summaryrefslogtreecommitdiff
path: root/lib/http.c
Commit message (Collapse)AuthorAgeFilesLines
* cookies: using a share with cookies shouldn't enable the cookie engineDaniel Stenberg2019-09-281-2/+2
| | | | | | | | | | | | | | | | | The 'share object' only sets the storage area for cookies. The "cookie engine" still needs to be enabled or activated using the normal cookie options. This caused the curl command line tool to accidentally use cookies without having been told to, since curl switched to using shared cookies in 7.66.0. Test 1166 verifies Updated test 506 Fixes #4429 Closes #4434
* http: fix warning on conversion from int to bitDaniel Stenberg2019-09-211-3/+4
| | | | Follow-up from 03ebe66d70
* http: fix Expression 'http->postdata' is always falseDaniel Stenberg2019-09-201-2/+1
| | | | | | Fixes warning detected by PVS-Studio Fixes #4374 Reported-by: Valerii Zapodovnikov
* http: merge two "case" statementsMichael Kaufmann2019-09-181-3/+0
|
* Curl_fillreadbuffer: avoid double-free trailer buf on errorbagder/trailer-buf-freeDaniel Stenberg2019-09-091-6/+10
| | | | | | | Reviewed-by: Jay Satiro Reported-by: Thomas Vegas Closes #4307
* http: remove chunked-encoding and expect header use for HTTP/3Daniel Stenberg2019-08-201-4/+5
|
* http: fix use of credentials from URL when using HTTP proxyDaniel Stenberg2019-08-161-11/+10
| | | | | | | | | | | | | | | | When a username and password are provided in the URL, they were wrongly removed from the stored URL so that subsequent uses of the same URL wouldn't find the crendentials. This made doing HTTP auth with multiple connections (like Digest) mishave. Regression from 46e164069d1a5230 (7.62.0) Test case 335 added to verify. Reported-by: Mike Crowe Fixes #4228 Closes #4229
* ngtcp2: do QUIC connections happy-eyeballs friendlyDaniel Stenberg2019-08-141-4/+2
|
* http3: fix the HTTP/3 in the request, make alt-svc set right versionsDaniel Stenberg2019-08-081-36/+43
| | | | Closes #4200
* alt-svc: send Alt-Used: in redirected requestsDaniel Stenberg2019-08-081-2/+14
| | | | | | | | | | | | | | | RFC 7838 section 5: When using an alternative service, clients SHOULD include an Alt-Used header field in all requests. Removed CURLALTSVC_ALTUSED again (feature is still EXPERIMENTAL thus this is deemed ok). You can disable sending this header just like you disable any other HTTP header in libcurl. Closes #4199
* CURLOPT_HTTP_VERSION: seting this to 3 forces HTTP/3 use directlyDaniel Stenberg2019-08-081-3/+3
| | | | | | | | | | | | Even though it cannot fall-back to a lower HTTP version automatically. The safer way to upgrade remains via CURLOPT_ALTSVC. CURLOPT_H3 no longer has any bits that do anything and might be removed before we remove the experimental label. Updated the curl tool accordingly to use "--http3". Closes #4197
* CURLINFO_RETRY_AFTER: parse the Retry-After header valueDaniel Stenberg2019-08-071-0/+13
| | | | | | | | This is only the libcurl part that provides the information. There's no user of the parsed value. This change includes three new tests for the parser. Ref: #3794
* quiche: first working HTTP/3 requestDaniel Stenberg2019-08-061-3/+4
| | | | | | | | | - enable debug log - fix use of quiche API - use download buffer - separate header/body Closes #4193
* cleanup: remove the 'numsocks' argument used in many placesDaniel Stenberg2019-07-301-10/+5
| | | | | | | | | It was used (intended) to pass in the size of the 'socks' array that is also passed to these functions, but was rarely actually checked/used and the array is defined to a fixed size of MAX_SOCKSPEREASYHANDLE entries that should be used instead. Closes #4169
* HTTP: use chunked Transfer-Encoding for HTTP_POST if size unknownBalazs Kovacsics2019-07-291-2/+3
| | | | | | | | | If using the read callback for HTTP_POST, and POSTFIELDSIZE is not set, automatically add a Transfer-Encoding: chunked header, same as it is already done for HTTP_PUT, HTTP_POST_FORM and HTTP_POST_MIME. Update test 1514 according to the new behaviour. Closes #4138
* HTTP3: initial (experimental) supportDaniel Stenberg2019-07-211-4/+25
| | | | | | | | | USe configure --with-ngtcp2 or --with-quiche Using either option will enable a HTTP3 build. Co-authored-by: Alessandro Ghedini <alessandro@ghedini.me> Closes #3500
* http: allow overriding timecond with custom headerPeter Simonyi2019-07-141-4/+10
| | | | | | | | | With CURLOPT_TIMECONDITION set, a header is automatically added (e.g. If-Modified-Since). Allow this to be replaced or suppressed with CURLOPT_HTTPHEADER. Fixes #4103 Closes #4109
* headers: Remove no longer exported functionsDaniel Gustafsson2019-07-101-1/+1
| | | | | | | | | | | | | | | | | | | | There were a leftover few prototypes of Curl_ functions that we used to export but no longer do, this removes those prototypes and cleans up any comments still referring to them. Curl_write32_le(), Curl_strcpy_url(), Curl_strlen_url(), Curl_up_free() Curl_concat_url(), Curl_detach_connnection(), Curl_http_setup_conn() were made static in 05b100aee247bb9bec8e9a1b0166496aa4248d1c. Curl_http_perhapsrewind() made static in 574aecee208f79d391f10d57520b3. For the remainder, I didn't trawl the Git logs hard enough to capture their exact time of deletion, but they were all gone: Curl_splayprint(), Curl_http2_send_request(), Curl_global_host_cache_dtor(), Curl_scan_cache_used(), Curl_hostcache_destroy(), Curl_second_connect(), Curl_http_auth_stage() and Curl_close_connections(). Closes #4096 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
* http: clarify header buffer size calculationDaniel Gustafsson2019-06-241-0/+3
| | | | | | | | | | | The header buffer size calculation can from static analysis seem to overlow as it performs an addition between two size_t variables and stores the result in a size_t variable. Overflow is however guarded against elsewhere since the input to the addition is regulated by the maximum read buffer size. Clarify this with a comment since the question was asked. Reviewed-by: Daniel Stenberg <daniel@haxx.se>
* http2: call done_sending on end of uploadDaniel Stenberg2019-06-241-1/+3
| | | | | | | | | To make sure a HTTP/2 stream registers the end of stream. Bug #4043 made me find this problem but this fix doesn't correct the reported issue. Closes #4068
* http: don't parse body-related headers bodyless responsesMichael Kaufmann2019-06-021-8/+8
| | | | | | | | | | | | | | | | | | | Responses with status codes 1xx, 204 or 304 don't have a response body. For these, don't parse these headers: - Content-Encoding - Content-Length - Content-Range - Last-Modified - Transfer-Encoding This change ensures that HTTP/2 upgrades work even if a "Content-Length: 0" or a "Transfer-Encoding: chunked" header is present. Co-authored-by: Daniel Stenberg Closes #3702 Fixes #3968 Closes #3977
* http: fix "error: equality comparison with extraneous parentheses"Daniel Stenberg2019-05-291-1/+1
|
* cleanup: remove FIXME and TODO commentsDaniel Stenberg2019-05-161-3/+0
| | | | | | | | | They serve very little purpose and mostly just add noise. Most of them have been around for a very long time. I read them all before removing or rephrasing them. Ref: #3876 Closes #3883
* http_ntlm_wb: Move the type-2 message processing into a dedicated functionSteve Holme2019-05-161-13/+4
| | | | | | This brings the code inline with the other HTTP authentication mechanisms. Closes #3890
* http_negotiate: Move the Negotiate state out of the negotiatedata structureSteve Holme2019-05-151-11/+11
| | | | | | | Given that this member variable is not used by the SASL based protocols there is no need to have it here. Closes #3882
* http_ntlm: Move the NTLM state out of the ntlmdata structureSteve Holme2019-05-151-4/+4
| | | | | Given that this member variable is not used by the SASL based protocols there is no need to have it here.
* proxy: acknowledge DISABLE_PROXY moreDaniel Stenberg2019-05-131-1/+11
|
* parsedate: CURL_DISABLE_PARSEDATEDaniel Stenberg2019-05-131-0/+11
|
* mime: acknowledge CURL_DISABLE_MIMEDaniel Stenberg2019-05-131-0/+4
|
* http: CURL_DISABLE_HTTP_AUTHDaniel Stenberg2019-05-131-0/+20
|
* http: Ignore HTTP/2 prior knowledge setting for HTTP proxiesJay Satiro2019-05-081-0/+7
| | | | | | | | | | | | | | | | | | | - Do not switch to HTTP/2 for an HTTP proxy that is not tunnelling to the destination host. We already do something similar for HTTPS proxies by not sending h2. [1] Prior to this change setting CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE would incorrectly use HTTP/2 to talk to the proxy, which is not something we support (yet?). Also it's debatable whether or not that setting should apply to HTTP/2 proxies. [1]: https://github.com/curl/curl/commit/17c5d05 Bug: https://github.com/curl/curl/issues/3570 Bug: https://github.com/curl/curl/issues/3832 Closes https://github.com/curl/curl/pull/3853
* http: mark bundle as not for multiuse on < HTTP/2 responseDaniel Stenberg2019-05-011-0/+4
| | | | | Fixes #3813 Closes #3815
* pipelining: removedDaniel Stenberg2019-04-061-24/+2
| | | | | | | As previously planned and documented in DEPRECATE.md, all pipelining code is removed. Closes #3651
* Negotiate: fix for HTTP POST with NegotiateDominik Hölzl2019-03-141-40/+76
| | | | | | | | | | | | | | | | | | | | | | | | * Adjusted unit tests 2056, 2057 * do not generally close connections with CURLAUTH_NEGOTIATE after every request * moved negotiatedata from UrlState to connectdata * Added stream rewind logic for CURLAUTH_NEGOTIATE * introduced negotiatedata::GSS_AUTHDONE and negotiatedata::GSS_AUTHSUCC * Consider authproblem state for CURLAUTH_NEGOTIATE * Consider reuse_forbid for CURLAUTH_NEGOTIATE * moved and adjusted negotiate authentication state handling from output_auth_headers into Curl_output_negotiate * Curl_output_negotiate: ensure auth done is always set * Curl_output_negotiate: Set auth done also if result code is GSS_S_CONTINUE_NEEDED/SEC_I_CONTINUE_NEEDED as this result code may also indicate the last challenge request (only works with disabled Expect: 100-continue and CURLOPT_KEEP_SENDING_ON_ERROR -> 1) * Consider "Persistent-Auth" header, detect if not present; Reset/Cleanup negotiate after authentication if no persistent authentication * apply changes introduced with #2546 for negotiate rewind logic Fixes #1261 Closes #1975
* http: send payload when (proxy) authentication is doneMarc Schlatter2019-03-131-1/+2
| | | | | | | | | | | The check that prevents payload from sending in case of authentication doesn't check properly if the authentication is done or not. They're cases where the proxy respond "200 OK" before sending authentication challenge. This change takes care of that. Fixes #2431 Closes #3669
* alt-svc: add test 355 and 356 to verify with command line curlDaniel Stenberg2019-03-031-1/+8
|
* alt-svc: the libcurl bitsDaniel Stenberg2019-03-031-0/+15
|
* urldata: simplify bytecountersDaniel Stenberg2019-03-011-39/+21
| | | | | | | | | | | | | - no need to have them protocol specific - no need to set pointers to them with the Curl_setup_transfer() call - make Curl_setup_transfer() operate on a transfer pointer, not connection - switch some counters from long to the more proper curl_off_t type Closes #3627
* http: set state.infilesize when sending formpostsDaniel Stenberg2019-02-281-1/+1
| | | | | | | | | | | | Without it set, we would unwillingly triger the "HTTP error before end of send, stop sending" condition even if the entire POST body had been sent (since it wouldn't know the expected size) which would unnecessarily log that message and close the connection when it didn't have to. Reported-by: Matt McClure Bug: https://curl.haxx.se/mail/archive-2019-02/0023.html Closes #3624
* urldata: convert bools to bitfields and move to endDaniel Stenberg2019-02-271-1/+1
| | | | | | | | | | | | This allows the compiler to pack and align the structs better in memory. For a rather feature-complete build on x86_64 Linux, gcc 8.1.2 makes the Curl_easy struct 4.9% smaller. From 6312 bytes to 6000. Removed an unused struct field. No functionality changes. Closes #3610
* http: make adding a blank header thread-safeDaniel Stenberg2019-02-191-13/+21
| | | | | | | | | | | | Previously the function would edit the provided header in-place when a semicolon is used to signify an empty header. This made it impossible to use the same set of custom headers in multiple threads simultaneously. This approach now makes a local copy when it needs to edit the string. Reported-by: d912e3 on github Fixes #3578 Closes #3579
* cleanup: make local functions staticDaniel Stenberg2019-02-101-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | urlapi: turn three local-only functions into statics conncache: make conncache_find_first_connection static multi: make detach_connnection static connect: make getaddressinfo static curl_ntlm_core: make hmac_md5 static http2: make two functions static http: make http_setup_conn static connect: make tcpnodelay static tests: make UNITTEST a thing to mark functions with, so they can be static for normal builds and non-static for unit test builds ... and mark Curl_shuffle_addr accordingly. url: make up_free static setopt: make vsetopt static curl_endian: make write32_le static rtsp: make rtsp_connisdead static warnless: remove unused functions memdebug: remove one unused function, made another static
* cookies: skip custom cookies when redirecting cross-siteKatsuhiko YOSHIDA2019-01-091-1/+2
| | | | Closes #3417
* Revert "http_negotiate: do not close connection until negotiation is completed"Daniel Stenberg2019-01-071-1/+2
| | | | | | | | | This reverts commit 07ebaf837843124ee670e5b8c218b80b92e06e47. This also reopens PR #3275 which brought the change now reverted. Fixes #3384 Closes #3439
* http: added options for allowing HTTP/0.9 responsesDaniel Stenberg2018-12-211-0/+8
| | | | | | | | | | | | Added CURLOPT_HTTP09_ALLOWED and --http0.9 for this purpose. For now, both the tool and library allow HTTP/0.9 by default. docs/DEPRECATE.md lays out the plan for when to reverse that default: 6 months after the 7.64.0 release. The options are added already now so that applications/scripts can start using them already now. Fixes #2873 Closes #3383
* http: Implement trailing headers for chunked transfersAyoub Boudhar2018-12-141-0/+46
| | | | | | | | | | | | | This adds the CURLOPT_TRAILERDATA and CURLOPT_TRAILERFUNCTION options that allow a callback based approach to sending trailing headers with chunked transfers. The test server (sws) was updated to take into account the detection of the end of transfer in the case of trailing headers presence. Test 1591 checks that trailing headers can be sent using libcurl. Closes #3350
* cookies: leave secure cookies aloneDaniel Gustafsson2018-12-131-1/+3
| | | | | | | | | | | Only allow secure origins to be able to write cookies with the 'secure' flag set. This reduces the risk of non-secure origins to influence the state of secure origins. This implements IETF Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates RFC6265. Closes #2956 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
* http: fix HTTP auth to include query in URIJay Satiro2018-12-111-4/+13
| | | | | | | | | | - Include query in the path passed to generate HTTP auth. Recent changes to use the URL API internally (46e1640, 7.62.0) inadvertently broke authentication URIs by omitting the query. Fixes https://github.com/curl/curl/issues/3353 Closes #3356
* http: don't set CURLINFO_CONDITION_UNMET for http status code 204Michael Kaufmann2018-12-111-7/+7
| | | | | | | | The http status code 204 (No Content) should not change the "condition unmet" flag. Only the http status code 304 (Not Modified) should do this. Closes #359
* NTLM: force the connection to HTTP/1.1Johannes Schindelin2018-12-071-0/+6
| | | | | | | | | | | | | | | | Since v7.62.0, cURL tries to use HTTP/2 whenever the server announces the capability. However, NTLM authentication only works with HTTP/1.1, and will likely remain in that boat (for details, see https://docs.microsoft.com/en-us/iis/get-started/whats-new-in-iis-10/http2-on-iis#when-is-http2-not-supported). When we just found out that we want to use NTLM, and when the current connection runs in HTTP/2 mode, let's force the connection to be closed and to be re-opened using HTTP/1.1. Fixes https://github.com/curl/curl/issues/3341. Closes #3345 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
View Lorry Controller Status