Every repository with this icon (
Every repository with this icon (
| Description: | RED checks HTTP resources to see how they use HTTP, makes suggestions, and finds common protocol mistakes. edit |
-
Empty date headers aren't handled correctly currently; to investigate.
Comments
-
0 comments Created 7 months ago by mnotAlert on whitespace before colon in headersenhancementxThis is a well-known security issue; RED should notice this condition.
Comments
-
RED should be able to test and report on multiple URLs. This includes:
- taking multiple URLs in URL input
- formatting report as a table, etc.
Comments
-
RED should have the option to output messages in JSON, to support integration with tools, etc. May
need to be disabled on a per-deployment basis (e.g., we probably don't want this on redbot.org).Comments
-
RED should support compression of HTML output, e.g., using cgi_buffer.
Comments
-
RED should offer some mechanism to allow webmasters to tell it 'no'. Straw-man is to support
robots.txt, but not honour *; i.e., you'd need to target RED specifically.Comments
-
Right now we have a connect() timeout, but no read() timeout, so a connection could in theory stall
RED for some time, consuming resources.Comments
-
When a response has cookies, RED's UI should have the option to resubmit a new request with
those cookies.Comments
-
RED should allow users to specify HTTP authentication credentials (Basic, Digest, and maybe
OAuth).Comments
-
Look at cookies and note interaction with caching, etc.
Comments
-
parse HTML forms and submit them in a side panel
Comments
-
Allow contains a list of allowed methods; where possible, allow them to be used (perhaps uploading a POST or PUT body?)
Comments
-
There are a lot of features / problems in the code, indicated by FIXME or TODO.
Comments
-
RED should support HTTPS URLs as well.
This means changes in nbhttp as well as some modification of the caching logic.
Comments
-
Some servers behave differently using HTTP/1.0, either because chunked encoding is not used (length delimitation), or because they think that they need to send back different headers (e.g., Cache-Control).
RED should send a 1.0 request and see if there's any appreciable difference.
Comments
-
http://groups.google.com/group/firebug-working-group/web/http-tracing---export-format
Initially for input; maybe output too?
Comments
-
Currently, RED makes a request that sets Accept-Encoding: gzip first, and then shows those response headers for the 'main' (detail) view.
This is done to optimise; if the resource doesn't support negotiation, RED doesn't need to make two requests to figure this out.
However, now that we're showing the body, which is always uncompressed, showing the headers from the compressed response is confusing and not the right thing to do.
Fixing this means either introducing some logic to find the uncompressed response and promote it to the one that's shown, or to always make two requests.
Also, some wording in the messages will need to change.
Comments











