Date | Commit message (Collapse) |
|
IO#wait_readable existed since Ruby 2.0, so we don't need
to use the "kgio_"-prefixed version.
|
|
Operations via Array#map are NOT optimized away by opt_str_lit
in the VM, and they're unnecessary anyways with the
"frozen_string_literal: true" comment in Ruby 2.3+.
|
|
These options can be useful for limiting CGI process runtime and
memory usage.
|
|
No point in increasing the complexity for cases it's not.
|
|
Machine-parseability is useful for licenses.
|
|
We don't need non-blocking I/O at all in this module and it's
not coupled with the rest of yahns at all.
|
|
Current (tested r60757) ruby trunk warns in a few more places than
2.4.x did, so clean them up.
|
|
HTTPS adds some level of privacy protection and helps marketing
(because we care soooo much about good marketing! :P).
Performance-wise, this reduces subjectAltName bloat when
negotiating connections and will also speed up occasional
certificate renewals when/if we drop the old name.
Also, not occupying the document root of a domain will make it
easier to add alternative site locations in the future, because
centralization sucks and I don't like the idea of anybody paying
ICANN or similar entities for domain names.
|
|
Bad clients may set the Proxy: header in the response and
cause any CGI programs we execute to use the value of that
header as the HTTP proxy. This affects folks calling code
which respects the HTTP_PROXY environment variable in CGI
programs.
ref: https://httpoxy.org/
|
|
rack 2.x has some incompatible changes an deprecations; support
it but remain compatible with rack 1.x for the next few years.
|
|
This is mainly to benefit curl(1) users who forget to use '-f'
to show failures. Not sure if I want to keep this change, it
seems like bloat; but Rack::ShowStatus pages are totally
overkill...
|
|
Static gzip files may not exist for symlinks, but they
could resolve to a file for which a pre-gzipped file
exists.
|
|
On ENAMETOOLONG and perhaps other system errors which we can do
nothing about, we should not spew a giant backtrace which could
be used as an easy DoS vector.
|
|
Apparently this can be useful to some people.
|
|
Switch option initialization to using a keyword hash
since yet-another boolean is too much.
Using kwargs won't work under Ruby 1.9.3 which we still
support (for now).
Note: being a part of extras/, there's no API stability
guarantees but this should've maintained it.
|
|
Oops, we need to duplicate our buffer in case the CGI executable
returns just the header :x
|
|
Using the 'update-copyright' script from gnulib[1]:
git ls-files | UPDATE_COPYRIGHT_HOLDER='all contributors' \
UPDATE_COPYRIGHT_USE_INTERVALS=2 \
xargs /path/to/gnulib/build-aux/update-copyright
We're also switching to 'GPL-3.0+' as recommended by SPDX
to be consistent with our gemspec and other metadata
(as opposed to the longer but equivalent "GPLv3 or later").
[1] git://git.savannah.gnu.org/gnulib.git
|
|
There are likely yet-to-be-discovered bugs in here.
Also, keeping explicit #freeze calls for 2.2 users, since most
users have not migrated to 2.3, yet.
|
|
Future updates may use the update-copyright script in gnulib:
git ls-files | UPDATE_COPYRIGHT_HOLDER='all contributors' \
UPDATE_COPYRIGHT_USE_INTERVALS=2 \
xargs /path/to/gnulib/build-aux/update-copyright
|
|
Files may exist and be stat-able, but not readable. Return
a 403 response for non-readable files.
|
|
We'll have to support both, it seems.
|
|
Arrays are less verbose, but they have more bytecode overhead
which actually matters at runtime.
|
|
Since yahns/proxy_pass is not a drop-in replacement, reinstate
the old, synchronous version to avoid breaking existing setups
which require Rack middleware support.
|
|
This will rely on rack.hijack in the future to support
asynchronous execution without tying up a thread when waiting
for upstreams. For now, this allows simpler code with fewer
checks and the use of monotonic time on newer versions of Ruby.
|
|
Of course, some users will prefer to bind HTTP application
servers to Unix domain sockets for better isolation and (maybe)
better performance.
|
|
This is slightly more nginx-style behavior and allows simpler
configuration.
|
|
No point in bloating our bytecode for single-use variables.
|
|
Some middlewares may attempt to modify the response body in
place, so sharing this is not a good idea. We shouldn't
really care about rare 502 error paths, either.
|
|
It was never used.
|
|
This module will probably become an official part of yahns
soon, so finally add tests for this module.
|
|
It may be useful for us to track down potential errors in
our code or log when an upstream misbehaves.
|
|
"ruby -w" warns on it.
|
|
This saves over 400 bytes of memory in a cold code path.
|
|
We only want to strip one ".gz" suffix to check for the
original, so avoid a needless use of gsub! and use sub!
instead.
While we're at it, note the use of "dup.sub!" (vs plain "sub")
to ensure we only handle files with a .gz suffix.
|
|
This keeps autoindex-generated indices from being cluttered with
redundant .gz files while still showing stuff like tar.gz files
without a plain .tar companion.
|
|
Oops.
|
|
No need to waste space on this (and trigger "Bad partial
reference!" warnings on lynx)
|
|
Using the full, filesystem path name to our script is wrong
and not according to RFC 3875.
|
|
Sometimes a CGI script wants to run with some environment
variables set or overridden. Allow it.
|
|
Proper POSIX filesystems are encoding-agnostic.
|
|
We will override it internally regardless of middlewares.
|
|
This was causing zombies on the bogomips.org cgit instance.
|
|
The body may contain extra repeated newlines, of course
|
|
This allows yahns to continue using sendfile when clients
request gzipped/bzipped tarballs on my server.
|
|
Clients may be requesting gzipped files through Rack::Deflater,
which will attempt to further compress files.
|
|
This is mainly needed for the regexp in extras/try_gzip_static.rb
(POSIX filesystem paths have no encoding, it's just a bag of bytes).
Since we host apps of all types and for all (human)
languages/encodings, all of our internals must be encoding-agnostic.
|
|
Leave that up to Rack::Chunked/Rack::ContentLength.
Chunking ourselves interacts badly with Rack::Deflater, since
Deflater will blindly deflate already-chunked portions.
|
|
In case we have bugs, this can help us find bugs in our code.
|
|
Some attackers may try /path/to/file/foo where /path/to/file
is actually a valid path to a regular file. Of course, requests
like this work on dynamic websites, but not static file mappings
because Unix directories and files cannot be the same thing.
|
|
Following our own advice in
commit a79a6d8775171ad5cceda9bb3a77946ba60e26ce
(doc: recommend worker_processes if the app uses SIGCHLD)
|