4f8341e04e
Updated JWT library with class descriptions and better features names.
...
JWT library fixed to use agorithms names in upper case.
Updated README.
2018-11-16 19:28:46 +01:00
7f36e539f1
Accepts string general in html_encoded_string.
2018-11-16 19:28:05 +01:00
8241c0209a
Updated JWT README content.
2018-10-29 15:17:31 +01:00
45179b58a3
Fixed custom error creation, do not create default message, otherwise the info will be duplicated in error output.
2018-10-29 15:14:28 +01:00
a8a3ca5b97
typo.
2018-10-29 13:15:32 +01:00
7c6fe5a04a
Added HTTP_COOKIE.set_expiration_from_max_age, to add the "Expiration:" based on the max-age value.
2018-10-29 13:15:14 +01:00
c8e2009638
Use double quotes only when needed for put_content_type_with_parameters.
2018-10-29 13:11:19 +01:00
627ec7aefc
removed unneeded inheritance.
2018-10-29 13:04:46 +01:00
e7087bcbc1
Added missing WSF_TIMEOUT_UTILITIES file.
2018-10-29 12:19:36 +01:00
ed3ad962d1
Updated a few classes from http_client to use nanoseconds as timeout precision.
...
Fixed typo in comments.
2018-10-29 12:15:20 +01:00
d3e865cf6c
Fixed setting of socket.timeout in httpd (was not currently set before).
...
Adopted the nanoseconds timeout precision
- in config file added support for ns, us, ms, s timeout precision (without indication, it uses `seconds` precision).
2018-10-29 11:27:26 +01:00
9fcd30b4e1
removed useless JWT_ENCODER
2018-10-17 14:25:56 +02:00
0baa05cf63
JWT: updated to make JWT algorithm support more flexible, and simple to extend with specific algorithm.
2018-10-17 11:00:20 +02:00
a97eb4b062
Added missing dependencies.
2018-05-30 19:27:04 +02:00
bd5aba3db6
Updated Windows DOS script to build the libfcgi binary lib files.
2018-05-30 17:30:05 +02:00
d43c4edb7d
Updated the default rescue response (i.e when exception or bad internal error occurs).
...
Factorized the implementation in WGI_RESCUE_EXECUTION, and now by redefining the `WGI_EXECUTION.execute_rescue (...)` procedure, it is possible to have a custom response on such rescued execution.
2018-05-30 17:28:24 +02:00
9cdd676417
Fixed HTTP_HEADER.put_raw_header (..) by ignoring any empty line of the argument value.
...
(note: "%R" is considered as empty line here.)
2018-05-30 17:25:04 +02:00
cb273c3176
Updated to compile with upcoming EiffelStudio 18.05 (with and without ssl).
2018-05-28 17:21:11 +02:00
7ed1e815b0
Updated to compile with upcoming EiffelStudio 18.05 .
2018-05-28 16:11:24 +02:00
8e8c3602c6
Allow (websocket) upgrade even without persistent connection for normal http request.
...
(note: this allows to use websocket in single-threaded mode, and avoid the keep-alive-timeout delay before websocket begins its execution)
2018-02-13 18:39:47 +01:00
Jocelyn Fiat
ffd7dd8540
Improved WSF download response implementation.
...
- Do not set Transfer-Encoding to binary for download response.
- Use WSF_RESPONSE.put_file_content (...)
2018-02-05 21:02:23 +01:00
Jocelyn Fiat
947c94644e
Apply win32 workaround only on Windows 32bits.
2018-02-02 22:43:50 +01:00
Jocelyn Fiat
6a779797a5
Removed a few obsolete calls.
...
Updated tests/all.ecf to include a few missing libraries.
2018-02-02 22:40:18 +01:00
Jocelyn Fiat
74001fe674
Properly JSON encode null character as \u0000 .
2018-01-29 22:13:03 +01:00
Jocelyn Fiat
e9292b3eac
Reverted last change as error_message on curl is not available for 17.05.
2017-12-01 12:05:01 +01:00
Jocelyn Fiat
30625d460f
Added curl error message to the response error message (in addition to just the curl error code).
2017-11-30 20:08:58 +01:00
Jocelyn Fiat
7d738a164d
Added missing comments.
2017-11-30 14:54:46 +01:00
Jocelyn Fiat
1037256ea6
Refactored using an abstraction WSF_PROTECTION.
...
This protection could be implemented with a regular expression,
or using another solution (as manual parsing).
Also, when a protection detects an issue, instead of returning empty string,
it returns Void. If the value is a multiple string value, if an item is detected for an issue,
the returned multiple string value is now Void.
This abstraction will allow to return either Void, or a "corrected" value,
for instance the string value, without the detected "<script..>..</script>" text.
TODO: improve the WSF_PROTECTION_REGEXP to allow replacement strategy.
2017-11-27 15:44:19 +01:00
Jocelyn Fiat
4d79bba04b
Merge branch 'ewf_xss'
2017-11-23 11:50:47 +01:00
jvelilla
5de024923e
Updated xss support.
...
Added a new library wsf_security.
Updated test cases to cover protections policy.
Added a simple filter using an XSS implementation with WSF_XSS_REQUEST, but
it's possible to build custom filters and request using different protection patterns.
2017-11-22 17:22:02 -03:00
jvelilla
8b90241986
Moved XSS protection to WSF_EXTENSION.
...
Updated code to protect meta_variables.
Fixed typos.
Updated ecf's to use 1-16-0.
2017-11-13 15:06:02 -03:00
Jocelyn Fiat
603bedf71d
Reverted change that made WSF_URI_FILTER_HANDLER and WSF_URI_TEMPLATE_FILTER_HANDLER inheriting from WSF_EXECUTE_FILTER_HANDLER as it breaks existing projects using EiffelWeb.
2017-11-13 18:58:29 +01:00
Jocelyn Fiat
e83f5654d8
Updated NOTIFICATION_SMTP_MAILER to follow the EiffelNet EMAIL design.
2017-11-13 12:29:16 +01:00
jvelilla
25446cac12
Initial import WSF XSS protection.
...
Added an utility class to get safe query and form parameters.
Added a new WSF_XSS_REQUEST to use safe parameters.
Added a filter WSF_XSS_FILTER using WSF_XSS_REQUEST.
Added test cases
Signed-off-by: jvelilla <javier.hector@gmail.com >
2017-11-10 10:37:32 -03:00
Jocelyn Fiat
830adbe10c
Fixed response handlers compilation.
2017-11-07 23:52:42 +01:00
Jocelyn Fiat
6ca3cca88b
Reverted change that made WSF_URI_HANDLER and WSF_URI_TEMPLATE_HANDLER inheriting from WSF_EXECUTE_HANDLER, as it breaks existing project using EiffelWeb.
2017-11-07 23:05:22 +01:00
Jocelyn Fiat
f91a676f41
fixed obsolete v0 wsf_extension ecf file.
2017-11-04 22:44:27 +01:00
Jocelyn Fiat
1c75e11e34
removed unused local variable.
2017-11-03 18:54:46 +01:00
Jocelyn Fiat
211fc425a3
Added handler to add support for CGI scripts.
...
Added a new tool `httpd` which is a basic httpd server product (with file server and CGI handler).
2017-11-03 18:00:39 +01:00
Jocelyn Fiat
95cebe26bb
Added routing condition mapping.
...
Added WSF_EXECUTE_HANDLER as common ancestor for handler with `execute (WSF_REQUEST, WSF_RESPONSE) ..` routine.
Made more flexible a few routine by accepting ITERABLE instead of ARRAY, and READABLE_STRING_GENERAL when possible.
2017-11-03 17:59:10 +01:00
Jocelyn Fiat
f770c236d5
Improved support for absolute url passed tp HTTP_REQUEST_SESSION .
2017-10-27 19:24:52 +02:00
Jocelyn Fiat
39f01e95fd
Use single ecf file.
2017-10-26 10:19:56 +02:00
Jocelyn Fiat
c725159d7e
Merge branch 'master' into with_compression
2017-10-26 10:13:27 +02:00
Jocelyn Fiat
e834b2b360
Added on_timer callback event so that server can check regularly external state.
...
This is a basic solution to implement a way to check for time to time for events to notify websocket clients.
2017-10-24 17:43:06 +02:00
Jocelyn Fiat
db39068ceb
Updated documentation for standalone connector.
...
Changed `default_max_keep_alive_requests` from 100 to 300.
2017-10-19 00:14:23 +02:00
Jocelyn Fiat
74121be470
Support persistent connection, even in single thread mode (i.e concurrency=none).
...
Warning: as there is no concurrent request handling in single threaded mode,
it is recommended to either set the keep_alive_timeout to a small value,
or disable persistent connection by setting max_keep_alive_requests to 0.
Change the default keep_alive_timeout from 15 to 5 seconds.
Accept -1 as value of max_keep_alive_requests to have unlimited number of request in the same persistent connection.
2017-10-18 23:29:16 +02:00
Jocelyn Fiat
edec837c4e
Made interface of wsf forms and widgets a bit more flexible by accepting READABLE_STRING_GENERAL.
2017-10-17 14:34:50 +02:00
Jocelyn Fiat
f1642a444a
Improved support of absolute/relative https:// and http:// in http_client.
2017-10-17 14:30:44 +02:00
Jocelyn Fiat
48af63af83
Fixed typo to process relative or absolute url.
2017-10-09 14:23:45 +02:00
Jocelyn Fiat
2f98d7031f
Updated a few package.iron files.
2017-10-06 14:06:46 +02:00
