Commits on Mar 25, 2013
  1. Move WebDAV to an appmod, the locking server to a runmod (tjeerd)

    vinoski committed Mar 25, 2013
    All WebDAV functionality is moved to an appmod so the extension methods and
    additional response headers are not part of yaws_server.erl and yaws.erl
    anymore. Also the locking server is now a runmod so it is not started by
    the supervisor and can be used only when needed.
    Additionally the 100-Continue code is moved so it can be returned to all
    requests that contain a body.
    The WebDAV functionality is tested against the litmus test. All tests are
    passed, except the ones that require unsupported properties. The test shows
    this as a fail while returning 404 should be sufficient.
Commits on Mar 19, 2013
  1. preparing for yaws 1.96

    klacke committed Mar 19, 2013
Commits on Mar 15, 2013
  1. add yaws_api:merge_header/2 and yaws_api:merge_header/3 funs

    vinoski committed Mar 13, 2013
    The merge_header functions allow HTTP headers and their values to be set
    and combined in a #headers{} record.
Commits on Mar 8, 2013
  1. fix issue #140

    vinoski committed Mar 8, 2013
Commits on Mar 3, 2013
Commits on Feb 27, 2013
  1. fix R16B dialyzer issue

    vinoski committed Feb 27, 2013
Commits on Feb 15, 2013
  1. spelling err

    klacke committed Feb 15, 2013
Commits on Feb 12, 2013
  1. Fix typo in documentation

    capflam committed Feb 12, 2013
Commits on Feb 11, 2013
  1. Refactor WebSockets and add support of optional callback functions

    capflam committed Dec 10, 2012
    Main changes:
      * Fix some bugs about UTF-8 encoding and messages fragmentation
      * Add support of optional callback functions
      * Add support of many startup options
      * Add support of outgoing fragmented messages
      * Add a websocket testsuite
                                     - * -
    *** bug fixes ***
    First of all, an huge part of yaws_websocket.erl was rewritten to fix bugs
    about the messages fragmentation and the UTF-8 encoding of incoming text
      * UTF-8 encoding
        before, when a text message was fragmented, only the first frame was
        checked and partial UTF-8 sequences were not supported. Now, checks
        are done on each message part and a partial UTF-8 sequence at the end
        of a frame is accumulated and checked with the next frame (for basic
        callback only).
      * Messages fragmentation
        for basic callback modules, because of a buggy mapping between frames
        and messages, the messages fragmentation was almost unusable. To fix
        this, the message handling was rewritten.
    Now, all tests in the autobahn testsuite[1] pass successfully.
                                     - * -
    *** Optional callback functions ***
    Then, from an idea of François de Metz[2], yaws_websocket module was
    extended to support optional callback functions. See the documentation for
    details (www/websockets.yaws).
    Quickly, optional callback functions are:
      * Module:init/1           (for basic and advanced callback modules)
      * Module:terminate/2      (for basic and advanced callback modules)
      * Module:handle_open/2    (for basic and advanced callback modules)
      * Module:handle_info/2    (for basic and advanced callback modules)
      * Module:handle_message/2 (for basic callback modules only, used in place
                                 of Module:handle_message/1)
    Thanks to Pablo Vieytes[3] which added handle_info to optional callback
                                     - * -
    *** Startup options ***
    To start a websocket process a script must return the following term from
    its out/1 function:
      {websocket, CallbackMod, Options}
    where 'Options' is a (possibly empty) proplist. Following parameters are
      * {origin, Orig}
      * {callback, Type}
      * {keepalive, Boolean}
      * {keepalive_timeout, Tout}
      * {keepalive_grace_period, Time}
      * {drop_on_timeout, Boolean}
      * {close_timeout, Tout}
      * {close_if_unmasked, Boolean}
      * {max_frame_size, Int}
      * {max_message_size, Int}
      * {auto_fragment_message, Boolean}
      * {auto_fragment_threshold, Int}
    See the documentation for details (www/websockets.yaws).
                                     - * -
    *** Outgoing fragmented messages ***
    A callback module can now send fragmented messages to clients using the
    record #ws_frame{}:
     #ws_frame{fin     = true,  %% true | false
               rsv     = 0,
               opcode,          %% text | binary | continuation...
               payload = <<>>}. %% binary(), unmasked data
    [2] #99
Commits on Jan 3, 2013
  1. Add access functions for #gconf{} and #sconf{} records

    capflam committed Nov 9, 2012
    Applications may want to retrieve information in it. yaws:gconf_*/1 and
    yaws:sconf_*/1 should be used in preference to a direct access to reduce
    the dependence of your code on these records. So internal modifications
    could be done avoiding the need to update and recompile your application.
    Update www/internals.yaws accordingly and remove dependency on 'yaws.hrl'
    in examples and applications. Add unit tests to check #gconf{} and #sconf{}
  2. Add support of the 'Vary' header in response

    capflam committed Nov 30, 2012
    With this patch, Yaws will add 'Accept-Encoding' in 'Vary' header if the
    support of gzip compression is enabled or if the response is compressed.
    The 'Vary' header can be set using 'yaws:outh_set_vary(Fields)' or by
    returning '{header, {vary, Fields}}' from scripts (where Fields is a list
    of header names).
  3. Fix checks on the response content type when a charset is present

    capflam committed Nov 29, 2012
    When we test if a response is compressible or not, or when 'Expires' and
    'Cache-Control' headers are set, the charset must be removed from the
    response content-type to only keep the response mime-type.
  4. Fix when 'Expires' and 'Cache-Control' headers are set

    capflam committed Nov 9, 2012
    Because the content-type of the response may change many times during the
    request handling process, we must wait the #outh{} serialization to set it.
    Note: 'Last-modified' header is also managed in a same way because there is
    no good reason to set it before.
  5. Flush remaining data in case of 3xx redirect

    capflam committed Nov 23, 2012
    When Yaws returns a 3xx response, if the client connection is kept alive,
    the remaining data must be flushed. Else the next request on the same
    connection cannot be handled.
  6. Keep info about the original request during a reentrant call

    capflam committed Nov 23, 2012
    Some information must be preserved during a reentrant call. From the original
    request, we keep:
      * buffered data (Arg#arg.clidata) and the number of bytes read
      * the request state (Arg#arg.cont & Arg#arg.state)
  7. Make be possible to chain appmods

    capflam committed Nov 21, 2012
    Before, all appmods were disabled during a reentrent call. So it was
    impossible to chain appmods. Now, it is possible. Only the current appmod
    is disabled for the next recursion (if we are inside an appmod of course).
    So if we have this configuration for appmods:
      appmods = </foo, foo> </bar, bar>
    When "/foo" is requested, the appmon "foo" is called. At this step, it is
    possible to call the appmod "bar" by returning {page, "/bar"}.
Commits on Dec 1, 2012
  1. Support multipart/form-data "name" with backslash at the end.

    weisslj authored and vinoski committed Dec 1, 2012
    Also add multipart/form-data tests ("name" with escaped characters).
Commits on Nov 29, 2012
  1. Merge pull request #133 from olgeni/tilde_injection_fix

    capflam committed Nov 29, 2012
    Fix io:format call in yaws_compile.
  2. Fix io:format call in yaws_compile.

    olgeni committed Nov 29, 2012
    Basically, yaws_compile was unable to process items in some "unlucky"
    paths on Win32.
    NTFS may generate filenames in an MS-DOS compatible format if the
    original filename is not compatible with the legacy 8.3 notation;
    these filenames often contain tilde characters, which are inserted
    (unquoted) in the Format parameter of io:format by the string
    These unquoted tilde characters are processed as usual, leading to
    a badarg error as the Data parameter is always an empty list.
  3. Fix compilation of mime_types.erl when working directory is not 'yaws'

    capflam committed Nov 29, 2012
    When mime_types.erl is generated, we must check if it is done during a Yaws
    compilation or a Yaws startup. In the first case, we must use a relative
    path for includes. Else include_lib must be used.
    This issue was reported by Andrei Zavada and avoid a compile error when the
    working directory is not 'yaws'.
    The mechanisms to generate and compile this file have also changed.
    Then, to centralize calls to yaws_generated:is_local_install/0, following
    functions was added in yaws.erl:
      get_app_dir/0, get_src_dir/0, get_ebin_dir/0, get_priv_dir/0, get_inc_dir/0
Commits on Nov 28, 2012
  1. skip sslaccept_tout_test for R15B03

    vinoski committed Nov 28, 2012
    An SSL bug introduced in R15B03 makes the sslaccept_tout_test fail. The bug
    is explained here:
    Check the Erlang version and skip that test for R15B03.
Commits on Nov 20, 2012
  1. Take care to preserve the query-string in yaws_server:deliver_302/4

    capflam committed Nov 20, 2012
    It is an old bug on the redirect made when the trailing slash is missing.
    The query-string was always missing from the redirect URL. So now, we add
    it explicitly.
Commits on Nov 15, 2012
  1. Extend syntax of redirect block to allow an optional status code

    capflam authored and vinoski committed Nov 13, 2012
    Now, it is possible to change the HTTP status code used in redirect rules.
    Supported formats are:
       Path = URL
       Path = code
       Path = code URL
    * '==' syntax instead of '=' is always valid.
    * If no status code is defined, Yaws will perform a 302 redirect.
    * For 3xx status codes, the URL parameter must be present and will be used
      to build the new location.
    * For other status codes (1xx, 2xx, 4xx and 5xx), it can be omitted. In the
      absence of URL, Yaws will return a generic response with the specified
      status code. Otherwise, the URL parameter must be a relative URL and will
      be used to customize the response.
    For example:
        /foo =  # (1)
        /bar = 301 /foo               # (2)
        /baz = 404                    # (3)
        /qux = 403 /forbidden.yaws    # (4)
    (1) do a 302 redirect on ''
    (2) do a 301 redirect on 'scheme:host:port/bar/...'
    (3) return a generic 404 error
    (4) do a reentrant call to '/forbidden.yaws' by setting the status code
        to 403.
    Note: this new feature is fully compatible with older one.
Commits on Nov 9, 2012
  1. handle case with DOS attack towards pam login with embedded NUL chars…

    klacke committed Nov 9, 2012
    … in username or password. The protocol cannot handle NUL chars and Yaws dies
  2. Remove invalid macro in yaws.hrl

    capflam committed Nov 9, 2012
    ?sc_set_ssl is never used and rely on the undefined macro ?SC_SSL.
  3. Fix doc errors

    capflam committed Nov 9, 2012
Commits on Oct 24, 2012