about summary refs log tree commit homepage
path: root/test/test_extras_try_gzip_static.rb
DateCommit message (Collapse)
2016-07-05extras: include status messages in responses
This is mainly to benefit curl(1) users who forget to use '-f' to show failures. Not sure if I want to keep this change, it seems like bloat; but Rack::ShowStatus pages are totally overkill...
2016-06-22extras/try_gzip_static: resolve symlinks
Static gzip files may not exist for symlinks, but they could resolve to a file for which a pre-gzipped file exists.
2016-06-05extras/try_gzip_static: do not show backtrace on syscall errors
On ENAMETOOLONG and perhaps other system errors which we can do nothing about, we should not spew a giant backtrace which could be used as an easy DoS vector.
2016-02-29test/*: fix mktmpdir usage for 1.9.3
We should not infinite loop, oops :x Also, ensure 'yahns' is in the directory in case tests are SIGKILL-ed and directories are left over.
2016-01-02copyright updates for 2016
Using the 'update-copyright' script from gnulib[1]: git ls-files | UPDATE_COPYRIGHT_HOLDER='all contributors' \ UPDATE_COPYRIGHT_USE_INTERVALS=2 \ xargs /path/to/gnulib/build-aux/update-copyright We're also switching to 'GPL-3.0+' as recommended by SPDX to be consistent with our gemspec and other metadata (as opposed to the longer but equivalent "GPLv3 or later"). [1] git://git.savannah.gnu.org/gnulib.git
2016-01-02enable frozen_string_literal for Ruby 2.3+
There are likely yet-to-be-discovered bugs in here. Also, keeping explicit #freeze calls for 2.2 users, since most users have not migrated to 2.3, yet.
2015-10-13copyright updates
Future updates may use the update-copyright script in gnulib: git ls-files | UPDATE_COPYRIGHT_HOLDER='all contributors' \ UPDATE_COPYRIGHT_USE_INTERVALS=2 \ xargs /path/to/gnulib/build-aux/update-copyright
2015-02-05skip tests requiring String#b on 1.9.3
While 1.9.3 support will probably be kept for another year or so, it's probably not worth supporting non-critical extras/ stuff on 1.9.3.
2013-11-12extras/try_gzip_static: return 404 on ENOTDIR
Some attackers may try /path/to/file/foo where /path/to/file is actually a valid path to a regular file. Of course, requests like this work on dynamic websites, but not static file mappings because Unix directories and files cannot be the same thing.
2013-11-10test: workaround sockets not being binary on rbx
ref: https://github.com/rubinius/rubinius/issues/2772
2013-11-02add extras for exec_cgi and try_gzip_static
These applications are what I'll be using to run on yahns on my personal server. Including them here will be helpful for me to find bugs. I've already found some, the following commits were directly the result of playing with these extras: * stream_file: only close FDs we opened ourselves * worker-less server should not waitpid indiscriminately * http: do not drop Content-Range from response headers