1. 09 Feb, 2022 10 commits
    • Matthew Phillips's avatar
      Further correction for domain matching · 5d84b765
      Matthew Phillips authored
      The old-style cookie support stores the cookie domains with a leading full
      stop (e.g. .riscosopen.org) but if a cookie was created with HTTP_AddCookie
      you could get round this restriction.  A cookie with domain riscosop.org
      created that way would have matched the host domain www.riscosopen.org.
      
      This change fixes that. This code will need to be revisited to implement
      RFC 6265 because of host-only matching and stripping the leading full stops,
      but for the moment this removes a domain-matching bug in the old-style cookie
      support.
      
      Version 1.08. Tagged as 'HTTP-1_08'
      5d84b765
    • Matthew Phillips's avatar
      Allow .foo.bar as valid cookie domain for host foo.bar · db985446
      Matthew Phillips authored
      Domain matching will have to work differently when we move to RFC 6265
      because the leading full-stop would be removed. This commit fixes a fault with
      the old-style cookie support.
      db985446
    • Matthew Phillips's avatar
      Remove support for cookie version attribute · 3ec3c89a
      Matthew Phillips authored
      The Version attribute was deprecated in RFC6265 in April 2011 and is no
      longer widely supported (if it ever was). Removing support simplifies the
      code which will make it easier to maintain and enhance.
      3ec3c89a
    • Matthew Phillips's avatar
      Removed support for cookie comments · 9179c140
      Matthew Phillips authored
      As a step towards RFC6265 compliance, removed support for Comment attribute
      in order to simplify code. There was never much functional code relating to
      comments, which were stored but not made accessible to the client.
      9179c140
    • Matthew Phillips's avatar
      Remove support for cookie port restrictions · a955607b
      Matthew Phillips authored
      In order to work towards RFC 6265 support, it is desirable to simplify the
      code by removing features which were made obsolete in RFC 6265, which was
      published in April 2011.
      a955607b
    • Matthew Phillips's avatar
      Remove support for obsolete Cookie2 and Set-Cookie2 headers · 338133f1
      Matthew Phillips authored
      The Cookie2 header was being added to every request. Removed. (Note that the
      header will be suppressed even if the client manually passes it as an extra
      header in the request.)
      
      Support for the Set-Cookie2 response header has been dropped from mainstream
      browsers for many years. Removed.
      338133f1
    • Matthew Phillips's avatar
      Correct checks on domain and path when selecting cookies to send with request · 5ced238e
      Matthew Phillips authored
      Firstly, despite comments throughout the code about how the cookies were sorted
      in reverse order of the path in order to automagically output them in the
      correct order, the cookies were not being stored in reverse order!  Corrected.
      
      Corrected stripping the file element from end of request path, which managed to
      reduce '/abc/index.html' to '/abc/' but failed to reduce '/index.html' to '/'.
      
      Ensure that matching cookie path as a substring of request path only matches
      if the substring reaches the next '/' delimiter.
      
      Match the reversed domain name at the start of the request domain, rather than
      anywhere in the string.  (More work needed here for RFC 6265 compliance.)
      
      Added a little extra debugging to make it easier to see what's going on.
      5ced238e
    • Matthew Phillips's avatar
      Correct domain-matching of received cookies · 3d916d33
      Matthew Phillips authored
      The check_domain_valid function failed to match the full target domain if the
      domain did not start with a full-stop. The last two characters of the initial
      element of the name were not matched. There was also no check that the match
      took us up to a full-stop in the request's hostname.
      
      There was a similar bug in domain-matching where the domain DID begin with a
      full-stop, as strstr was used for matching without anchoring the match to the
      starts of the respective strings.
      
      Note, this code is still largely conforming with the obsolete RFC2109 and will
      need to be amended for RFC6265 compliance.
      3d916d33
    • Matthew Phillips's avatar
      Correct the handling of paths read from cookie file or HTTP_AddCookie · eb90a335
      Matthew Phillips authored
      Any path read from the cookie file, and any path parameter to HTTP_AddCookie
      was processed as though it was actually a URI path, as is used for the
      default value for the path if no Path attribute appears in the Set-Cookie
      header. The effect was that each time the cookie file was read, the last
      slash of the path and any following material was discarded, meaning the paths
      gradually got shorter until they disappeared altogether.
      eb90a335
    • Matthew Phillips's avatar
      Correct the counting of stored and queued cookies · feca738f
      Matthew Phillips authored
      Tallies of the stored and queued cookies are maintained in total_cookies and unread_cookies. Both have errors in their calculation.
      
      The queued cookie count continued going up even when MAX_COOKIES_IN_QUEUE was reached and older cookies were being discarded. Also errors in the counting and the condition meant that two more cookies were queued than defined in MAX_COOKIES_IN_QUEUE.
      
      The total_cookies count was reduced when a cookie was discarded from the queue via HTTP_ConsumeCookie because destroy_cookie is used for freeing a cookie structure in both situations. The count was also reduced in two situations where new cookies were not added to the store because they were invalid. One case was HTTP_AddCookie if an invalid parameter was given, and the other case was in creating a cookie via an HTTP response.
      
      To solve this the total_cookies decrement operation is moved from destroy_cookie to remove_cookie_from_list.
      feca738f
  2. 24 Jan, 2022 1 commit
    • Matthew Phillips's avatar
      Correction for discarding of the last cookie in the queue · 49f3e140
      Matthew Phillips authored
      After the for loop last->next will have been NULL and the call
      to cookie_unlink_cookie expects the first parameter to be a pointer
      to the variable where the head of the queue is stored, not a
      pointer to the cookie to be discarded.
      
      Version 1.07. Tagged as 'HTTP-1_07'
      49f3e140
  3. 04 Dec, 2021 1 commit
  4. 03 Jul, 2021 1 commit
    • Thomas Milius's avatar
      Add ability to register user defined methods · 78e3e598
      Thomas Milius authored
      Detail:
        Two new SWIs (see Docs/AddMethds) allow a client to register a method which AcornHTTP
        will then handle on its behalf based on some flags. In many cases the method can just
        follow a GET or PUT in operation.
      
      Version 1.05. Tagged as 'HTTP-1_05'
      78e3e598
  5. 22 Apr, 2020 1 commit
    • Matthew Phillips's avatar
      Implement SNI when making secure connections · 9cb08bd8
      Matthew Phillips authored
      Change to enable fetcher to connect to make secure connections to servers
      which require Server Name Identification (SNI). Also ensures that the name
      of the server is verified against the certificate for other secure
      connections.
      
      Version 1.04. Tagged as 'HTTP-1_04'
      9cb08bd8
  6. 06 Apr, 2019 1 commit
    • ROOL's avatar
      Fix for race condition fetching headers · 1c9549ea
      ROOL authored
      Detail:
        There was an assumption that if the recv() in http_read_more_header() returned an error, the subsequent recv() in http_reading_response() would also return the same error. However, if callbacks were allowed to run in between and data arrived from the server, the 2nd recv() can return data.
        In turn, this caused the statemachine to believe it was now reading the body, and forced AcornHTTP to invent a fake header for the client - when neither situation was true.
        Change the logic so that EWOULDBLOCK keeps the state machine in reading mode, other errors (or closed connection) stop as before.
      
        Unrelated - header.c corrects grammar, start.c uses boolean initialiser.
      Admin:
        Submission for TCP/IP bounty.
      
      Version 1.03. Tagged as 'HTTP-1_03'
      1c9549ea
  7. 31 Mar, 2019 1 commit
    • ROOL's avatar
      Build fix · 698b6caf
      ROOL authored
      Detail:
        SWIPREFIX != TARGET for this component, so the exported header was empty.
      
      Version 1.02. Tagged as 'HTTP-1_02'
      698b6caf
  8. 25 Mar, 2019 1 commit
    • ROOL's avatar
      Fix ordering issue on init and text clipping · e91f74f8
      ROOL authored
      Detail:
        When AcornHTTP starts it tries to register itself with URL, which triggers a service call (for HTTP arriving) which in turn triggers AcornSSL to (re)report it is loaded. However, if AcornSSL is loaded *before* HTTP then the service call is missed because HTTP's service call handler isn't yet linked into the service call chain.
        Fix this by looking for a telltale SWI in security_init().
      Admin:
        Reported by Matthew Phillips when trying to load URL/HTTP on a system on which AcornSSL had been loaded beforehand.
        Also clip the text shown by *URLProtoShow to end at the closing bracket of the date (more recent AcornSSL modules add the version of mbedTLS to which they were linked, which spilled over the column end).
      
      Version 1.01. Tagged as 'HTTP-1_01'
      e91f74f8
  9. 25 Sep, 2018 1 commit
    • Robert Sprowson's avatar
      Fix possible NULL pointer dereference, add clarity · 74324bbb
      Robert Sprowson authored
      decompress.c: remove double assignment to ses->compression, let it fall through
      start.c: don't dereference 'ses' until after the check for it being NULL
      Found by cppcheck static analysis.
      
      Version 1.00. Tagged as 'HTTP-1_00'
      74324bbb
  10. 25 Aug, 2018 1 commit
    • ROOL's avatar
      Show live build date rather than hardwired one · 7331271d
      ROOL authored
      Detail:
        When AcornHTTP is registering on behalf of AcornSSL with the URL module, it makes up an info string using the live version number.
        Use the AcornSSL module date too, rather than that of AcornHTTP.
      Admin:
        Submission for TCP/IP bounty.
      
      Version 0.99. Tagged as 'HTTP-0_99'
      7331271d
  11. 19 May, 2018 1 commit
    • ROOL's avatar
      Finish implementation of head/body/both flags · 9ec7d39a
      ROOL authored
      Detail:
        Per Docs/SWIs the flags in R5 (or R2 b8-15) should allow a client to request only the head/body or both, but the implementation was incomplete in places.
        Where http_write_data_to_client() is called, check what the request was and filter appropriately.
      Admin:
        Submission from Chris Mahoney.
      
      Version 0.98. Tagged as 'HTTP-0_98'
      9ec7d39a
  12. 17 May, 2018 1 commit
    • Robert Sprowson's avatar
      Correction to resources path · 8e124197
      Robert Sprowson authored
      Remove hardwired path element, use Module_Title instead.
      Delete (already disabled) TinyStubs support.
      Delete support for old CMHG.
      
      Version 0.97. Tagged as 'HTTP-0_97'
      8e124197
  13. 13 May, 2018 1 commit
    • ROOL's avatar
      Build fix · fd0504d7
      ROOL authored
      Detail:
        Account for TARGET != COMPONENT
      fd0504d7
  14. 12 May, 2018 3 commits
    • ROOL's avatar
      Error and cookie handling improvements · a4d1d98d
      ROOL authored
      Detail:
        Use GETDCI4ERRNO macro to safely extract errno from RISC OS error blocks.
        Fix for NULL pointer dereference when adding the first cookie to the cookie queue.
      Admin:
        Submission for TCP/IP bounty.
      
      Version 0.96. Tagged as 'HTTP-0_96'
      a4d1d98d
    • ROOL's avatar
      Build fix · 920f9213
      ROOL authored
      Detail:
        Use updated AcornSSL.h header location and contents.
      Admin:
        Requires Export-0_10.
      
      Version 0.95. Tagged as 'HTTP-0_95'
      920f9213
    • ROOL's avatar
      Makefile recreated from fragments · 21c94170
      ROOL authored
      Detail:
        Now exports its SWIs to Interface/HTTP.h
        Replaced defunct www.acorn.com address in the test program.
      Admin:
        Submission for TCP/IP bounty.
      
      Version 0.94. Tagged as 'HTTP-0_94'
      21c94170
  15. 05 Jul, 2014 1 commit
  16. 14 Jan, 2012 1 commit
  17. 07 Oct, 2008 1 commit
  18. 13 Sep, 2007 1 commit
    • Steve Revill's avatar
      Minor tidy-up. · 12265658
      Steve Revill authored
      Detail:
        Made cvs version of sources match Batch One release.
      Admin:
        No code change.
      
      Version 0.91. Tagged as 'HTTP-0_91'
      12265658
  19. 26 Jan, 2007 1 commit
    • Steve Revill's avatar
      Minor tweaks to build and install correctly. · 72e0f7de
      Steve Revill authored
      Detail:
        Some changes were required in order for this component to build and install
        correctly. These changes are required for the ROOL 'Browse' build.
      Admin:
        Tested in Iyonix 'Browse' build using ROOL 'BuildEnv' build environment
      
      Version 0.90. Tagged as 'HTTP-0_90'
      72e0f7de
  20. 07 Feb, 2001 1 commit
    • Stewart Brodie's avatar
      Sets the server response code. · 77d2ff05
      Stewart Brodie authored
      Detail:
        The Status SWI should be returning the server response code in R2,
          but is always returning 0 because it never bothers to parse the
          top header in the response.  This is now done.
      Admin:
        Reported by gerph.
        Tested.
      
      Version 0.89. Tagged as 'HTTP-0_89'
      77d2ff05
  21. 01 Nov, 2000 1 commit
    • David Cotton's avatar
      Now works in ROM builds. · 58580627
      David Cotton authored
      Detail:
         The definition of DEBLIBS was causing the build to fail. Commented this
      definition out. Also changed the name of the component for the rom_link phase
      to AcornHTTP so it links.
      
      Admin:
         Tested in an NC build.
      
      Version 0.88. Tagged as 'HTTP-0_88'
      58580627
  22. 31 Oct, 2000 1 commit
    • Stewart Brodie's avatar
      Added ${OPTIONS} to the DFLAGS macro. · eaded0e6
      Stewart Brodie authored
      Detail:
        When passing options to this component, you may specify:
          -UCOOKIE               - removes cookie support
          -UCOMPRESSION          - removes on-the-fly decompression support
      Admin:
        Options added to reduce module size.
      
      Version 0.87. Tagged as 'HTTP-0_87'
      eaded0e6
  23. 20 May, 1999 1 commit
    • Stewart Brodie's avatar
      Adds missing Content-Type header to form postings. · 9164c472
      Stewart Brodie authored
      Detail:
        The NT based CTS plugin fails to put Content-Type headers in
          posted form submissions.  The Microsoft server seems happy
          with this illegal form, but AcornHTTP isn't - and it decides
          that the post attempt is bogus and rejects it.  Instead of
          that, it now adds the application/x-www-form-urlencoded
          as the default content type.
      Admin:
        Tested by proxying the NT plugin via WebServe and verified that
          the content-type is being added.
      
      Version 0.86. Tagged as 'HTTP-0_86'
      9164c472
  24. 15 Feb, 1999 1 commit
    • Stewart Brodie's avatar
      Commit of old modified sources from last September. · 13fe28a9
      Stewart Brodie authored
      Detail:
        Added knowledge of OPTIONS and TRACE to the option decoder.
        Now knows about new SWI names of AcornSSL module.
      Admin:
        Tested briefly.
        Requires AcornSSL-0_08 header export to have occurred.
      
      Version 0.85. Tagged as 'HTTP-0_85'
      13fe28a9
  25. 16 Sep, 1998 1 commit
  26. 24 Aug, 1998 1 commit
    • Stewart Brodie's avatar
      Cookie header parser tweaked to strip redundant characters. · 1f905a0f
      Stewart Brodie authored
        Updated version number control to srccommit.
        AcornSSL version mismatch detection code added for safety.
        No longer enables event generation for HTTP sockets.
      Detail:
        * Cookie parser was getting confused by a trailing ; character on
        the end of set-cookie headers being sent to it by the Electronics
        Weekly web server.  This meant that it was rejecting the key
        cookie being used to control access to the site thus preventing
        people from accessing the site.
        * AcornHTTP now checks that the AcornSSL module is implementing a
        known SWI interface (the AcornSSL SWI interface changed in 0.03)
        * No longer uses ioctl(..FIOASYNC..) to enable event generation as
        the events aren't required and it wastes system resource to have
        them going off.
        * Makefile contains rules for generating .i files suitable for
        feeding to the McCabe toolset.
      Admin:
        Built from clean; tested on Ursula & 3.70; verified access to
        Electronics Weekly (www.electronicsweekly.co.uk) now works.
      
      Version 0.83. Tagged as 'HTTP-0_83'
      1f905a0f
  27. 07 May, 1998 1 commit
  28. 01 May, 1998 1 commit
  29. 27 Apr, 1998 1 commit
    • Stewart Brodie's avatar
      HTTP 0.82 · dae9243c
      Stewart Brodie authored
      * First block of data was being thrown on the floor during
        decompression in some cases.  This is now fixed.
      
      * Debug output now knows about cookie related SWIs and won't claim that
        they are unknown SWIs.
      
      * Transfers which are both Chunked and compressed work correctly now.
      dae9243c