delta/curl.git/lib/http.c, branch bagder/test493-https

hsts: enable by default

2021-04-19T06:22:16+00:00

No longer considered experimental.

Closes #6700

send_speed: simplify the checks for if a speed limit is set

2021-03-27T11:38:28+00:00

... as we know the value cannot be set to negative: enforced by
setopt()

http: cap body data amount during send speed limiting

2021-03-27T11:38:15+00:00

By making sure never to send off more than the allowed number of bytes
per second the speed limit logic is given more room to actually work.

Reported-by: Fabian Keil
Bug: https://curl.se/mail/lib-2021-03/0042.html
Closes #6797

urldata: merge "struct DynamicStatic" into "struct UrlState"

2021-03-26T22:19:20+00:00

Both were used for the same purposes and there was no logical separation
between them. Combined, this also saves 16 bytes in less holes in my
test build.

Closes #6798

http: strip default port from URL sent to proxy

2021-03-23T12:33:49+00:00

To make sure the Host: header and the URL provide the same authority
portion when sent to the proxy, strip the default port number from the
URL if one was provided.

Reported-by: Michael Brown
Fixes #6769
Closes #6778

http: make 416 not fail with resume + CURLOPT_FAILONERRROR

2021-03-17T07:26:46+00:00

When asked to resume a download, libcurl will convert that to HTTP logic
and if then the entire file is already transferred it will result in a
416 response from the HTTP server. With CURLOPT_FAILONERRROR set in that
scenario, it should *not* lead to an error return.

Updated test 1156, added test 1273

Reported-by: Jonathan Watt
Fixes #6740
Closes #6753

http: remove superfluous NULL assign

2021-03-11T21:45:23+00:00

Closes #6727

http2: remove conn->data use

2021-02-15T15:33:53+00:00

... but instead use a private alternative that points to the "driving
transfer" from the connection. We set the "user data" associated with
the connection to be the connectdata struct, but when we drive transfers
the code still needs to know the pointer to the transfer. We can change
the user data to become the Curl_easy handle, but with older nghttp2
version we cannot dynamically update that pointer properly when
different transfers are used over the same connection.

Closes #6520

http: use credentials from transfer, not connection

2021-02-13T21:36:15+00:00

HTTP auth "accidentally" worked before this cleanup since the code would
always overwrite the connection credentials with the credentials from
the most recent transfer and since HTTP auth is typically done first
thing, this has not been an issue. It was still wrong and subject to
possible race conditions or future breakage if the sequence of functions
would change.

The data.set.str[] strings MUST remain unmodified exactly as set by the
user, and the credentials to use internally are instead set/updated in
state.aptr.*

Added test 675 to verify different credentials used in two requests done
over a reused HTTP connection, which previously behaved wrongly.

Fixes #6542
Closes #6545

urldata: don't touch data->set.httpversion at run-time

2021-02-12T07:13:37+00:00

Rename it to 'httpwant' and make a cloned field in the state struct as
well for run-time updates.

Also: refuse non-supported HTTP versions. Verified with test 129.

Closes #6585