nginx.git/src/http/modules, branch release-1.19.3 nginx Proxy: error checking for array init, missed in 7716:d6a5e14aa3e4. 2020-09-29T12:54:09+00:00 Maxim Dounin mdounin@mdounin.ru 2020-09-29T12:54:09+00:00 e64f7fe7c903e6994defb21db0b9667dbec7c20d Found by Coverity (CID 1467637). 
Found by Coverity (CID 1467637).
Userid: userid_flags fixup. 2020-09-29T12:52:18+00:00 Maxim Dounin mdounin@mdounin.ru 2020-09-29T12:52:18+00:00 718d589091a1c653595f9b210bba132c43dd2c75 In 7717:e3e8b8234f05, the 1st bit was incorrectly used. It shouldn't be used for bitmask values, as it is used by NGX_CONF_BITMASK_SET. Additionally, special value "off" added to make it possible to clear inherited userid_flags value. 
In 7717:e3e8b8234f05, the 1st bit was incorrectly used.  It shouldn't
be used for bitmask values, as it is used by NGX_CONF_BITMASK_SET.

Additionally, special value "off" added to make it possible to clear
inherited userid_flags value.
Userid: userid_flags directive to set cookie flags. 2020-09-28T14:07:48+00:00 Maxim Dounin mdounin@mdounin.ru 2020-09-28T14:07:48+00:00 c511f3de3eb34641d85005b48683e4fc88f92ec5 






Proxy: added the "proxy_cookie_flags" directive.
2020-09-27T20:21:11+00:00

Ruslan Ermilov
ru@nginx.com

2020-09-27T20:21:11+00:00

21b903f8e31f722c104d425ce01c22614761fdd2












Proxy: changed interface of some internal functions.
2020-09-27T20:21:10+00:00

Ruslan Ermilov
ru@nginx.com

2020-09-27T20:21:10+00:00

8b3f778cbc33aabd410381ce4a8bbfd193b23372

This is in preparation for the next change.

Also, moved optimization from ngx_http_proxy_rewrite_regex_handler()
to ngx_http_proxy_rewrite().





This is in preparation for the next change.

Also, moved optimization from ngx_http_proxy_rewrite_regex_handler()
to ngx_http_proxy_rewrite().







Proxy: strengthen syntax checking for some directives.
2020-09-27T20:21:09+00:00

Ruslan Ermilov
ru@nginx.com

2020-09-27T20:21:09+00:00

b2b8f226f1cfaef8ca219b66374278af6fb4cf46

The "false" parameter of the proxy_redirect directive is deprecated.
Warning has been emitted since c2230102df6f (0.7.54).

The "off" parameter of the proxy_redirect, proxy_cookie_domain, and
proxy_cookie_path directives tells nginx not to inherit the
configuration from the previous configuration level.

Previously, after specifying the directive with the "off" parameter,
any other directives were ignored, and syntax checking was disabled.

The syntax was enforced to allow either one directive with the "off"
parameter, or several directives with other parameters.

Also, specifying "proxy_redirect default foo" no longer works like
"proxy_redirect default".





The "false" parameter of the proxy_redirect directive is deprecated.
Warning has been emitted since c2230102df6f (0.7.54).

The "off" parameter of the proxy_redirect, proxy_cookie_domain, and
proxy_cookie_path directives tells nginx not to inherit the
configuration from the previous configuration level.

Previously, after specifying the directive with the "off" parameter,
any other directives were ignored, and syntax checking was disabled.

The syntax was enforced to allow either one directive with the "off"
parameter, or several directives with other parameters.

Also, specifying "proxy_redirect default foo" no longer works like
"proxy_redirect default".







FastCGI: fixed zero size buf alerts on extra data (ticket #2018).
2020-07-27T13:02:15+00:00

Maxim Dounin
mdounin@mdounin.ru

2020-07-27T13:02:15+00:00

d2744ad26fef1e4f4f6e9c12e95b57866345c071

After 05e42236e95b (1.19.1) responses with extra data might result in
zero size buffers being generated and "zero size buf" alerts in writer
(if f->rest happened to be 0 when processing additional stdout data).





After 05e42236e95b (1.19.1) responses with extra data might result in
zero size buffers being generated and "zero size buf" alerts in writer
(if f->rest happened to be 0 when processing additional stdout data).







Xslt: disabled ranges.
2020-07-22T19:16:19+00:00

Roman Arutyunyan
arut@nginx.com

2020-07-22T19:16:19+00:00

4dd43dfca71f3fc2c6768606ff3700a4317a9176

Previously, the document generated by the xslt filter was always fully sent
to client even if a range was requested and response status was 206 with
appropriate Content-Range.

The xslt module is unable to serve a range because of suspending the header
filter chain.  By the moment full response xml is buffered by the xslt filter,
range header filter is not called yet, but the range body filter has already
been called and did nothing.

The fix is to disable ranges by resetting the r->allow_ranges flag much like
the image filter that employs a similar technique.





Previously, the document generated by the xslt filter was always fully sent
to client even if a range was requested and response status was 206 with
appropriate Content-Range.

The xslt module is unable to serve a range because of suspending the header
filter chain.  By the moment full response xml is buffered by the xslt filter,
range header filter is not called yet, but the range body filter has already
been called and did nothing.

The fix is to disable ranges by resetting the r->allow_ranges flag much like
the image filter that employs a similar technique.







Slice filter: clear original Accept-Ranges.
2020-07-09T13:21:37+00:00

Roman Arutyunyan
arut@nginx.com

2020-07-09T13:21:37+00:00

5cef7de7a116bab3af9097dac5a22f7652be4273

The slice filter allows ranges for the response by setting the r->allow_ranges
flag, which enables the range filter.  If the range was not requested, the
range filter adds an Accept-Ranges header to the response to signal the
support for ranges.

Previously, if an Accept-Ranges header was already present in the first slice
response, client received two copies of this header.  Now, the slice filter
removes the Accept-Ranges header from the response prior to setting the
r->allow_ranges flag.





The slice filter allows ranges for the response by setting the r->allow_ranges
flag, which enables the range filter.  If the range was not requested, the
range filter adds an Accept-Ranges header to the response to signal the
support for ranges.

Previously, if an Accept-Ranges header was already present in the first slice
response, client received two copies of this header.  Now, the slice filter
removes the Accept-Ranges header from the response prior to setting the
r->allow_ranges flag.







gRPC: generate error when response size is wrong.
2020-07-06T15:36:25+00:00

Maxim Dounin
mdounin@mdounin.ru

2020-07-06T15:36:25+00:00

5348706fe607c2b6704b52078cba77ee8fa298b8

As long as the "Content-Length" header is given, we now make sure
it exactly matches the size of the response.  If it doesn't,
the response is considered malformed and must not be forwarded
(https://tools.ietf.org/html/rfc7540#section-8.1.2.6).  While it
is not really possible to "not forward" the response which is already
being forwarded, we generate an error instead, which is the closest
equivalent.

Previous behaviour was to pass everything to the client, but this
seems to be suboptimal and causes issues (ticket #1695).  Also this
directly contradicts HTTP/2 specification requirements.

Note that the new behaviour for the gRPC proxy is more strict than that
applied in other variants of proxying.  This is intentional, as HTTP/2
specification requires us to do so, while in other types of proxying
malformed responses from backends are well known and historically
tolerated.





As long as the "Content-Length" header is given, we now make sure
it exactly matches the size of the response.  If it doesn't,
the response is considered malformed and must not be forwarded
(https://tools.ietf.org/html/rfc7540#section-8.1.2.6).  While it
is not really possible to "not forward" the response which is already
being forwarded, we generate an error instead, which is the closest
equivalent.

Previous behaviour was to pass everything to the client, but this
seems to be suboptimal and causes issues (ticket #1695).  Also this
directly contradicts HTTP/2 specification requirements.

Note that the new behaviour for the gRPC proxy is more strict than that
applied in other variants of proxying.  This is intentional, as HTTP/2
specification requires us to do so, while in other types of proxying
malformed responses from backends are well known and historically
tolerated.