.apel@gmx.de>
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Reported-by: Sebastian Apel <sebastian.apel@gmx.de>
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
In order to support cross-domain AJAX requests to the /ubus endpoint
we need to implement the Cross-Origin Resource Sharing (CORS) spec
in the ubus plugin.
- Implement a new option "-X" to enable CORS support in ubus
- Implement rudimentary support for "OPTIONS" HTTP requests
- Implement essential CORS headers the ubus plugin
The current CORS response headers merely reflect the request headers
sent by the client, this way any requesting origin is automatically
allowed. Cross-domain cookies (Access-Control-Allow-Credentials) are
unconditionally enabled.
Restricting permitted origins and toggle the credential accepting can
be made configurable in a future commit to allow more fine grained
control over permitted AJAX clients.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
This ensures that the process will show the correct command line in ps
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
