Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Commits on Oct 2, 2012
  1. @capflam @vinoski

    Fix SSL socket wrapping

    capflam committed with vinoski
    We must be careful when we rely on Arg#arg.clisock in Yaws modules
    because the socket is wrapped in case of SSL connections.
    Thanks to Jean-Charles Campagne.
Commits on Oct 1, 2012
  1. @vinoski
Commits on Sep 18, 2012
  1. @capflam

    Parse extensions and trailing headers of chunked transfer encoded req…

    capflam committed
    Chunk extensions and trailing headers are parsed but ignored in requests
    and are not supported in responses. It is a strange feature of the RFC-2619
    and would be hard to implement. Moreover, this feature is rarely supported
    by clients and servers and even less used.
    So, without any concrete use-case, no further work will be done on this
  2. @capflam
  3. @capflam

    Optimize the ACL checks during the request's authentication

    capflam committed
    Now, in yaws_server:handle_auth/4, the client ip is no more converted into
    integer. All ip addresses in #auth.acl are of the type ip_address(). That makes
    easier the checking of the client ip.
    To clean up the code, functions that parses and checks the allowed/denied ip
    addresses with the client ip were moved into yaws.erl.
Commits on Sep 10, 2012
  1. Added support to configure ciphers in ssl, previously the ciphers = V…

    …al stricng in yaws.conf required the Val to be a string according the openssl cipher string spec language. Now we specify an erlang list instead, the list shall comply to the output of ssl:cipher_suites()
Commits on Sep 8, 2012
  1. @jj1bdx

    Update Makefile and src/Makefile

    jj1bdx committed
    * Targets in `Makefile` of `yaws.plt` and `dialyzer` calls
      dialyzer with two target directories, `ebin` and `src`;
      this causes the error of duplicate modules.
      Checking out the .beam files under `ebin` is sufficient
      for dialyzer; `src` is removed.
    * Target `mime_type_c.beam` in `src/Makefile` is
      superfluous and generates a spurious .beam file in
      the `src` directory, so the target is removed.
      Also target `charset.def` in `src/Makefile` should be
      dependent on `../ebin/mime_type_c.beam`, so this is
      also changed from the previous target without the
      directory path.
Commits on Aug 22, 2012
  1. @vinoski

    add flexible variant of yaws_api:reformat_header

    vinoski committed
    Add a new yaws_api:reformat_header/2 that takes a formatting function as
    the second argument. The old reformat_header/1 now just calls this, passing
    the original formatting function.
Commits on Jul 26, 2012
  1. @capflam

    Improve how Yaws is started in embedded mode

    capflam committed
    The main change concerns the function yaws:create_sconf/2. Now, this function
    relies on yaws_config:make_default_sconf/2 to create a default #sconf record.
  2. @capflam
Commits on Jul 25, 2012
  1. @capflam

    Make the mime types mappings configurable

    capflam committed with capflam
    Now, it possible to customize the global mime types mappings and to overload
    it for each virtual server. It can be done using following directives in the
    global part or the server part of the configuration:
    * default_type: Defines the default mime type to be used where Yaws cannot
      determine it by its mime types mappings (default: text/plain).
      In the server part, this directive overloads the global one.
    * default_charset: Defines the default charset to be added when a response
      content-type is text/* (default: none). In the server part, this directive
      overloads the global one.
    * mime_types_file: Overrides the default mime.types file included with Yaws
      (default: ${PREFIX}/lib/yaws/priv/mime.types). In the server part, this
      directive overloads the global one but mappings defined in this file will
      not overload those defined by add_types directives in the global part.
    * add_types: Specifies one or more mappings between mime types and file
      extensions. More than one extension can be assigned to a mime type. If a
      mapping is defined in the global part and redefined in a server part using
      this directive, then the later is used. Else the global one is kept.
    * add_charsets: Specifies one or more mappings between charsets and file
      extensions. More than one extension can be assigned to a charset. If a
      mapping is defined in the global part and redefined in a server part using
      this directive, then the later is used. Else the global one is kept.
    Here is an example:
      default_type = text/html
      <server localhost>
          port = 8000
          listen =
          docroot = /var/www
          # nothing is overloaded in the vhost
      <server localhost>
          port = 8001
          listen =
          docroot = /var/www
          # overload global configuration:
          default_type    = text/plain
          mime_types_file = /etc/mime.types
          add_types       = <text/xhtml, yaws> <application/x-test, tst test>
          default_charset = UTF-8
          add_charsets    = <ISO-8859-1, php html yaws> <US-ASCII, tst>
    During Yaws compilation, a default module 'mime_types' is created using the
    default mime.types file. Then, when yaws starts up, this module is
    re-generated, re-compiled and loaded dynamically. The new module replaces the
    default one but the .beam file is unchanged. So if one of these steps failed,
    we fall back on the default module.
Commits on Jul 24, 2012
  1. @capflam
Commits on Jul 13, 2012
  1. Merge pull request #116 from sumup/feature/soap12_imports_namespaces

    Feature/soap12 imports namespaces
Commits on Jul 11, 2012
  1. @capflam

    Add index_files directive into the server part configuration

    capflam committed
    This directive sets the list of resources to look for, when a directory is
    requested by the client. If the last entry begins with a "/", and none of
    the earlier resources are found, Yaws will perform a redirect to this uri.
    Default is:
      index_files = index.yaws index.html index.php
Commits on Jul 10, 2012
  1. @vinoski

    wrap SSL sockets in tuple

    vinoski committed
    Yaws previously internally used details of an SSL socket representation
    that's supposed to be private/opaque to Erlang's SSL support. Encapsulate
    SSL sockets within a {ssl, SslSocket} tuple and add the
    yaws_api:get_sslsocket/1 function that returns a socket for SSL sockets or
    undefined for non-SSL sockets. Also document the new get_sslsocket/1
    function and other minor tweaks to SSL areas of the documentation.
  2. @capflam
  3. @capflam

    Refactor Set-Cookie/Cookie header parsing to follow RFC6265

    capflam committed
    RFC6265 obsoletes RFC2965 and RFC2109. #setcookie{} and #cookie{} are
    changed to reflect this new RFC. So, yaws_api:parse_set_cookie/1 and
    yaws_api:parse_cookie/1 are refactored accordingly:
    * yaws_api:parse_set_cookie/1: Because RFC2109 and RFC2965 are still used,
      we try to be backward compatible with these old RFCs. So this function
      returns a #setcookie{} record when only one cookie is found else it returns
      a list of #setcookie{} records.
      in RFC2109 and RFC2965, cookies are separated by comma. So, comma is
      forbidden in 'path-av' and 'extension-av' except for double-quoted value.
      The parsing are not really strict because of the compatibility and can lead
      to unwanted behaviors.
      Old attributes (like 'Comment' or 'Port') are still parsed and can be
      found into #setcookie.extensions field.
    * yaws_api:parse_cookie/1: This function follows the RFC6265, so all cookie
      attributes (like '$Domain' or '$Path') are parsed like any other cookie.
Commits on Jul 9, 2012
  1. @kdcircle
  2. @kdcircle
  3. @kdcircle
Commits on Jul 6, 2012
  1. @vinoski

    minor changes to server-sent events

    vinoski committed
    Change yaws_sse to send close connection header by default, and change the
    example to return an Allow header if anything other than GET is requested.
  2. @kdcircle

    -fixed action header for soap12 requests to contain action rather tha…

    kdcircle committed
    …n operation;
    -added namespace registry to allow for wsdl inline schemas in different namespaces
Commits on Jul 4, 2012
  1. @capflam

    Fix parse_set_cookie/1 and format_set_cookie/1 functions

    capflam committed
    1. According to the RFCs 2109 and 2965, multiple cookies can be set in a
    single 'Set-Cookie' header. So, yaws_api:parse_set_cookie/1 now returns a
    list of #setcookie{} records. If no cookie was found or if an error occurred,
    it returns []. The parsing is also improved.
    Note that this fix breaks the compatibility with previous versions.
    2. In yaws_api:format_set_cookie/1, options are now always formated as
    3. 2 new functions are added, yaws_api:parse_cookie/1 and
    yaws_api:format_cookie/1, to parse and format 'Cookie' headers. To let these
    functions to work, the #cookie{} record was introduced.
    Documentation and testsuite are updated accordingly.
Commits on Jun 27, 2012
  1. @capflam @vinoski

    Fix is_revproxy/3 and is_redirect_map/2 in yaws.erl

    capflam committed with vinoski
    In these functions, we try to find the longest matching prefix and not
    the first anymore. So we can have several revproxy/redirect_map definitions
    for which order does not matter.
    For example, if we define these revproxy rules (in any order):
      revproxy = /goo     (1)
      revproxy = /         (2)
      revproxy = /erl         (3)
      revproxy = /google         (4)
      http://localhost will match the rule (2)
      http://localhost/goo will match the rule (1)
      http://localhost/google/search will match the rule (4)
      http://localhost/erl will match the rule (3)
    We also change how the matching is made. Now, the matching is done by
    splitting the path on slashes. So, using previous rules, "/google" is the
    longest prefix for the path "/google/test" and "/" is the longest prefix
    for "/erlang".
  2. @capflam @vinoski
  3. @capflam @vinoski

    Handle undefined docroot when the fullpath of a request is built

    capflam committed with vinoski
    Now, the internal function yaws_server:construct_fullpath/3 returns
    'undefined' when there is no docroot. This might only happen for servers
    with an appmod on "/" (because docroot is optional in that case).
    Note that such appmods cannot return ssi or yssi structures.
  4. @vinoski

    loosen docroot checking for certain server configs

    vinoski committed
    For server configurations that define a reverse proxy, redirection for the
    path "/", forward proxies, or appmods on "/", a docroot isn't
    needed. Change yaws_config to avoid errors for missing docroot settings for
    such servers. Add test/t6 to check these configurations.
Commits on Jun 25, 2012
  1. @vinoski

    add support for W3C Server-Sent Events

    vinoski committed
    Server-Sent Events is a W3C working draft allowing servers to send simple
    events to a client. See the documentation in www/server_sent_events.yaws
    for a full description.
Commits on Jun 24, 2012
  1. The random patch for 1.93 wasn't good enough as discovered by Sergei …

    …Golovan, we need to cater for non printable chars
Commits on Jun 21, 2012
  1. @vinoski

    add reverse proxy intercept module capability

    vinoski committed
    Users can now specify an interception module that can rewrite requests and
    responses as they pass through the Yaws reverse proxy. See the
    documentation for details (yaws.conf.5 man page or the yaws.pdf file).
    Also add new set_header, get_header, and delete_header functions to the
    yaws_api module to allow intercept modules and arg rewriters to more easily
    examine and modify #headers{} records.
    Add new tests for the new header manipulation functions and for the reverse
    proxy interception feature.
Commits on Jun 20, 2012
  1. Use crypto:rand_bytes() instead of the cryptogrphicalli weak random m…

    …odule. Swedish security consultant and cryptographer Kalle Zetterlund discovered a way to - given a sequence of cokkies produced by yaws_session_server - predict the next session id. Thus providing a gaping security hole into yaws servers that yse the yaws_session_server to maintain cookie based HTTP sessions
Something went wrong with that request. Please try again.