unit.git/docs, branch archive/cppcheck-fixes Universal Web Application Server Static: Fixed finding the file extension. 2022-06-21T10:47:01+00:00 Alejandro Colomar alx.manpages@gmail.com 2022-06-06T12:18:01+00:00 c3e40ae932f0cf9ae33166479049d2d3c9fa1615 The code for finding the extension made a few assumptions that are no longer true. It didn't account for pathnames that didn't contain '/', including the empty string, or the NULL string. That code was used with "share", which always had a '/', but now it's also used with "index", which should not have a '/' in it. This fix works by limiting the search to the beginning of the string, so that if no '/' is found in it, it doesn't continue searching before the beginning of the string. This also happens to work for NULL. It is technically Undefined Behavior, as we rely on `NULL + 0 == NULL` and `NULL - NULL == 0`. But that is the only sane behavior for an implementation, and all existing POSIX implementations will Just Work for this code. Relying on this UB is useful, because we don't need to add an explicit check for NULL, and therefore we have faster code. Although the current code can't have a NULL, I expect that when we add support for variables in the index, it will be NULL in some cases. Link: <https://stackoverflow.com/q/67291052/6872717> The same code seems to be defined behavior in C++, which normally will share implementation in the compiler for these cases, and therefore it is really unlikely to be in trouble. Link: <https://stackoverflow.com/q/59409034/6872717> 
The code for finding the extension made a few assumptions that are
no longer true.  It didn't account for pathnames that didn't
contain '/', including the empty string, or the NULL string.  That
code was used with "share", which always had a '/', but now it's
also used with "index", which should not have a '/' in it.

This fix works by limiting the search to the beginning of the
string, so that if no '/' is found in it, it doesn't continue
searching before the beginning of the string.

This also happens to work for NULL.  It is technically Undefined
Behavior, as we rely on `NULL + 0 == NULL` and `NULL - NULL == 0`.
But that is the only sane behavior for an implementation, and all
existing POSIX implementations will Just Work for this code.

Relying on this UB is useful, because we don't need to add an
explicit check for NULL, and therefore we have faster code.
Although the current code can't have a NULL, I expect that when we
add support for variables in the index, it will be NULL in some
cases.

Link: <https://stackoverflow.com/q/67291052/6872717>

The same code seems to be defined behavior in C++, which normally
will share implementation in the compiler for these cases, and
therefore it is really unlikely to be in trouble.

Link: <https://stackoverflow.com/q/59409034/6872717>
Switched changelogs to packaging alias instead of personal emails. 2022-06-20T14:21:43+00:00 Konstantin Pavlov thresh@nginx.com 2022-06-20T14:21:43+00:00 e42c52cff68b2bf39f97b6d21b153de730e54d5a 






Router: forwared header replacement.
2022-06-20T05:22:13+00:00

Zhidao HONG
z.hong@f5.com

2022-06-20T05:22:13+00:00

9d2672a701e3dcaee45bef9251ab55620d42fa42












Version bump.
2022-06-17T08:46:30+00:00

Andrei Zeliankou
zelenkov@nginx.com

2022-06-17T08:46:30+00:00

7e64971cbe6dcf249b586cc49bc4e7b163697d74












Specified date of 1.27.0 release in changes.xml.
2022-06-08T12:12:51+00:00

Andrei Zeliankou
zelenkov@nginx.com

2022-06-08T12:12:51+00:00

862f51bcd834d58fadc322720107be64ba0b70b1












Node.js: fixed ES modules format in loader.mjs.
2022-06-02T10:48:27+00:00

Andrei Zeliankou
zelenkov@nginx.com

2022-06-02T10:48:27+00:00

bd80039e07500021664a10984977cf64902a4b81

Before Node.js v16.14.0 the "format" value in defaultResolve
was ignored so error was hidden.  For more information see:
https://github.com/nodejs/node/pull/40980





Before Node.js v16.14.0 the "format" value in defaultResolve
was ignored so error was hidden.  For more information see:
https://github.com/nodejs/node/pull/40980







Fixed minor issues in "changes.xml".
2022-06-01T13:54:13+00:00

Artem Konev
artem.konev@nginx.com

2022-06-01T13:54:13+00:00

0d5d81b2717a1707fc22020e6b27b4dea23d7595












Var: Added $request_uri (as in NGINX).
2022-05-31T10:40:02+00:00

Alejandro Colomar
alx.manpages@gmail.com

2022-05-26T12:38:42+00:00

9bf614cd0874e0ef9fda3145faacd3ef3a5fb0ed

This supports a new variable $request_uri that contains the path
and the query (See RFC 3986, section 3).  Its contents are percent
encoded.  This is useful for example to redirect HTTP to HTTPS:

{
    "return": "301",
    "location": "https://$host$request_uri"
}

When <http://example.com/foo%23bar?baz> is requested, the server
redirects to <https://example.com/foo%23bar?baz>.

===

Testing:

//diff --git a/src/nxt_http_return.c b/src/nxt_http_return.c
//index 82c9156..adeb3a1 100644
//--- a/src/nxt_http_return.c
//+++ b/src/nxt_http_return.c
//@@ -196,6 +196,7 @@ nxt_http_return_send_ready(nxt_task_t *task,
    void *obj, void *data)
//         field->value = ctx->encoded.start;
//         field->value_length = ctx->encoded.length;
//     }
//+    fprintf(stderr, "ALX: target[%1$i]: <%2$.*1$s>\n",
    (int)r->target.length, r->target.start);
//
//     r->state = &nxt_http_return_send_state;
//

{
	"listeners": {
		"*:81": {
			"pass": "routes/ru"
		}
	},

	"routes": {
		"ru": [{
			"action": {
				"return": 301,
				"location": "$request_uri"
			}
		}]
	}
}

$ curl -i http://localhost:81/*foo%2Abar?baz#arg
HTTP/1.1 301 Moved Permanently
Location: /*foo%2Abar?baz
Server: Unit/1.27.0
Date: Mon, 30 May 2022 16:04:30 GMT
Content-Length: 0

$ sudo cat /usr/local/unit.log | grep ALX
ALX: target[15]: </*foo%2Abar?baz>





This supports a new variable $request_uri that contains the path
and the query (See RFC 3986, section 3).  Its contents are percent
encoded.  This is useful for example to redirect HTTP to HTTPS:

{
    "return": "301",
    "location": "https://$host$request_uri"
}

When <http://example.com/foo%23bar?baz> is requested, the server
redirects to <https://example.com/foo%23bar?baz>.

===

Testing:

//diff --git a/src/nxt_http_return.c b/src/nxt_http_return.c
//index 82c9156..adeb3a1 100644
//--- a/src/nxt_http_return.c
//+++ b/src/nxt_http_return.c
//@@ -196,6 +196,7 @@ nxt_http_return_send_ready(nxt_task_t *task,
    void *obj, void *data)
//         field->value = ctx->encoded.start;
//         field->value_length = ctx->encoded.length;
//     }
//+    fprintf(stderr, "ALX: target[%1$i]: <%2$.*1$s>\n",
    (int)r->target.length, r->target.start);
//
//     r->state = &nxt_http_return_send_state;
//

{
	"listeners": {
		"*:81": {
			"pass": "routes/ru"
		}
	},

	"routes": {
		"ru": [{
			"action": {
				"return": 301,
				"location": "$request_uri"
			}
		}]
	}
}

$ curl -i http://localhost:81/*foo%2Abar?baz#arg
HTTP/1.1 301 Moved Permanently
Location: /*foo%2Abar?baz
Server: Unit/1.27.0
Date: Mon, 30 May 2022 16:04:30 GMT
Content-Length: 0

$ sudo cat /usr/local/unit.log | grep ALX
ALX: target[15]: </*foo%2Abar?baz>







Static: supporting new "index" option.
2022-05-30T10:42:18+00:00

Alejandro Colomar
alx.manpages@gmail.com

2021-12-09T02:00:23+00:00

9af5f369511eefea691a5cb6787a31ef3af53a0a

This supports a new option "index" that configures a custom index
file name to be served when a directory is requested.  This
initial support only allows a single fixed string.  An example:

{
	"share": "/www/data/static/$uri",
	"index": "lookatthis.htm"
}

When <example.com/foo/bar/> is requested,
</www/data/static/foo/bar/lookatthis.html> is served.

Default is "index.html".

===

nxt_conf_validator.c:

Accept "index" as a member of "share", and make sure it's a string.

===

I tried this feature in my own computer, where I tried the
following:

- Setting "index" to "lookatthis.htm", and check that the correct
  file is being served (check both a different name and a
  different extension).
- Not setting "index", and check that <index.html> is being
  served.
- Settind "index" to an array of strings, and check that the
  configuration fails:

{
	"error": "Invalid configuration.",
	"detail": "The \"index\" value must be a string, but not an array."
}





This supports a new option "index" that configures a custom index
file name to be served when a directory is requested.  This
initial support only allows a single fixed string.  An example:

{
	"share": "/www/data/static/$uri",
	"index": "lookatthis.htm"
}

When <example.com/foo/bar/> is requested,
</www/data/static/foo/bar/lookatthis.html> is served.

Default is "index.html".

===

nxt_conf_validator.c:

Accept "index" as a member of "share", and make sure it's a string.

===

I tried this feature in my own computer, where I tried the
following:

- Setting "index" to "lookatthis.htm", and check that the correct
  file is being served (check both a different name and a
  different extension).
- Not setting "index", and check that <index.html> is being
  served.
- Settind "index" to an array of strings, and check that the
  configuration fails:

{
	"error": "Invalid configuration.",
	"detail": "The \"index\" value must be a string, but not an array."
}







Supporting empty Location URIs.
2022-05-16T10:57:37+00:00

Alejandro Colomar
alx.manpages@gmail.com

2022-04-09T19:27:12+00:00

7066acb2ce438526fb0d60df443320d1c8366760

An empty string in Location was being handled specially by not sending a
Location header.  This may occur after variable resolution, so we need to
consider this scenario.

The obsolete RFC 2616 defined the Location header as consisting of an absolute
URI <https://www.rfc-editor.org/rfc/rfc2616#section-14.30>, which cannot be an
empty string.  However, the current RFC 7231 allows the Location to be a
relative URI <https://www.rfc-editor.org/rfc/rfc7231#section-7.1.2>, and a
relative URI may be an empty string <https://stackoverflow.com/a/43338457>.

Due to these considerations, this patch allows sending an empty Location header
without handling this case specially.  This behavior will probably be more
straightforward to users, too.  It also simplifies the code, which is now more
readable, fast, and conformant to the current RFC.  We're skipping an
allocation at request time in a common case such as "action": {"return": 404}





An empty string in Location was being handled specially by not sending a
Location header.  This may occur after variable resolution, so we need to
consider this scenario.

The obsolete RFC 2616 defined the Location header as consisting of an absolute
URI <https://www.rfc-editor.org/rfc/rfc2616#section-14.30>, which cannot be an
empty string.  However, the current RFC 7231 allows the Location to be a
relative URI <https://www.rfc-editor.org/rfc/rfc7231#section-7.1.2>, and a
relative URI may be an empty string <https://stackoverflow.com/a/43338457>.

Due to these considerations, this patch allows sending an empty Location header
without handling this case specially.  This behavior will probably be more
straightforward to users, too.  It also simplifies the code, which is now more
readable, fast, and conformant to the current RFC.  We're skipping an
allocation at request time in a common case such as "action": {"return": 404}