Skip to content
Commits on Jun 19, 2016
  1. @vinoski

    Remove unneeded binding in yaws_websocket:send/2 call

    In yaws_api.erl, websocket_send was calling yaws_websocket:send/2 with
    a second argument of #ws_frame{}=Frame instead of just Frame.
    vinoski committed Jun 18, 2016
Commits on Jun 9, 2016
  1. Merge pull request #275 from dvaergiller/soap_srv_handle_request_conc…

    …urrent
    
    Soap srv handle request concurrent
    committed Jun 9, 2016
Commits on Jun 7, 2016
  1. @dvaergiller @dvaergiller

    Make ways_soap_srv handle requests in parallel

    This change makes the yaws_soap_srv:handler/4 function call the
    request/5 function directly, instead of having the gen_server do
    that. This avoids blocking the gen_server when handling requests and
    should provide much better parallelism.
    
    The gen_server now only manages WSDL models. The handler function will
    call the gen_server in order to retrieve the model. The rest should now
    be executed in the regular Yaws workers.
    dvaergiller committed with dvaergiller May 10, 2016
Commits on May 12, 2016
  1. @capflam

    Fix a infinite loop when a client sends a request on "." or "./some-p…

    …ath"
    
    When a client sends a request on "." or "./some-path", Yaws will loop
    infinitly. This is reproducable by using a catch-all appmod (on "/")
    
    The loop can occur in "yaws_server:is_revproxy/3",
    "yaws_server:is_redirect_map/2" or "yaws_server:filter_auths/2", depending on
    the configuration. In these functions there is a check on the path to return
    when it is equal to "/". We must do the same when the path is ".".
    
    This patch fixes #271.
    capflam committed May 12, 2016
  2. Merge pull request #268 from matthiasl/ml_auth_in_ets

    Move username/password tuples from server state to an ETS table
    committed May 12, 2016
Commits on May 7, 2016
  1. @vinoski

    Add yaws_api:websocket_send for ws_state records

    Yaws documentation has been instructing users to call
    yaws_api:websocket_send with a ws_state record as the first argument,
    but there was no clause of that function supporting this. Add two new
    clauses of yaws_api:websocket_send to fix this problem. Change
    basic_echo_callback_extended example to call yaws_api:websocket_send
    instead of yaws_websockets:send.
    vinoski committed May 7, 2016
Commits on May 6, 2016
  1. @vinoski
Commits on May 5, 2016
  1. @vinoski

    Merge pull request #269 from leoliu/master

    Don't crash on unknown query string in yaws_ls:parse_query/1
    vinoski committed May 5, 2016
  2. @leoliu

    Don't crash on unknown query string in yaws_ls:parse_query/1

    and also make it case-insensitive.
    leoliu committed May 5, 2016
Commits on May 2, 2016
  1. @capflam @capflam

    Fix json parsing for UTF-8 strings

    Surrogate pairs were not handled during the string decoding and triggered an
    exception when encountered. This bug was reported in the issue #264.
    
    Some improvements have been made to sanitize error handling. And unit tests
    about json parsing have been added (tests have been retrieved from jiffy and
    jansson erlang projects).
    capflam committed with capflam Apr 27, 2016
Commits on Apr 29, 2016
  1. @leoliu @vinoski
Commits on Apr 28, 2016
  1. Password can contain colon fixed.

    Issue reported in #267
    Klacke Wikstrom committed Apr 28, 2016
Commits on Apr 27, 2016
  1. Merge pull request #266 from matthiasl/ml_docfixes

    Ml docfixes
    committed Apr 27, 2016
  2. Fix incomplete and outdated documentation of .yaws_auth

    Previously, the yaws documentation recommended storing username/password
    pairs in .yaws_auth, in the docroot. This is a bad idea because it can
    result in exposing plaintext username/password via editor backup files.
    
    Previously, the yaws documentation was missing documentation for the
    realm, pam, authmod, file, allow, deny and order directives in .yaws_auth.
    Matthias Lang committed Apr 27, 2016
  3. Move username/password tuples from server state to an ETS table

    Previously, basic authentication in YAWS stored {Username, Password}
    tuples as a list in the server state. By default, a crash in YAWS
    generates a crash dump which is served over HTTP, thus remotely
    exposing all passwords and usernames in plaintext.
    
    This patch moves the {Username, Password} to an ETS table so that
    sensitive information is kept on the server rather than leaked.
    Matthias Lang committed Apr 20, 2016
Commits on Apr 22, 2016
  1. @leoliu @vinoski
Commits on Apr 13, 2016
  1. @capflam

    Use id to build the command line in the windows startup script

    This fixes a warning about an unused variable.
    capflam committed Apr 5, 2016
  2. @capflam

    Do not use erlang:now/0 anymore in Yaws applications

    erlang:now/1 was deprecated in Erlang/OTP 18.0. We rely on yaws:get_time_tuple/0
    instead.
    capflam committed Apr 5, 2016
  3. @capflam
  4. @capflam

    Move Erlang compatibily checks from the configure to a module

    Now, the new module yaws_dynopts does all tests on the Erlang/OTP release that
    were done before in the configure. So it is possible to compile Yaws with an
    Erlang/OTP release and run it with another, all features should be dynamically
    detected.
    
    Because these checks can be expensive, when Yaws is started, we generate and
    compile a static version of yaws_dynopts.
    capflam committed Apr 1, 2016
  5. @capflam
  6. @capflam

    Remove doc about deprecated values for the SSL option 'verify'

    In the old SSL implentation, 0,1 and 2 were the possible values for the 'verify'
    option. For the new one, only verify_peer and verify_none are officialy
    supported and documentated. Old values are still supported for backward
    compatiliby, but not documented.
    
    We do the same in Yaws. Old values are translated into new ones. So if their
    support is removed from the SSL application in a futur Erlang/OTP release, Yaws
    will still work. Documentation has been updated to remove info about the old
    values.
    capflam committed Mar 31, 2016
  7. @capflam

    Remove very old use_old_ssl directive

    This directive was added to use old SSL implementation. It was removed in
    Erlang/OTP R15. So, because Yaws works with releases upper to R14B02, this
    option is only supported with Erlang/OTP R14B02, R14B03 and R14B04. For all
    other supported releases, Yaws will fails is use_old_ssl is set to true.
    
    To be honest, if you use SSL in Yaws, you'd better upgrade your Erlang/OTP
    release. The new SSL implementation is far better than the old one and many bugs
    are fixed in recent releases.
    capflam committed Mar 31, 2016
  8. @capflam

    Add SNI support

    SSL application supports SNI since Erlang/OTP 18.0. With this patch, when SNI is
    available, Yaws is able tohandle SNI clients if it is configured to do it.
    
    To configure SNI, 2 new directives has been added:
    
     * sni: this global directive can be use to enable SNI or explicitly disable
       it. By default SNI support is disabled. It can also be used to globally
       refuse non SNI clients or not.
    
     * require_sni: this server directive can be used to reject non SNI clients and
       clients providing an unknown SNI hostname for a specific server.
    
    See man/yaws.conf.5 for details.
    Documentation has been updated and a testsuite has been added.
    capflam committed Mar 31, 2016
  9. @capflam
  10. @capflam
  11. @capflam

    Unlink the stat process before stopping it to not receive 'EXIT' message

    This message was wrongly associated to the death of an acceptor. So the sessions
    counter was wrongly decremented. Instead of checking the Pid in 'EXIT' messages
    (costly), we unlink the stat process.
    capflam committed Apr 13, 2016
Commits on Apr 1, 2016
  1. @vinoski

    Merge pull request #259 from leoliu/master

    Fix coding cookies in a few files
    vinoski committed Mar 31, 2016
  2. @leoliu

    Fix coding cookies in a few files

    Coding Latin-1 (with capital `L') is not recognized by Emacs.
    leoliu committed Apr 1, 2016
Commits on Mar 30, 2016
  1. @vinoski

    Merge pull request #258 from choptastic/patch-1

    Remove "endpoint gone away" message
    vinoski committed Mar 29, 2016
  2. @choptastic

    Remove "endpoint gone away" message

    When a websocket ping isn't ponged, yaws currently generates an "endpoint gone away" message. It seems kind of unnecessary to spam the error logger with it. Thoughts?
    choptastic committed Mar 29, 2016
Commits on Mar 26, 2016
  1. @vinoski

    Fix #257: docs for compression_level config setting

    Fix the compression_level config setting documentation, which
    incorrectly showed the name of the setting as compress_level. Thanks
    to Sergei Golovan for reporting this.
    vinoski committed Mar 26, 2016
Commits on Mar 24, 2016
  1. @vinoski

    Fix --ctltrace message about output file

    Running "yaws --ctltrace" previously printed a message saying output
    was being sent to a particular file, but the output was actually sent
    elsewhere. Modify the message to instead point the user to the
    directory where trace output will be sent.
    
    Thanks to Leo Liu for reporting this.
    vinoski committed Mar 23, 2016
Commits on Mar 22, 2016
  1. @vinoski

    Use inet_parse:ntoa/1 in yaws_ctl to format IP addrs

    Instead of using ad hoc code use inet_parse:ntoa/1 to parse IP
    addresses for status output. Note that we have to use
    inet_parse:ntoa/1 rather than inet:ntoa/1, since the latter is not
    available in older Erlang/OTP releases.
    vinoski committed Mar 22, 2016
Something went wrong with that request. Please try again.