e4db3cb560
Security fix: limit request body size by default
...
This mitigates possible DoS-attacks based on sending very BIG request bodies
to the server with default settings.
Thanks to @MichaelMonashev for pointing to this attack.
2016-06-28 20:54:42 +03:00
d42167fd04
Set response Server header to Server.Name if it is empty. This properly handles #118
2016-06-17 13:13:04 +03:00
e2fcfbaea5
Fix typo ( #115 )
2016-06-13 17:58:03 +03:00
3c5ba2c98d
Limit the number of concurrently running request handlers inside TimeoutHandler
2016-06-06 16:47:02 +03:00
b8b31526d7
Do not compress already compressed response in CompressHandler
2016-06-06 14:15:34 +03:00
90baa054bc
Export IsBodyStream on RequestCtx, Request and Response
...
These methods may help writing proper request handler wrappers
for request handlers, which may set body either via SetBodyStream*
or via usual body methods.
2016-06-03 17:07:13 +03:00
ae8de36df0
Issue #107 ( #108 )
2016-05-27 18:54:11 +03:00
cefa3b1f52
Issue #105 : listen by default only on IPv4, since IPv6 may be misleading / unexpected / buggy
2016-05-27 16:53:10 +03:00
f68634569e
Issue #103 : Set 'Server' response header before calling user-provided request handler
2016-05-24 15:41:08 +03:00
2d5c6fd01a
Added Server.ConnID() for associating distinct requests that come from the same client connection
2016-04-24 22:01:13 +03:00
2296988764
server: prefer server ciphers for TLS. This improves server rating on https://www.ssllabs.com/ssltest/analyze.html
2016-04-19 12:30:49 +03:00
5fdbeef505
Server optimization: reduce the number of SetReadDeadline/SetWriteDeadline calls for keep-alive connections, since they don't scale properly. See https://github.com/golang/go/issues/15133 for details
2016-04-15 13:47:44 +03:00
8d147e45af
Issue #76 : fixed data races in TimeoutHandler and RequestCtx.TimeoutError*. Updated tests for catching similar data races in the future
2016-04-06 15:08:34 +03:00
65540104b3
server: verify request's 'Connection: close' after request handler returns
2016-03-31 10:17:29 +03:00
7d29fb3b3d
server: added DisableKeepalive option for disabling keep-alive connections
2016-03-31 10:05:31 +03:00
92c779039c
workerpool: clean workerChan slices in order to reduce the amount of work for GC
2016-03-30 18:11:40 +03:00
0d43464f64
Renamed unsafeBytes2Str to b2s
2016-03-29 16:26:21 +03:00
169b5eac74
server: sleep for a while after reaching the concurrency limit, so other concurrently running servers could accept and process incoming connections
2016-03-29 12:00:21 +03:00
d444ab9169
Server: write error response when concurrency limit or per-ip conn limit is exceeded before closing the connection. This should improve server diagnostics
2016-03-28 18:42:40 +03:00
8280b7a162
Moved empty noCopy struct to the top of container structs. See @stemar94 's comment at https://github.com/golang/go/issues/12884 for details
2016-03-06 00:17:08 +02:00
9f43aa1601
Do not expose noCopy.Lock
2016-03-04 21:20:52 +02:00
9fa69c74af
Embed noCopy struct into structs, which mustn't be copied
...
This should help `go vet` detecting invalid structs' copyings.
See https://github.com/golang/go/issues/8005#issuecomment-190753527 for details.
2016-03-04 16:57:24 +02:00
15ffe2f795
Issue #63 : added helper functions for starting https server with certificates embedded into the app
2016-03-02 15:23:21 +02:00
68c6a4f496
Added ServeFileBytes* and RequestCtx.SendFileBytes* helper functions
2016-02-29 14:42:55 +02:00
dd6954f4b2
Issue #57 : Server: added ability to disable header names' normalizing
2016-02-25 14:00:04 +02:00
108d002365
Added tests for Server.ReduceMemoryUsage flag
2016-02-24 15:45:56 +02:00
f3dd0534ae
Clarified documentation for Server configs
2016-02-23 11:28:48 +02:00
115b98672e
Make sure that the server always closes connection after HTTP/1.0 request without 'Connection: keep-alive' header
2016-02-22 23:00:36 +02:00
a3e1aeb8b6
eliminated memory allocation in RequestCtx.Redirect*
2016-02-19 17:20:27 +02:00
ed7ca4c631
Added LogAllErrors config parameter to Server, which allows logging the most frequent errors such as 'connection reset by peer', 'broken pipe' and 'i/o timeout'. By default such errors are suppressed
2016-02-19 12:01:27 +02:00
d7f433999f
Document that it is safe re-using []byte buffers after SetBody and AppendBody function calls
2016-02-18 16:49:23 +02:00
ace291546f
Document that Server.ReadBufferSize may be increased for serving big requests
2016-02-18 12:46:37 +02:00
fd2887a5fc
Issue #53 : Clarify that the following instances mustn't be used from concurrently running goroutines: Args, Cookie, URI, RequestCtx, Request, Response, RequestHeader and ResponseHeader
2016-02-17 11:45:21 +02:00
9f608dd1fd
Issue #51 : Make RequestCtx.SendFile a synonim to ServeFile. This breaks RequestCtx.SendFile API, but I believe the new behaviour of SendFile outweights API breakage
2016-02-17 11:35:36 +02:00
eba076e4d3
Server: call Request.Reset immediately after RequestHandler returns
2016-02-14 14:17:03 +02:00
03ec1a0d63
Server: call Response.Reset after writing response to client
2016-02-14 13:55:09 +02:00
87628147e5
Use zero-alloc copy instead of io.Copy
2016-02-13 11:01:18 +02:00
dde91b5c5b
Explicitly state that the hijacked connection cannot be used after returning from HijackHandler
2016-02-12 19:29:35 +02:00
9c9b5abffa
Documentation update according to golint
2016-02-12 17:47:57 +02:00
eafcb74ce5
Call Close on user values stored via RequestCtx.SetUserValue if these values implement io.Closer
2016-02-05 12:50:58 +02:00
2b4309d53d
Added global ServeTLS function to be consistent with Server.ServeTLS
2016-02-03 16:21:42 +02:00
85122869cf
Removed misleading comment on ServeConn related to Hijack - this implementation detail is irrelevant to ServeConn caller
2016-01-28 11:21:20 +02:00
ee9a3ee319
Server: make sure that net.Listener returns nil conn on non-nil error
2016-01-27 17:21:38 +02:00
52ddf98cfd
Fixed golint warnings
2016-01-19 12:43:23 +02:00
764a74e2ec
Added ServeFile and ServeFileUncompressed to be on par with net/http
2016-01-17 23:12:38 +02:00
81b5321d14
Removed misleading ConnectionCloseReal method from RequestHeader
2016-01-17 00:43:34 +02:00
3e5866274d
use Request.ConnectionClose instead of Request.Header.ConnectionClose
2016-01-13 13:41:47 +02:00
b6594defaa
Added TLSConnectionState function to RequestCtx for verifying client certificates
2016-01-11 19:05:09 +02:00
81ebe4ca8f
Return clearer error when TLS certFile and/or keyFile cannot be loaded
2016-01-08 17:40:05 +02:00
37931cad28
Added ServeTLS helper to Server
2016-01-08 17:31:59 +02:00
Aliaksandr Valialkin
Alexander Shchepetilnikov
Tracer Tong