- 09 Feb, 2022 10 commits
-
-
Matthew Phillips authored
The old-style cookie support stores the cookie domains with a leading full stop (e.g. .riscosopen.org) but if a cookie was created with HTTP_AddCookie you could get round this restriction. A cookie with domain riscosop.org created that way would have matched the host domain www.riscosopen.org. This change fixes that. This code will need to be revisited to implement RFC 6265 because of host-only matching and stripping the leading full stops, but for the moment this removes a domain-matching bug in the old-style cookie support. Version 1.08. Tagged as 'HTTP-1_08'
-
Matthew Phillips authored
Domain matching will have to work differently when we move to RFC 6265 because the leading full-stop would be removed. This commit fixes a fault with the old-style cookie support.
-
Matthew Phillips authored
The Version attribute was deprecated in RFC6265 in April 2011 and is no longer widely supported (if it ever was). Removing support simplifies the code which will make it easier to maintain and enhance.
-
Matthew Phillips authored
As a step towards RFC6265 compliance, removed support for Comment attribute in order to simplify code. There was never much functional code relating to comments, which were stored but not made accessible to the client.
-
Matthew Phillips authored
In order to work towards RFC 6265 support, it is desirable to simplify the code by removing features which were made obsolete in RFC 6265, which was published in April 2011.
-
Matthew Phillips authored
The Cookie2 header was being added to every request. Removed. (Note that the header will be suppressed even if the client manually passes it as an extra header in the request.) Support for the Set-Cookie2 response header has been dropped from mainstream browsers for many years. Removed.
-
Matthew Phillips authored
Firstly, despite comments throughout the code about how the cookies were sorted in reverse order of the path in order to automagically output them in the correct order, the cookies were not being stored in reverse order! Corrected. Corrected stripping the file element from end of request path, which managed to reduce '/abc/index.html' to '/abc/' but failed to reduce '/index.html' to '/'. Ensure that matching cookie path as a substring of request path only matches if the substring reaches the next '/' delimiter. Match the reversed domain name at the start of the request domain, rather than anywhere in the string. (More work needed here for RFC 6265 compliance.) Added a little extra debugging to make it easier to see what's going on.
-
Matthew Phillips authored
The check_domain_valid function failed to match the full target domain if the domain did not start with a full-stop. The last two characters of the initial element of the name were not matched. There was also no check that the match took us up to a full-stop in the request's hostname. There was a similar bug in domain-matching where the domain DID begin with a full-stop, as strstr was used for matching without anchoring the match to the starts of the respective strings. Note, this code is still largely conforming with the obsolete RFC2109 and will need to be amended for RFC6265 compliance.
-
Matthew Phillips authored
Any path read from the cookie file, and any path parameter to HTTP_AddCookie was processed as though it was actually a URI path, as is used for the default value for the path if no Path attribute appears in the Set-Cookie header. The effect was that each time the cookie file was read, the last slash of the path and any following material was discarded, meaning the paths gradually got shorter until they disappeared altogether.
-
Matthew Phillips authored
Tallies of the stored and queued cookies are maintained in total_cookies and unread_cookies. Both have errors in their calculation. The queued cookie count continued going up even when MAX_COOKIES_IN_QUEUE was reached and older cookies were being discarded. Also errors in the counting and the condition meant that two more cookies were queued than defined in MAX_COOKIES_IN_QUEUE. The total_cookies count was reduced when a cookie was discarded from the queue via HTTP_ConsumeCookie because destroy_cookie is used for freeing a cookie structure in both situations. The count was also reduced in two situations where new cookies were not added to the store because they were invalid. One case was HTTP_AddCookie if an invalid parameter was given, and the other case was in creating a cookie via an HTTP response. To solve this the total_cookies decrement operation is moved from destroy_cookie to remove_cookie_from_list.
-
- 24 Jan, 2022 1 commit
-
-
Matthew Phillips authored
After the for loop last->next will have been NULL and the call to cookie_unlink_cookie expects the first parameter to be a pointer to the variable where the head of the queue is stored, not a pointer to the cookie to be discarded. Version 1.07. Tagged as 'HTTP-1_07'
-
- 04 Dec, 2021 1 commit
-
-
Matthew Phillips authored
Remove test for first character of chunk length being '0' as that means the fetch fails if the chunk length is non-zero with a leading zero. Version 1.06. Tagged as 'HTTP-1_06'
-
- 03 Jul, 2021 1 commit
-
-
Thomas Milius authored
Detail: Two new SWIs (see Docs/AddMethds) allow a client to register a method which AcornHTTP will then handle on its behalf based on some flags. In many cases the method can just follow a GET or PUT in operation. Version 1.05. Tagged as 'HTTP-1_05'
-
- 22 Apr, 2020 1 commit
-
-
Matthew Phillips authored
Change to enable fetcher to connect to make secure connections to servers which require Server Name Identification (SNI). Also ensures that the name of the server is verified against the certificate for other secure connections. Version 1.04. Tagged as 'HTTP-1_04'
-
- 06 Apr, 2019 1 commit
-
-
ROOL authored
Detail: There was an assumption that if the recv() in http_read_more_header() returned an error, the subsequent recv() in http_reading_response() would also return the same error. However, if callbacks were allowed to run in between and data arrived from the server, the 2nd recv() can return data. In turn, this caused the statemachine to believe it was now reading the body, and forced AcornHTTP to invent a fake header for the client - when neither situation was true. Change the logic so that EWOULDBLOCK keeps the state machine in reading mode, other errors (or closed connection) stop as before. Unrelated - header.c corrects grammar, start.c uses boolean initialiser. Admin: Submission for TCP/IP bounty. Version 1.03. Tagged as 'HTTP-1_03'
-
- 31 Mar, 2019 1 commit
-
-
ROOL authored
Detail: SWIPREFIX != TARGET for this component, so the exported header was empty. Version 1.02. Tagged as 'HTTP-1_02'
-
- 25 Mar, 2019 1 commit
-
-
ROOL authored
Detail: When AcornHTTP starts it tries to register itself with URL, which triggers a service call (for HTTP arriving) which in turn triggers AcornSSL to (re)report it is loaded. However, if AcornSSL is loaded *before* HTTP then the service call is missed because HTTP's service call handler isn't yet linked into the service call chain. Fix this by looking for a telltale SWI in security_init(). Admin: Reported by Matthew Phillips when trying to load URL/HTTP on a system on which AcornSSL had been loaded beforehand. Also clip the text shown by *URLProtoShow to end at the closing bracket of the date (more recent AcornSSL modules add the version of mbedTLS to which they were linked, which spilled over the column end). Version 1.01. Tagged as 'HTTP-1_01'
-
- 25 Sep, 2018 1 commit
-
-
Robert Sprowson authored
decompress.c: remove double assignment to ses->compression, let it fall through start.c: don't dereference 'ses' until after the check for it being NULL Found by cppcheck static analysis. Version 1.00. Tagged as 'HTTP-1_00'
-
- 25 Aug, 2018 1 commit
-
-
ROOL authored
Detail: When AcornHTTP is registering on behalf of AcornSSL with the URL module, it makes up an info string using the live version number. Use the AcornSSL module date too, rather than that of AcornHTTP. Admin: Submission for TCP/IP bounty. Version 0.99. Tagged as 'HTTP-0_99'
-
- 19 May, 2018 1 commit
-
-
ROOL authored
Detail: Per Docs/SWIs the flags in R5 (or R2 b8-15) should allow a client to request only the head/body or both, but the implementation was incomplete in places. Where http_write_data_to_client() is called, check what the request was and filter appropriately. Admin: Submission from Chris Mahoney. Version 0.98. Tagged as 'HTTP-0_98'
-
- 17 May, 2018 1 commit
-
-
Robert Sprowson authored
Remove hardwired path element, use Module_Title instead. Delete (already disabled) TinyStubs support. Delete support for old CMHG. Version 0.97. Tagged as 'HTTP-0_97'
-
- 13 May, 2018 1 commit
-
-
ROOL authored
Detail: Account for TARGET != COMPONENT
-
- 12 May, 2018 3 commits
-
-
ROOL authored
Detail: Use GETDCI4ERRNO macro to safely extract errno from RISC OS error blocks. Fix for NULL pointer dereference when adding the first cookie to the cookie queue. Admin: Submission for TCP/IP bounty. Version 0.96. Tagged as 'HTTP-0_96'
-
ROOL authored
Detail: Use updated AcornSSL.h header location and contents. Admin: Requires Export-0_10. Version 0.95. Tagged as 'HTTP-0_95'
-
ROOL authored
Detail: Now exports its SWIs to Interface/HTTP.h Replaced defunct www.acorn.com address in the test program. Admin: Submission for TCP/IP bounty. Version 0.94. Tagged as 'HTTP-0_94'
-
- 05 Jul, 2014 1 commit
-
-
Robert Sprowson authored
No code change, retagged.
-
- 14 Jan, 2012 1 commit
-
-
Steve Revill authored
Version 0.93. Tagged as 'HTTP-0_93'
-
- 07 Oct, 2008 1 commit
-
-
Steve Revill authored
Detail: Use the XWIPE macro rather than WIPE so that when the component is cleaned, we don't get loads of irritating errors from AMU if the object to be wiped doesn't exist. Admin: No code change. Version 0.92. Tagged as 'HTTP-0_92'
-
- 13 Sep, 2007 1 commit
-
-
Steve Revill authored
Detail: Made cvs version of sources match Batch One release. Admin: No code change. Version 0.91. Tagged as 'HTTP-0_91'
-
- 26 Jan, 2007 1 commit
-
-
Steve Revill authored
Detail: Some changes were required in order for this component to build and install correctly. These changes are required for the ROOL 'Browse' build. Admin: Tested in Iyonix 'Browse' build using ROOL 'BuildEnv' build environment Version 0.90. Tagged as 'HTTP-0_90'
-
- 07 Feb, 2001 1 commit
-
-
Stewart Brodie authored
Detail: The Status SWI should be returning the server response code in R2, but is always returning 0 because it never bothers to parse the top header in the response. This is now done. Admin: Reported by gerph. Tested. Version 0.89. Tagged as 'HTTP-0_89'
-
- 01 Nov, 2000 1 commit
-
-
David Cotton authored
Detail: The definition of DEBLIBS was causing the build to fail. Commented this definition out. Also changed the name of the component for the rom_link phase to AcornHTTP so it links. Admin: Tested in an NC build. Version 0.88. Tagged as 'HTTP-0_88'
-
- 31 Oct, 2000 1 commit
-
-
Stewart Brodie authored
Detail: When passing options to this component, you may specify: -UCOOKIE - removes cookie support -UCOMPRESSION - removes on-the-fly decompression support Admin: Options added to reduce module size. Version 0.87. Tagged as 'HTTP-0_87'
-
- 20 May, 1999 1 commit
-
-
Stewart Brodie authored
Detail: The NT based CTS plugin fails to put Content-Type headers in posted form submissions. The Microsoft server seems happy with this illegal form, but AcornHTTP isn't - and it decides that the post attempt is bogus and rejects it. Instead of that, it now adds the application/x-www-form-urlencoded as the default content type. Admin: Tested by proxying the NT plugin via WebServe and verified that the content-type is being added. Version 0.86. Tagged as 'HTTP-0_86'
-
- 15 Feb, 1999 1 commit
-
-
Stewart Brodie authored
Detail: Added knowledge of OPTIONS and TRACE to the option decoder. Now knows about new SWI names of AcornSSL module. Admin: Tested briefly. Requires AcornSSL-0_08 header export to have occurred. Version 0.85. Tagged as 'HTTP-0_85'
-
- 16 Sep, 1998 1 commit
-
-
Stewart Brodie authored
Detail: Can't use __ctype with TinyStubs. Admin: Built from clean; verified RAM build works. Version 0.84. Tagged as 'HTTP-0_84'
-
- 24 Aug, 1998 1 commit
-
-
Stewart Brodie authored
Updated version number control to srccommit. AcornSSL version mismatch detection code added for safety. No longer enables event generation for HTTP sockets. Detail: * Cookie parser was getting confused by a trailing ; character on the end of set-cookie headers being sent to it by the Electronics Weekly web server. This meant that it was rejecting the key cookie being used to control access to the site thus preventing people from accessing the site. * AcornHTTP now checks that the AcornSSL module is implementing a known SWI interface (the AcornSSL SWI interface changed in 0.03) * No longer uses ioctl(..FIOASYNC..) to enable event generation as the events aren't required and it wastes system resource to have them going off. * Makefile contains rules for generating .i files suitable for feeding to the McCabe toolset. Admin: Built from clean; tested on Ursula & 3.70; verified access to Electronics Weekly (www.electronicsweekly.co.uk) now works. Version 0.83. Tagged as 'HTTP-0_83'
-
- 07 May, 1998 1 commit
-
-
Stewart Brodie authored
-
- 01 May, 1998 1 commit
-
-
Stewart Brodie authored
-
- 27 Apr, 1998 1 commit
-
-
Stewart Brodie authored
* First block of data was being thrown on the floor during decompression in some cases. This is now fixed. * Debug output now knows about cookie related SWIs and won't claim that they are unknown SWIs. * Transfers which are both Chunked and compressed work correctly now.
-