simon/tiny_httpd
1
0
Fork 0
mirror of https://github.com/c-cube/tiny_httpd.git synced 2026-03-07 21:37:57 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
580 commits 20 branches 20 tags 11 MiB
Commit graph

21 commits

Author SHA1 Message Date
Simon Cruanes
57a160c054
Merge a56dd0ec65 into ba19880d75 2026-02-12 01:55:04 +08:00
Simon Cruanes
ba19880d75
hardening bugfixes
Some checks failed
github pages / deploy (push) Has been cancelled
Details
build / build (4.13.x, ubuntu-latest) (push) Has been cancelled
Details
build / build (4.14.x, ubuntu-latest) (push) Has been cancelled
Details
build / build (5.03.x, ubuntu-latest) (push) Has been cancelled
Details 
* fix: use realpath to validate filesystem paths against traversal

- add string_prefix helper to check path containment
- compute root_canonical once per add_vfs_ call
- use realpath only for filesystem (on_fs=true), keeping simple
  contains_dot_dot check for VFS
- paths are already URL-decoded by Route.rest_of_path_urlencoded

* fix: add header size limits to prevent memory exhaustion

add optional limits to Headers.parse_:
- max_headers: 100 (default)
- max_header_size: 16KiB per header (default)
- max_total_size: 256KiB total (default)

returns 431 status code when limits exceeded per RFC 6585.
 2026-02-10 19:57:21 -05:00
Simon Cruanes
731dd7de51
add a form to echo.ml for manual testing 2024-12-03 10:13:33 -05:00
Simon Cruanes
cf9c14b1c2
basic test for moonpool-io 2024-09-03 15:17:25 -04:00
Simon Cruanes
1a45961443
chore: turn tiny_httpd_ws into tiny_httpd.ws, a sub-lib 
now that there's no additional dep it's not a problem!
 2024-02-05 10:36:55 -05:00
Simon Cruanes
7fe66a21ec
example of echo server over websockets 2024-02-05 01:06:37 -05:00
Simon Cruanes
86f1b9025d
add optional dependency on logs 2024-01-23 23:32:20 -05:00
Simon Cruanes
3802aad11f
remove eio stuff. 
it doesn't really bring anything to the table for now. Let's wait until
it becomes actually useful.
 2023-08-08 12:39:07 -04:00
Simon Cruanes
355cc4d004
add example for Writer.t response body 2023-07-18 12:51:45 -04:00
Simon Cruanes
e1f0c58065 echo examples: add alice endpoint; use eio_posix 2023-06-23 17:58:11 -04:00
Simon Cruanes
bfe5e9c358
copy example echo for eio backend 2023-06-21 00:23:09 -04:00
Simon Cruanes
0908d71e19
ocamlformat 2023-05-23 17:40:18 -04:00
Simon Cruanes
dbb384cd82
fix: do not try to download a URL from vfs-pack in test 2022-03-30 16:31:18 -04:00
Simon Cruanes
d4c2482699
examples: fix tests for -p tiny_httpd_camlzip 2022-03-30 16:23:40 -04:00
Simon Cruanes
a4438dbdf6
fix a test for 4.04 2022-03-30 16:23:40 -04:00
Simon Cruanes
a7f0039903
fix CI 2022-03-04 13:51:07 -05:00
Simon Cruanes
d36011bce6
fake vfs module on non linux 2022-03-04 00:20:49 -05:00
Simon Cruanes
759995b9d5
add a VFS in examples/echo.ml 2022-03-03 22:14:44 -05:00
Simon Cruanes
c8982c8836
move echo from src/examples/ to examples/ 2021-12-11 10:02:24 -05:00
Simon Cruanes
b292664b2e test: expect test for server-send events (linux only) 2021-07-17 22:10:15 -04:00
Simon Cruanes
ce552cafdd add some example programs to exercize server-sent events 2021-07-17 22:09:45 -04:00