Jocelyn Fiat
7d738a164d
Added missing comments.
2017-11-30 14:54:46 +01:00
Jocelyn Fiat
1037256ea6
Refactored using an abstraction WSF_PROTECTION.
...
This protection could be implemented with a regular expression,
or using another solution (as manual parsing).
Also, when a protection detects an issue, instead of returning empty string,
it returns Void. If the value is a multiple string value, if an item is detected for an issue,
the returned multiple string value is now Void.
This abstraction will allow to return either Void, or a "corrected" value,
for instance the string value, without the detected "<script..>..</script>" text.
TODO: improve the WSF_PROTECTION_REGEXP to allow replacement strategy.
2017-11-27 15:44:19 +01:00
Jocelyn Fiat
4d79bba04b
Merge branch 'ewf_xss'
2017-11-23 11:50:47 +01:00
jvelilla
5de024923e
Updated xss support.
...
Added a new library wsf_security.
Updated test cases to cover protections policy.
Added a simple filter using an XSS implementation with WSF_XSS_REQUEST, but
it's possible to build custom filters and request using different protection patterns.
2017-11-22 17:22:02 -03:00
jvelilla
8b90241986
Moved XSS protection to WSF_EXTENSION.
...
Updated code to protect meta_variables.
Fixed typos.
Updated ecf's to use 1-16-0.
2017-11-13 15:06:02 -03:00
Jocelyn Fiat
603bedf71d
Reverted change that made WSF_URI_FILTER_HANDLER and WSF_URI_TEMPLATE_FILTER_HANDLER inheriting from WSF_EXECUTE_FILTER_HANDLER as it breaks existing projects using EiffelWeb.
2017-11-13 18:58:29 +01:00
jvelilla
25446cac12
Initial import WSF XSS protection.
...
Added an utility class to get safe query and form parameters.
Added a new WSF_XSS_REQUEST to use safe parameters.
Added a filter WSF_XSS_FILTER using WSF_XSS_REQUEST.
Added test cases
Signed-off-by: jvelilla <javier.hector@gmail.com >
2017-11-10 10:37:32 -03:00
Jocelyn Fiat
830adbe10c
Fixed response handlers compilation.
2017-11-07 23:52:42 +01:00
Jocelyn Fiat
6ca3cca88b
Reverted change that made WSF_URI_HANDLER and WSF_URI_TEMPLATE_HANDLER inheriting from WSF_EXECUTE_HANDLER, as it breaks existing project using EiffelWeb.
2017-11-07 23:05:22 +01:00
Jocelyn Fiat
1c75e11e34
removed unused local variable.
2017-11-03 18:54:46 +01:00
Jocelyn Fiat
211fc425a3
Added handler to add support for CGI scripts.
...
Added a new tool `httpd` which is a basic httpd server product (with file server and CGI handler).
2017-11-03 18:00:39 +01:00
Jocelyn Fiat
95cebe26bb
Added routing condition mapping.
...
Added WSF_EXECUTE_HANDLER as common ancestor for handler with `execute (WSF_REQUEST, WSF_RESPONSE) ..` routine.
Made more flexible a few routine by accepting ITERABLE instead of ARRAY, and READABLE_STRING_GENERAL when possible.
2017-11-03 17:59:10 +01:00
Jocelyn Fiat
39f01e95fd
Use single ecf file.
2017-10-26 10:19:56 +02:00
Jocelyn Fiat
c725159d7e
Merge branch 'master' into with_compression
2017-10-26 10:13:27 +02:00
Jocelyn Fiat
e834b2b360
Added on_timer callback event so that server can check regularly external state.
...
This is a basic solution to implement a way to check for time to time for events to notify websocket clients.
2017-10-24 17:43:06 +02:00
Jocelyn Fiat
db39068ceb
Updated documentation for standalone connector.
...
Changed `default_max_keep_alive_requests` from 100 to 300.
2017-10-19 00:14:23 +02:00
Jocelyn Fiat
74121be470
Support persistent connection, even in single thread mode (i.e concurrency=none).
...
Warning: as there is no concurrent request handling in single threaded mode,
it is recommended to either set the keep_alive_timeout to a small value,
or disable persistent connection by setting max_keep_alive_requests to 0.
Change the default keep_alive_timeout from 15 to 5 seconds.
Accept -1 as value of max_keep_alive_requests to have unlimited number of request in the same persistent connection.
2017-10-18 23:29:16 +02:00
Jocelyn Fiat
2f98d7031f
Updated a few package.iron files.
2017-10-06 14:06:46 +02:00
Jocelyn Fiat
9b97627c76
Update package.iron files.
2017-10-06 10:27:32 +02:00
Jocelyn Fiat
97fe16b4c2
Code cleaning.
2017-09-21 10:26:29 +02:00
Jocelyn Fiat
cdada71f7e
Corrected wsf_compression.ecf which was missing a few libraries.
...
The -safe.ecf was correct.
2017-09-02 21:49:41 +02:00
Jocelyn Fiat
a7d0398ec6
Introduce WSF_COMPRESSION and applied to WSF_*_WITH_COMPRESSION classes.
...
Modified the example to send the file with or without compression.
2017-09-01 18:59:18 +02:00
jvelilla
267655d7bc
Update code, comment style and removed hardcoded value.
2017-08-18 13:55:54 -03:00
jvelilla
e735da1bcb
Merge branch 'ewf_compression' of https://github.com/jocelyn/EWF into ewf_compression_2017
2017-08-18 09:52:03 -03:00
Jocelyn Fiat
c51a0a4788
Merge branch 'v1' into es17.05
...
# Conflicts:
# library/network/http_client/tests/test.ecf
2017-06-20 09:49:51 +02:00
Jocelyn Fiat
d4b9301a57
Reverted to previous TYPE.name to be compilable with version prior to 17.05.
...
(TYPE.name_32 exists since 17.05).
2017-06-02 17:40:53 +02:00
Jocelyn Fiat
7028892374
Removed unwanted committed files.
2017-05-12 14:55:02 +02:00
Jocelyn Fiat
a928f27b1a
Updated or added timestamp to obsolete and fixme messages.
...
Fixed ecf file exclusion for .svn and .git .
Cosmetic changed.
2017-05-12 14:31:35 +02:00
Jocelyn Fiat
fb9af26d32
Updated or added timestamp to obsolete and fixme messages.
...
Fixed ecf file exclusion for .svn and .git .
Cosmetic changed.
2017-05-12 14:11:22 +02:00
Jocelyn Fiat
3d146d9be9
Merge branch 'v1' into es17.01
2017-04-14 12:52:48 +02:00
Jocelyn Fiat
2371ad4bd1
Commented unwanted change.
2017-04-14 12:52:08 +02:00
Jocelyn Fiat
146b78e5b0
Updated code regarding to string 32 vs string 8.
2017-04-14 12:49:34 +02:00
Jocelyn Fiat
94ba19920e
Merge branch 'v1' into es17.01
...
# Conflicts:
# library/text/parser/uri_template/uri_template-safe.ecf
# library/text/parser/uri_template/uri_template.ecf
2017-04-14 12:04:33 +02:00
Jocelyn Fiat
3b8261ff08
Updated code regarding to string 32 vs string 8.
2017-04-14 11:45:38 +02:00
Jocelyn Fiat
a530bbebb4
Merge remote-tracking branch 'javier/ewf_get_rid_obsolete_messages' into pr177
2017-04-13 22:58:12 +02:00
Jocelyn Fiat
a57e041003
Added precondition to WSF_FILTER.set_next (..) to avoid cycle.
2017-04-13 22:55:39 +02:00
jvelilla
5d9752f257
Updated code, get rid of obsolete feature calls in libraries and examples
2017-04-13 16:48:17 -03:00
739c33b317
Merge branch 'master' into es17.01
2017-03-07 14:37:09 +01:00
9c207f4c9b
Added put_content_type_utf_8_text_html to HTTP_HEADER .
...
Improved the directory index access denied message.
2017-03-07 14:36:16 +01:00
d4c79f1893
Fixed xml info of ecf files.
2017-03-07 14:31:36 +01:00
d8745fd61d
Merge branch 'master' into es17.01
2017-03-02 10:01:33 +01:00
5988d9d74b
Updated code related to force_single_threaded setting to mark it obsolete, and for now, have coherent value 1 vs 0 among the standalone code and the httpd library.
2017-03-02 09:59:14 +01:00
a44ca1a76c
Converted all ecf files to ecf version 1-16-0 .
2017-02-14 14:47:07 +01:00
fbdf034b9b
Conflict response can also have a payload to help the client understand the source of the conflict.
2017-02-13 17:36:10 +01:00
d6f3e500b8
Fixed implementation.
2017-02-13 17:35:14 +01:00
a44c4d9a16
Minor changes.
2017-02-12 12:42:25 +01:00
d09d452ad5
Added test cases for PATH_INFO and percent_encoded_path_info for root url cases.
...
Removed obsolete calls from TEST_EXECUTION_I .
2017-01-10 12:37:37 +01:00
56fa773b30
If PATH_INFO is "/", the percent encoded path info is also "/". No need for complex computation.
...
Note this fixes an issue with libfcgi app not hosted as root url such as "/sub/app.fcgi" on (old) IIS server.
2017-01-10 11:59:48 +01:00
ee9746449c
If PATH_INFO is empty, the percent encoded path info is also empty. No need for complex computation.
...
Note this fixes an issue with libfcgi app not hosted as root url such as "/sub/app.fcgi".
2017-01-10 00:16:50 +01:00
e14bb568d2
Extracted compression code from wsf, and provided new wsf_compression library.
...
Renamed features.
2016-12-06 14:18:51 +01:00
