On 10/31/2020 11:27 PM, Laslo Hunhold wrote:
this is a great catch, thanks! But wouldn't it be better to use
MIN(SIZE_MAX, LLONG_MAX)?
I haven't found anything in the standard that puts "long long" and
"size_t" into any relation, which means, for me, that any case is
possible where either
The value passed as maxval, SIZE_MAX, doesn't fit on a long long int due
to signedness. It was causing legitimate range request to be discarded
as bad.
I tested it serving an mp4 and opening it with Firefox. A "range=0-" was
requested, and it triggered the bug.
---
http.c | 6 +++---
1 file
The bare minimum has been implemented, it is currently unused. It allows
the server to maintain a stateful connection with the client. Also,
keep-alive connections are more efficient than successive
request/response pairs of connections.
---
http.c | 21 +++--
http.h | 9
On 10/26/2020 8:41 AM, Laslo Hunhold wrote:
Tell me one example where you need CGI which isn't a web forum? To give
an example how you can solve something statically: A comment section
could be built by having a static web server and also a very thin
"handler" that is called when the form is
On 10/26/2020 8:34 AM, Laslo Hunhold wrote:
Definitely don't make exceptions here, because erasing the entire
struct is a consistency measure and being inconsistent there
complicates the semantics.
I'll be careful then.
I also don't see a reason for the constraints you mention. Just add an
On 10/25/2020 8:39 AM, Laslo Hunhold wrote:
Dear Laslo,
No, this is supposed to be like this. I agree that the comment is a bit
misleading, but http_parse_header() really builds a request from
scratch and first sets it all to zero. With "fields" I'm referring to
the struct fields in request,
The comment before the offending line indicated it was intended to only
erase the fields, but it erased the whole response. It was most likely a
bug.
---
http.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/http.c b/http.c
index f1e15a4..27d20f7 100644
--- a/http.c
+++
On 10/23/2020 2:08 PM, Laslo Hunhold wrote:
Dear Laslo,
as RFC 7617 (Basic Authentication Scheme) states:
This scheme is not considered to be a secure method of user
authentication unless used in conjunction with some external secure
system such as TLS (Transport Layer Security,
Currently the idea I'm most attached to is using groups as realms,
while keeping auth data in a separate file (or even hardcoded inside
config.h). I think it's a pretty elegant solution (and it would match
how I already manage shell user access to my server files), but
relying on filesystem
nowadays. But I acknowledge that, for quark's use cases, it
is perfectly reasonable.
Best regards.
José Miguel
On Thu, Oct 22, 2020 at 9:42 PM Hiltjo Posthuma wrote:
>
> On Thu, Oct 22, 2020 at 08:52:27PM +0200, José Miguel Sánchez García wrote:
> > Hello,
> >
> > I'm cur
Hello,
I'm currently serving my static webpage with quark. I want to add some
CGI, but the opinion here about CGI support in the server is pretty
low. I'm trying to update the basecgi patch, but the latest changes
adding interruptibility seem to complicate the design (the goals of
these two are
Previously, when a directory was requested, the index body was not sent,
and the MIME type defaulted to "application/octet-stream".
---
http.c | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/http.c b/http.c
index f1e15a4..2d3f17f 100644
--- a/http.c
+++ b/http.c
@@
12 matches
Mail list logo
