nginx.git/src/http/modules, branch release-1.15.5 nginx Removed bgcolor attribute on body in error pages and autoindex. 2018-09-19T14:26:47+00:00 Nova DasSarma nova@novalinium.com 2018-09-19T14:26:47+00:00 8117b3f5a06b68afb292ddd19bf6ee6000707232 The bgcolor attribute overrides compatibility settings in browsers and leads to undesirable behavior when the default font color is set to white in the browser, since font-color is not also overridden. 
The bgcolor attribute overrides compatibility settings in browsers
and leads to undesirable behavior when the default font color is set
to white in the browser, since font-color is not also overridden.
Rewrite: removed r->err_status special handling (ticket #1634). 2018-09-21T12:59:33+00:00 Maxim Dounin mdounin@mdounin.ru 2018-09-21T12:59:33+00:00 a834b8aa09205922bf11c005b3c737b267be12bb Trying to look into r->err_status in the "return" directive makes it behave differently than real errors generated in other parts of the code, and is an endless source of various problems. This behaviour was introduced in 726:7b71936d5299 (0.4.4) with the comment "fix: "return" always overrode "error_page" response code". It is not clear if there were any real cases this was expected to fix, but there are several cases which are broken due to this change, some previously fixed (4147:7f64de1cc2c0). In ticket #1634, the problem is that when r->err_status is set to a non-special status code, it is not possible to return a response by simply returning r->err_status. If this is the case, the only option is to return script's e->status instead. An example configuration: location / { error_page 404 =200 /err502; return 404; } location = /err502 { return 502; } After the change, such a configuration will properly return standard 502 error, much like it happens when a 502 error is generated by proxy_pass. This also fixes the following configuration to properly close connection as clearly requested by "return 444": location / { error_page 404 /close; return 404; } location = /close { return 444; } Previously, this required "error_page 404 = /close;" to work as intended. 
Trying to look into r->err_status in the "return" directive
makes it behave differently than real errors generated in other
parts of the code, and is an endless source of various problems.
This behaviour was introduced in 726:7b71936d5299 (0.4.4) with
the comment "fix: "return" always overrode "error_page" response code".
It is not clear if there were any real cases this was expected to fix,
but there are several cases which are broken due to this change, some
previously fixed (4147:7f64de1cc2c0).

In ticket #1634, the problem is that when r->err_status is set to
a non-special status code, it is not possible to return a response
by simply returning r->err_status.  If this is the case, the only
option is to return script's e->status instead.  An example
configuration:

    location / {
        error_page 404 =200 /err502;
        return 404;
    }

    location = /err502 {
        return 502;
    }

After the change, such a configuration will properly return
standard 502 error, much like it happens when a 502 error is
generated by proxy_pass.

This also fixes the following configuration to properly close
connection as clearly requested by "return 444":

    location / {
        error_page 404 /close;
        return 404;
    }

    location = /close {
        return 444;
    }

Previously, this required "error_page 404 = /close;" to work
as intended.
gRPC: disabled keepalive when sending control frames was blocked. 2018-09-03T16:34:02+00:00 Maxim Dounin mdounin@mdounin.ru 2018-09-03T16:34:02+00:00 07dbfd00fff456d05007cc1f35bd5a5b1349ef08 If sending request body was not completed (u->request_body_sent is not set), the upstream keepalive module won't save such a connection. However, it is theoretically possible (though highly unlikely) that sending of some control frames can be blocked after the request body was sent. The ctx->output_blocked flag introduced to disable keepalive in such cases. 
If sending request body was not completed (u->request_body_sent is not set),
the upstream keepalive module won't save such a connection.  However, it
is theoretically possible (though highly unlikely) that sending of some
control frames can be blocked after the request body was sent.  The
ctx->output_blocked flag introduced to disable keepalive in such cases.
gRPC: improved keepalive handling. 2018-09-03T16:34:01+00:00 Maxim Dounin mdounin@mdounin.ru 2018-09-03T16:34:01+00:00 71e152debe7389574967639114dfa7a7107fec8d The code is now able to parse additional control frames after the response is received, and can send control frames as well. This fixes keepalive problems as observed with grpc-c, which can send window update and ping frames after the response, see http://mailman.nginx.org/pipermail/nginx/2018-August/056620.html. 
The code is now able to parse additional control frames after
the response is received, and can send control frames as well.
This fixes keepalive problems as observed with grpc-c, which can
send window update and ping frames after the response, see
http://mailman.nginx.org/pipermail/nginx/2018-August/056620.html.
Uwsgi: added a check on maximum uwsgi request size. 2018-09-03T16:17:06+00:00 Maxim Dounin mdounin@mdounin.ru 2018-09-03T16:17:06+00:00 b71792b11086d9df748f36d02f93d360d135cd7c Requested by Chris Caputo. 
Requested by Chris Caputo.
Uwsgi: style. 2018-09-03T16:17:01+00:00 Maxim Dounin mdounin@mdounin.ru 2018-09-03T16:17:01+00:00 07c3e79b64c793facb22ec498dd0fc1437645e55 






Upstream keepalive: keepalive_requests directive.
2018-08-10T18:54:46+00:00

Maxim Dounin
mdounin@mdounin.ru

2018-08-10T18:54:46+00:00

d817ceae729914e7423c4c206165fc244513f021

The directive configures maximum number of requests allowed on
a connection kept in the cache.  Once a connection reaches the number
of requests configured, it is no longer saved to the cache.
The default is 100.

Much like keepalive_requests for client connections, this is mostly
a safeguard to make sure connections are closed periodically and the
memory allocated from the connection pool is freed.





The directive configures maximum number of requests allowed on
a connection kept in the cache.  Once a connection reaches the number
of requests configured, it is no longer saved to the cache.
The default is 100.

Much like keepalive_requests for client connections, this is mostly
a safeguard to make sure connections are closed periodically and the
memory allocated from the connection pool is freed.







Upstream keepalive: keepalive_timeout directive.
2018-08-10T18:54:23+00:00

Maxim Dounin
mdounin@mdounin.ru

2018-08-10T18:54:23+00:00

7de808990b8e49e2e18c2a013e4cca82a092fdbc

The directive configures maximum time a connection can be kept in the
cache.  By configuring a time which is smaller than the corresponding
timeout on the backend side one can avoid the race between closing
a connection by the backend and nginx trying to use the same connection
to send a request at the same time.





The directive configures maximum time a connection can be kept in the
cache.  By configuring a time which is smaller than the corresponding
timeout on the backend side one can avoid the race between closing
a connection by the backend and nginx trying to use the same connection
to send a request at the same time.







Upstream keepalive: comment added.
2018-08-10T18:54:17+00:00

Maxim Dounin
mdounin@mdounin.ru

2018-08-10T18:54:17+00:00

f3d1a925b5e27d8d78fc6da408ccc2f75994939c












SSL: support for TLSv1.3 early data with BoringSSL.
2018-08-06T23:16:07+00:00

Maxim Dounin
mdounin@mdounin.ru

2018-08-06T23:16:07+00:00

3b1589173f28fccb5816669f3ff4c9ac1e9b573c

Early data AKA 0-RTT mode is enabled as long as "ssl_early_data on" is
specified in the configuration (default is off).

The $ssl_early_data variable evaluates to "1" if the SSL handshake
isn't yet completed, and can be used to set the Early-Data header as
per draft-ietf-httpbis-replay-04.





Early data AKA 0-RTT mode is enabled as long as "ssl_early_data on" is
specified in the configuration (default is off).

The $ssl_early_data variable evaluates to "1" if the SSL handshake
isn't yet completed, and can be used to set the Early-Data header as
per draft-ietf-httpbis-replay-04.