delta/curl.git/lib/http.c, branch bagder/timerfunction-not-recursive github.com: bagder/curl.git http: make adding a blank header thread-safe 2019-02-19T09:18:47+00:00 Daniel Stenberg daniel@haxx.se 2019-02-18T07:14:52+00:00 942eb09e8a97b58b6ba8df280400322d201bcbd4 Previously the function would edit the provided header in-place when a semicolon is used to signify an empty header. This made it impossible to use the same set of custom headers in multiple threads simultaneously. This approach now makes a local copy when it needs to edit the string. Reported-by: d912e3 on github Fixes #3578 Closes #3579 
Previously the function would edit the provided header in-place when a
semicolon is used to signify an empty header. This made it impossible to
use the same set of custom headers in multiple threads simultaneously.

This approach now makes a local copy when it needs to edit the string.

Reported-by: d912e3 on github
Fixes #3578
Closes #3579
cleanup: make local functions static 2019-02-10T17:38:57+00:00 Daniel Stenberg daniel@haxx.se 2019-02-08T08:33:42+00:00 05b100aee247bb9bec8e9a1b0166496aa4248d1c urlapi: turn three local-only functions into statics conncache: make conncache_find_first_connection static multi: make detach_connnection static connect: make getaddressinfo static curl_ntlm_core: make hmac_md5 static http2: make two functions static http: make http_setup_conn static connect: make tcpnodelay static tests: make UNITTEST a thing to mark functions with, so they can be static for normal builds and non-static for unit test builds ... and mark Curl_shuffle_addr accordingly. url: make up_free static setopt: make vsetopt static curl_endian: make write32_le static rtsp: make rtsp_connisdead static warnless: remove unused functions memdebug: remove one unused function, made another static 
urlapi: turn three local-only functions into statics

conncache: make conncache_find_first_connection static

multi: make detach_connnection static

connect: make getaddressinfo static

curl_ntlm_core: make hmac_md5 static

http2: make two functions static

http: make http_setup_conn static

connect: make tcpnodelay static

tests: make UNITTEST a thing to mark functions with, so they can be static for
normal builds and non-static for unit test builds

... and mark Curl_shuffle_addr accordingly.

url: make up_free static

setopt: make vsetopt static

curl_endian: make write32_le static

rtsp: make rtsp_connisdead static

warnless: remove unused functions

memdebug: remove one unused function, made another static
cookies: skip custom cookies when redirecting cross-site 2019-01-09T14:18:08+00:00 Katsuhiko YOSHIDA claddvd@gmail.com 2018-12-30T00:44:30+00:00 1f30dc886d1a4a6e81599a9f5f5e9f60d97801d4 Closes #3417 
Closes #3417
Revert "http_negotiate: do not close connection until negotiation is completed" 2019-01-07T08:36:36+00:00 Daniel Stenberg daniel@haxx.se 2019-01-04T22:34:50+00:00 ebe658c1e5a6577178981a7f406794699305be5c This reverts commit 07ebaf837843124ee670e5b8c218b80b92e06e47. This also reopens PR #3275 which brought the change now reverted. Fixes #3384 Closes #3439 
This reverts commit 07ebaf837843124ee670e5b8c218b80b92e06e47.

This also reopens PR #3275 which brought the change now reverted.

Fixes #3384
Closes #3439
http: added options for allowing HTTP/0.9 responses 2018-12-21T09:49:30+00:00 Daniel Stenberg daniel@haxx.se 2018-12-17T14:46:56+00:00 006ff62d8c51f664c167c6337f009f9f65dd8ea7 Added CURLOPT_HTTP09_ALLOWED and --http0.9 for this purpose. For now, both the tool and library allow HTTP/0.9 by default. docs/DEPRECATE.md lays out the plan for when to reverse that default: 6 months after the 7.64.0 release. The options are added already now so that applications/scripts can start using them already now. Fixes #2873 Closes #3383 
Added CURLOPT_HTTP09_ALLOWED and --http0.9 for this purpose.

For now, both the tool and library allow HTTP/0.9 by default.
docs/DEPRECATE.md lays out the plan for when to reverse that default: 6
months after the 7.64.0 release. The options are added already now so
that applications/scripts can start using them already now.

Fixes #2873
Closes #3383
http: Implement trailing headers for chunked transfers 2018-12-14T09:10:48+00:00 Ayoub Boudhar a.boudhar@outlook.com 2018-12-06T09:18:03+00:00 f464535bfdd9a83140d8a13c3fe3d937239d1c2a This adds the CURLOPT_TRAILERDATA and CURLOPT_TRAILERFUNCTION options that allow a callback based approach to sending trailing headers with chunked transfers. The test server (sws) was updated to take into account the detection of the end of transfer in the case of trailing headers presence. Test 1591 checks that trailing headers can be sent using libcurl. Closes #3350 
This adds the CURLOPT_TRAILERDATA and CURLOPT_TRAILERFUNCTION
options that allow a callback based approach to sending trailing headers
with chunked transfers.

The test server (sws) was updated to take into account the detection of the
end of transfer in the case of trailing headers presence.

Test 1591 checks that trailing headers can be sent using libcurl.

Closes #3350
cookies: leave secure cookies alone 2018-12-13T08:57:58+00:00 Daniel Gustafsson daniel@yesql.se 2018-12-13T08:57:58+00:00 7a09b52c98ac8d840a8a9907b1a1d9a9e684bcf5 Only allow secure origins to be able to write cookies with the 'secure' flag set. This reduces the risk of non-secure origins to influence the state of secure origins. This implements IETF Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates RFC6265. Closes #2956 Reviewed-by: Daniel Stenberg <daniel@haxx.se> 
Only allow secure origins to be able to write cookies with the
'secure' flag set. This reduces the risk of non-secure origins
to influence the state of secure origins. This implements IETF
Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates
RFC6265.

Closes #2956
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
http: fix HTTP auth to include query in URI 2018-12-11T12:28:20+00:00 Jay Satiro raysatiro@yahoo.com 2018-12-10T00:34:47+00:00 552f0205e6901889a965fe679f4afeeeed7f4955 - Include query in the path passed to generate HTTP auth. Recent changes to use the URL API internally (46e1640, 7.62.0) inadvertently broke authentication URIs by omitting the query. Fixes https://github.com/curl/curl/issues/3353 Closes #3356 
- Include query in the path passed to generate HTTP auth.

Recent changes to use the URL API internally (46e1640, 7.62.0)
inadvertently broke authentication URIs by omitting the query.

Fixes https://github.com/curl/curl/issues/3353
Closes #3356
http: don't set CURLINFO_CONDITION_UNMET for http status code 204 2018-12-11T12:22:42+00:00 Michael Kaufmann mail@michael-kaufmann.ch 2018-12-10T16:30:31+00:00 c8bf8cc1e4e8f6e8c29b104a2bcc47c626e18081 The http status code 204 (No Content) should not change the "condition unmet" flag. Only the http status code 304 (Not Modified) should do this. Closes #359 
The http status code 204 (No Content) should not change the "condition
unmet" flag. Only the http status code 304 (Not Modified) should do
this.

Closes #359
NTLM: force the connection to HTTP/1.1 2018-12-07T12:03:21+00:00 Johannes Schindelin johannes.schindelin@gmx.de 2018-12-06T16:26:13+00:00 cbea2fd2c74feabeb6f13b3e3df243b225b3b3ab Since v7.62.0, cURL tries to use HTTP/2 whenever the server announces the capability. However, NTLM authentication only works with HTTP/1.1, and will likely remain in that boat (for details, see https://docs.microsoft.com/en-us/iis/get-started/whats-new-in-iis-10/http2-on-iis#when-is-http2-not-supported). When we just found out that we want to use NTLM, and when the current connection runs in HTTP/2 mode, let's force the connection to be closed and to be re-opened using HTTP/1.1. Fixes https://github.com/curl/curl/issues/3341. Closes #3345 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> 
Since v7.62.0, cURL tries to use HTTP/2 whenever the server announces
the capability. However, NTLM authentication only works with HTTP/1.1,
and will likely remain in that boat (for details, see
https://docs.microsoft.com/en-us/iis/get-started/whats-new-in-iis-10/http2-on-iis#when-is-http2-not-supported).

When we just found out that we want to use NTLM, and when the current
connection runs in HTTP/2 mode, let's force the connection to be closed
and to be re-opened using HTTP/1.1.

Fixes https://github.com/curl/curl/issues/3341.
Closes #3345

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>