These changes add a command-line option --header, e.g. --header 'Access-Control-Allow-Origin: *'.
Basic tests are included for this option.
When accepting the argument, a very simple sanitization is made, the string is required to contain ": ", and can’t contain a '\n' character. These checks are far from what is required to truly validate a HTTP header, but will at least detect simple mistakes and forbid the abuse of having arguments that include more than one header, or, worse, that include a body for the response (after "\r\n\r\n").
This should also close the Issue #16 and PR #27, I think, since CORS functionality can be obtained by specifying a custom header.
* Update Solaris / Illumos support
Old versions of Solaris did not have vasprintf, so darkhttpd defined one
gated behind an ifdef. Oracle Solaris 10 has had vasprintf since 2011.
Oracle Solaris 11 has had it since release. illumos (which also reports
as `__sun`) also has it in all current incarnations. As a result, this
ifdef'd block creates compiler errors due to a second definition of the
function. This commit removes the block.
This commit also adds `-lsendfile` to the Makefile for systems that
report as `SunOS` in `uname` (Solaris and Illumos), which is necessary
to link successfully in current day.
* Comment on manually specifying CC in readme
Some systems, including versions of illumos I use, do not have a `cc`
alias to the system C compiler. Arguably this is a flaw in the
distribution, but as a user, it's perhaps helpful to be reminded that
this is an option.
running with both options and the client connects via HTTP, a redirect
will occur instead of the authentication being granted or denied.
The code for handling a HTTPS redirect has been moved out of
process_get() and put into redirect_https() and is_https_redirect().
The latter checks if redirect_https() should be called.
When darkhttpd is running with `--timeout 0` (timeout disabled), and any
connection is idle, it will use 100% of the CPU. This happens because
`select` returns immediately when its timeout is zero, causing the main
`httpd_poll` loop to spin.
Fix this by adding a check to `httpd_poll` making `select` always
receive a `NULL` timeout when `timeout_secs` is zero.
A client making quick consecutive requests with keep-alive, such as `ab`
with `-k`, can cause the connection to become hung.
This happens because of an optimization in `http_poll` function. When a
connection state becomes `DONE`, `httpd_poll` recycles the connection
and immediately calls `poll_recv_request`. However, it doesn't handle
this resulting in the connection state becoming `DONE` again. If this
occurs, the state stays in `DONE`, and the further calls to `httpd_poll`
ignore the connection.
Fix this by calling `poll_recv_request` in a loop until the state is no
longer `DONE`.
* Enable TCP_NODELAY optimization
It looks like `TCP_NODELAY` was disabled due to the bug fixed in the
previous commit. Enabling it substantially improves keep-alive
performance with `ab`:
Before:
```
Time per request: 0.272 [ms] (mean)
```
After:
```
Time per request: 0.033 [ms] (mean)
```
* Remove keep-alive optimization from `httpd_poll`
Benchmarking with `ab` shows that bypassing `select` for keep-alive
connections in the `DONE` state doesn't significantly impact
performance. Since this optimization previously caused a bug, remove it.
Since the feature (and security and limitations) list follows the
"Features:" (etc.) line without any empty lines between them,
some Markdown-to-HTML converters (correctly) assume that
they are one paragraph, which causes the list not to
be converted to an actual HTML list. By putting an empty line
between the actual lists and their preceding lines,
the lists will be correctly converted.
(Both lists and paragraphs are block elements,
and they should be "marked down" accordingly.
See https://daringfireball.net/projects/markdown/syntax#block .)
Commonly found in Apache log. It adds 2 fields upon the Common Log
Format (referer and user-agent).
https://en.wikipedia.org/wiki/Common_Log_Format
It is just a matter of reordering what your were already logging with a
new date formatting.
* We are cheating because we always assume HTTP/1.1 as the request
header.
* We assume the user name is unknown.
André Kugland