summaryrefslogtreecommitdiff
path: root/thirdparty/libwebsockets/lib/roles/http/header.c
diff options
context:
space:
mode:
authorRĂ©mi Verschelde <rverschelde@gmail.com>2019-05-02 08:15:23 +0200
committerGitHub <noreply@github.com>2019-05-02 08:15:23 +0200
commitb7cd9794fe5b38b6a60c9ce64ca9bf1bab1d7813 (patch)
tree3b0f365ad3ea1cebd50985293cd49617153b5ac6 /thirdparty/libwebsockets/lib/roles/http/header.c
parentc2c56ee3975ec9744088d5328462818a5980a5a0 (diff)
parentbe414e4476371567a824099767b6c91a0123d626 (diff)
Merge pull request #28568 from Faless/net/lws_rollback_3.0.1_pr
Roll back libwebsockets to version 3.0.1
Diffstat (limited to 'thirdparty/libwebsockets/lib/roles/http/header.c')
-rw-r--r--thirdparty/libwebsockets/lib/roles/http/header.c529
1 files changed, 0 insertions, 529 deletions
diff --git a/thirdparty/libwebsockets/lib/roles/http/header.c b/thirdparty/libwebsockets/lib/roles/http/header.c
deleted file mode 100644
index 448c5a8b5c..0000000000
--- a/thirdparty/libwebsockets/lib/roles/http/header.c
+++ /dev/null
@@ -1,529 +0,0 @@
-/*
- * libwebsockets - small server side websockets and web server implementation
- *
- * Copyright (C) 2010-2018 Andy Green <andy@warmcat.com>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation:
- * version 2.1 of the License.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
- * MA 02110-1301 USA
- */
-
-#include "core/private.h"
-#include "lextable-strings.h"
-
-
-const unsigned char *
-lws_token_to_string(enum lws_token_indexes token)
-{
- if ((unsigned int)token >= LWS_ARRAY_SIZE(set))
- return NULL;
-
- return (unsigned char *)set[token];
-}
-
-int
-lws_add_http_header_by_name(struct lws *wsi, const unsigned char *name,
- const unsigned char *value, int length,
- unsigned char **p, unsigned char *end)
-{
-#ifdef LWS_WITH_HTTP2
- if (lwsi_role_h2(wsi) || lwsi_role_h2_ENCAPSULATION(wsi))
- return lws_add_http2_header_by_name(wsi, name,
- value, length, p, end);
-#else
- (void)wsi;
-#endif
- if (name) {
- while (*p < end && *name)
- *((*p)++) = *name++;
- if (*p == end)
- return 1;
- *((*p)++) = ' ';
- }
- if (*p + length + 3 >= end)
- return 1;
-
- memcpy(*p, value, length);
- *p += length;
- *((*p)++) = '\x0d';
- *((*p)++) = '\x0a';
-
- return 0;
-}
-
-int lws_finalize_http_header(struct lws *wsi, unsigned char **p,
- unsigned char *end)
-{
-#ifdef LWS_WITH_HTTP2
- if (lwsi_role_h2(wsi) || lwsi_role_h2_ENCAPSULATION(wsi))
- return 0;
-#else
- (void)wsi;
-#endif
- if ((lws_intptr_t)(end - *p) < 3)
- return 1;
- *((*p)++) = '\x0d';
- *((*p)++) = '\x0a';
-
- return 0;
-}
-
-int
-lws_finalize_write_http_header(struct lws *wsi, unsigned char *start,
- unsigned char **pp, unsigned char *end)
-{
- unsigned char *p;
- int len;
-
- if (lws_finalize_http_header(wsi, pp, end))
- return 1;
-
- p = *pp;
- len = lws_ptr_diff(p, start);
-
- if (lws_write(wsi, start, len, LWS_WRITE_HTTP_HEADERS) != len)
- return 1;
-
- return 0;
-}
-
-int
-lws_add_http_header_by_token(struct lws *wsi, enum lws_token_indexes token,
- const unsigned char *value, int length,
- unsigned char **p, unsigned char *end)
-{
- const unsigned char *name;
-#ifdef LWS_WITH_HTTP2
- if (lwsi_role_h2(wsi) || lwsi_role_h2_ENCAPSULATION(wsi))
- return lws_add_http2_header_by_token(wsi, token, value,
- length, p, end);
-#endif
- name = lws_token_to_string(token);
- if (!name)
- return 1;
-
- return lws_add_http_header_by_name(wsi, name, value, length, p, end);
-}
-
-int
-lws_add_http_header_content_length(struct lws *wsi,
- lws_filepos_t content_length,
- unsigned char **p, unsigned char *end)
-{
- char b[24];
- int n;
-
- n = sprintf(b, "%llu", (unsigned long long)content_length);
- if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_CONTENT_LENGTH,
- (unsigned char *)b, n, p, end))
- return 1;
- wsi->http.tx_content_length = content_length;
- wsi->http.tx_content_remain = content_length;
-
- lwsl_info("%s: wsi %p: tx_content_length/remain %llu\n", __func__,
- wsi, (unsigned long long)content_length);
-
- return 0;
-}
-
-int
-lws_add_http_common_headers(struct lws *wsi, unsigned int code,
- const char *content_type, lws_filepos_t content_len,
- unsigned char **p, unsigned char *end)
-{
- const char *ka[] = { "close", "keep-alive" };
- int types[] = { HTTP_CONNECTION_CLOSE, HTTP_CONNECTION_KEEP_ALIVE },
- t = 0;
-
- if (lws_add_http_header_status(wsi, code, p, end))
- return 1;
-
- if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_CONTENT_TYPE,
- (unsigned char *)content_type,
- (int)strlen(content_type), p, end))
- return 1;
-
-#if defined(LWS_WITH_HTTP_STREAM_COMPRESSION)
- if (!wsi->http.lcs &&
- (!strncmp(content_type, "text/", 5) ||
- !strcmp(content_type, "application/javascript") ||
- !strcmp(content_type, "image/svg+xml")))
- lws_http_compression_apply(wsi, NULL, p, end, 0);
-#endif
-
- /*
- * if we decided to compress it, we don't know the content length...
- * the compressed data will go out chunked on h1
- */
- if (
-#if defined(LWS_WITH_HTTP_STREAM_COMPRESSION)
- !wsi->http.lcs &&
-#endif
- content_len != LWS_ILLEGAL_HTTP_CONTENT_LEN) {
- if (lws_add_http_header_content_length(wsi, content_len,
- p, end))
- return 1;
- } else {
- /* there was no length... it normally means CONNECTION_CLOSE */
-#if defined(LWS_WITH_HTTP_STREAM_COMPRESSION)
-
- if (!wsi->http2_substream && wsi->http.lcs) {
- /* so...
- * - h1 connection
- * - http compression transform active
- * - did not send content length
- *
- * then mark as chunked...
- */
- wsi->http.comp_ctx.chunking = 1;
- if (lws_add_http_header_by_token(wsi,
- WSI_TOKEN_HTTP_TRANSFER_ENCODING,
- (unsigned char *)"chunked", 7, p, end))
- return -1;
-
- /* ... but h1 compression is chunked, if active we can
- * still pipeline
- */
- if (wsi->http.lcs &&
- wsi->http.conn_type == HTTP_CONNECTION_KEEP_ALIVE)
- t = 1;
- }
-#endif
- if (!wsi->http2_substream) {
- if (lws_add_http_header_by_token(wsi,
- WSI_TOKEN_CONNECTION,
- (unsigned char *)ka[t],
- (int)strlen(ka[t]), p, end))
- return 1;
-
- wsi->http.conn_type = types[t];
- }
- }
-
- return 0;
-}
-
-static const char * const err400[] = {
- "Bad Request",
- "Unauthorized",
- "Payment Required",
- "Forbidden",
- "Not Found",
- "Method Not Allowed",
- "Not Acceptable",
- "Proxy Auth Required",
- "Request Timeout",
- "Conflict",
- "Gone",
- "Length Required",
- "Precondition Failed",
- "Request Entity Too Large",
- "Request URI too Long",
- "Unsupported Media Type",
- "Requested Range Not Satisfiable",
- "Expectation Failed"
-};
-
-static const char * const err500[] = {
- "Internal Server Error",
- "Not Implemented",
- "Bad Gateway",
- "Service Unavailable",
- "Gateway Timeout",
- "HTTP Version Not Supported"
-};
-
-/* security best practices from Mozilla Observatory */
-
-static const
-struct lws_protocol_vhost_options pvo_hsbph[] = {{
- NULL, NULL, "referrer-policy:", "no-referrer"
-}, {
- &pvo_hsbph[0], NULL, "x-frame-options:", "deny"
-}, {
- &pvo_hsbph[1], NULL, "x-xss-protection:", "1; mode=block"
-}, {
- &pvo_hsbph[2], NULL, "x-content-type-options:", "nosniff"
-}, {
- &pvo_hsbph[3], NULL, "content-security-policy:",
- "default-src 'none'; img-src 'self' data: ; "
- "script-src 'self'; font-src 'self'; "
- "style-src 'self'; connect-src 'self'; "
- "frame-ancestors 'none'; base-uri 'none';"
- "form-action 'self';"
-}};
-
-int
-lws_add_http_header_status(struct lws *wsi, unsigned int _code,
- unsigned char **p, unsigned char *end)
-{
- static const char * const hver[] = {
- "HTTP/1.0", "HTTP/1.1", "HTTP/2"
- };
- const struct lws_protocol_vhost_options *headers;
- unsigned int code = _code & LWSAHH_CODE_MASK;
- const char *description = "", *p1;
- unsigned char code_and_desc[60];
- int n;
-
-#ifdef LWS_WITH_ACCESS_LOG
- wsi->http.access_log.response = code;
-#endif
-
-#ifdef LWS_WITH_HTTP2
- if (lwsi_role_h2(wsi) || lwsi_role_h2_ENCAPSULATION(wsi)) {
- n = lws_add_http2_header_status(wsi, code, p, end);
- if (n)
- return n;
- } else
-#endif
- {
- if (code >= 400 && code < (400 + LWS_ARRAY_SIZE(err400)))
- description = err400[code - 400];
- if (code >= 500 && code < (500 + LWS_ARRAY_SIZE(err500)))
- description = err500[code - 500];
-
- if (code == 100)
- description = "Continue";
- if (code == 200)
- description = "OK";
- if (code == 304)
- description = "Not Modified";
- else
- if (code >= 300 && code < 400)
- description = "Redirect";
-
- if (wsi->http.request_version < LWS_ARRAY_SIZE(hver))
- p1 = hver[wsi->http.request_version];
- else
- p1 = hver[0];
-
- n = sprintf((char *)code_and_desc, "%s %u %s", p1, code,
- description);
-
- if (lws_add_http_header_by_name(wsi, NULL, code_and_desc, n, p,
- end))
- return 1;
- }
-
- headers = wsi->vhost->headers;
- while (headers) {
- if (lws_add_http_header_by_name(wsi,
- (const unsigned char *)headers->name,
- (unsigned char *)headers->value,
- (int)strlen(headers->value), p, end))
- return 1;
-
- headers = headers->next;
- }
-
- if (wsi->vhost->options &
- LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE) {
- headers = &pvo_hsbph[LWS_ARRAY_SIZE(pvo_hsbph) - 1];
- while (headers) {
- if (lws_add_http_header_by_name(wsi,
- (const unsigned char *)headers->name,
- (unsigned char *)headers->value,
- (int)strlen(headers->value), p, end))
- return 1;
-
- headers = headers->next;
- }
- }
-
- if (wsi->context->server_string &&
- !(_code & LWSAHH_FLAG_NO_SERVER_NAME))
- if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_SERVER,
- (unsigned char *)wsi->context->server_string,
- wsi->context->server_string_len, p, end))
- return 1;
-
- if (wsi->vhost->options & LWS_SERVER_OPTION_STS)
- if (lws_add_http_header_by_name(wsi, (unsigned char *)
- "Strict-Transport-Security:",
- (unsigned char *)"max-age=15768000 ; "
- "includeSubDomains", 36, p, end))
- return 1;
-
- if (*p >= (end - 2)) {
- lwsl_err("%s: reached end of buffer\n", __func__);
-
- return 1;
- }
-
- return 0;
-}
-
-LWS_VISIBLE int
-lws_return_http_status(struct lws *wsi, unsigned int code,
- const char *html_body)
-{
- struct lws_context *context = lws_get_context(wsi);
- struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi];
- unsigned char *p = pt->serv_buf + LWS_PRE;
- unsigned char *start = p;
- unsigned char *end = p + context->pt_serv_buf_size - LWS_PRE;
- char *body = (char *)start + context->pt_serv_buf_size - 512;
- int n = 0, m = 0, len;
- char slen[20];
-
- if (!wsi->vhost) {
- lwsl_err("%s: wsi not bound to vhost\n", __func__);
-
- return 1;
- }
-#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2)
- if (!wsi->handling_404 &&
- wsi->vhost->http.error_document_404 &&
- code == HTTP_STATUS_NOT_FOUND)
- /* we should do a redirect, and do the 404 there */
- if (lws_http_redirect(wsi, HTTP_STATUS_FOUND,
- (uint8_t *)wsi->vhost->http.error_document_404,
- (int)strlen(wsi->vhost->http.error_document_404),
- &p, end) > 0)
- return 0;
-#endif
-
- /* if the redirect failed, just do a simple status */
- p = start;
-
- if (!html_body)
- html_body = "";
-
- if (lws_add_http_header_status(wsi, code, &p, end))
- return 1;
-
- if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_CONTENT_TYPE,
- (unsigned char *)"text/html", 9,
- &p, end))
- return 1;
-
- len = lws_snprintf(body, 510, "<html><head>"
- "<meta charset=utf-8 http-equiv=\"Content-Language\" "
- "content=\"en\"/>"
- "<link rel=\"stylesheet\" type=\"text/css\" "
- "href=\"/error.css\"/>"
- "</head><body><h1>%u</h1>%s</body></html>", code, html_body);
-
-
- n = sprintf(slen, "%d", len);
- if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_CONTENT_LENGTH,
- (unsigned char *)slen, n, &p, end))
- return 1;
-
- if (lws_finalize_http_header(wsi, &p, end))
- return 1;
-
-#if defined(LWS_WITH_HTTP2)
- if (wsi->http2_substream) {
-
- /*
- * for HTTP/2, the headers must be sent separately, since they
- * go out in their own frame. That puts us in a bind that
- * we won't always be able to get away with two lws_write()s in
- * sequence, since the first may use up the writability due to
- * the pipe being choked or SSL_WANT_.
- *
- * However we do need to send the human-readable body, and the
- * END_STREAM.
- *
- * Solve it by writing the headers now...
- */
- m = lws_write(wsi, start, lws_ptr_diff(p, start),
- LWS_WRITE_HTTP_HEADERS);
- if (m != lws_ptr_diff(p, start))
- return 1;
-
- /*
- * ... but stash the body and send it as a priority next
- * handle_POLLOUT
- */
- wsi->http.tx_content_length = len;
- wsi->http.tx_content_remain = len;
-
- wsi->h2.pending_status_body = lws_malloc(len + LWS_PRE + 1,
- "pending status body");
- if (!wsi->h2.pending_status_body)
- return -1;
-
- strcpy(wsi->h2.pending_status_body + LWS_PRE, body);
- lws_callback_on_writable(wsi);
-
- return 0;
- } else
-#endif
- {
- /*
- * for http/1, we can just append the body after the finalized
- * headers and send it all in one go.
- */
-
- n = lws_ptr_diff(p, start) + len;
- memcpy(p, body, len);
- m = lws_write(wsi, start, n, LWS_WRITE_HTTP);
- if (m != n)
- return 1;
- }
-
- return m != n;
-}
-
-LWS_VISIBLE int
-lws_http_redirect(struct lws *wsi, int code, const unsigned char *loc, int len,
- unsigned char **p, unsigned char *end)
-{
- unsigned char *start = *p;
-
- if (lws_add_http_header_status(wsi, code, p, end))
- return -1;
-
- if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_LOCATION, loc, len,
- p, end))
- return -1;
- /*
- * if we're going with http/1.1 and keepalive, we have to give fake
- * content metadata so the client knows we completed the transaction and
- * it can do the redirect...
- */
- if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_CONTENT_TYPE,
- (unsigned char *)"text/html", 9, p,
- end))
- return -1;
- if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_CONTENT_LENGTH,
- (unsigned char *)"0", 1, p, end))
- return -1;
-
- if (lws_finalize_http_header(wsi, p, end))
- return -1;
-
- return lws_write(wsi, start, *p - start, LWS_WRITE_HTTP_HEADERS |
- LWS_WRITE_H2_STREAM_END);
-}
-
-#if !defined(LWS_WITH_HTTP_STREAM_COMPRESSION)
-LWS_VISIBLE int
-lws_http_compression_apply(struct lws *wsi, const char *name,
- unsigned char **p, unsigned char *end, char decomp)
-{
- (void)wsi;
- (void)name;
- (void)p;
- (void)end;
- (void)decomp;
-
- return 0;
-}
-#endif
-
-