summaryrefslogtreecommitdiff
path: root/win32
diff options
context:
space:
mode:
authorClaudio Saavedra <csaavedra@igalia.com>2018-06-07 10:38:17 +0300
committerClaudio Saavedra <csaavedra@igalia.com>2018-06-07 10:56:06 +0300
commit22ba164c22d69157c160904e48b13a6843c7967b (patch)
tree7e44ea0b7fe6be39b5803fe53cd7b797572ae865 /win32
parent5eff2945b077cf13e08e2fc68897b9865e62ae1d (diff)
downloadlibsoup-22ba164c22d69157c160904e48b13a6843c7967b.tar.gz
HSTS: Rewrite the HSTS feature and add testshsts
This is a comprehensive rework of the HSTS enforcer and related classes, based upon Adrien Plazas work. A summary of the most relevant changes: SoupHSTSEnforcer: - The enforcer will listen on headers both on message queueing and restarting. This is necessary in order to be able to enforce HSTS redirections on messages that are restarted for whatever reason. - Instead of causing a redirection, the URI will be overwritten directly on the message before this one is sent. Redirections are for use on the server side, and the tests added show that it is not a reliable way to do HSTS enforcing. Currently, the only way to find out that a HSTS policy has been enforced is by listening to the SoupMessage:uri property changes, but this might be impractical, so this could be revisited in the future. - soup_hsts_enforcer_policy() will not steal the given policy. Doing so is prone to leaks and not customary. - SoupHSTSEnforcerClass now has a has_valid_policy() vfunc. It currently works exactly as before, but the idea here is to make it possible for subclasses to implement their own check for existence of valid policies for domains, instead of all subclasses having to add their policies to the base SoupHSTSEnforcer class. This will be useful when having a large number of pre-loaded HSTS policies (either in SoupHSTSEnforcerDB or in an enforcer using libhsts as a backend) to avoid having potentially thousands of policies in memory at all times. - HSTS headers are parsed using soup's available utilities, instead of parsing them by hand. The specification is carefully followed so as to not accept any header that is not fully compliant. SoupHSTSEnforcerDB: - Store the max-age attribute in the database. This was done before errata 5372 was reported to RFC 6797, and its necessity will depend on how the errata is treated. Other: - Added tests for both enforcer classes that cover most of the specification. - Added the gtk-doc documentation and update all the documentation comments. - Rename SoupHsts classes to SoupHSTS for consistent naming and other minor renaming of parameters and methods.
Diffstat (limited to 'win32')
0 files changed, 0 insertions, 0 deletions
View Lorry Controller Status