Consume request headers using MSG_PEEK - src

diff options

author	June McEnroe <june@causal.agency>	2021-09-24 10:35:38 -0400
committer	June McEnroe <june@causal.agency>	2021-09-24 10:35:38 -0400
commit	6cd5d365a877629eb9999348f277c56b386ac440 (patch)
tree	5fca13f0e21b630cb1f8869e189b83775ca1d37a /www/git.causal.agency/cgit
parent	Set only HTTP_HOST (diff)
download	src-6cd5d365a877629eb9999348f277c56b386ac440.tar.gz src-6cd5d365a877629eb9999348f277c56b386ac440.zip

Consume request headers using MSG_PEEK

Use MSG_PEEK to determine where the request headers end and consume
only up to there, leaving the CGI process to read any request body
directly from the socket.

Diffstat (limited to 'www/git.causal.agency/cgit')

0 files changed, 0 insertions, 0 deletions

cgit_print_docstart() * cgit_print_pageheader() Remove context parameter from all commands Drop the context parameter from the following functions (and all static helpers used by them) and use the global context instead: * cgit_get_cmd() * All cgit command functions. * cgit_clone_info() * cgit_clone_objects() * cgit_clone_head() * cgit_print_plain() * cgit_show_stats() In initialization routines, use the global context variable instead of passing a pointer around locally. Remove callback data parameter for cache slots This is no longer needed since the context is always read from the global context variable. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> 2014-01-16auth: have cgit calculate login addressJason A. Donenfeld This way we're sure to use virtual root, or any other strangeness encountered. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-01-16auth: lua string comparisons are time invariantJason A. Donenfeld By default, strings are compared by hash, so we can remove this comment. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-01-16authentication: use hidden form instead of refererJason A. Donenfeld This also gives us some CSRF protection. Note that we make use of the hmac to protect the redirect value. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-01-16auth: add basic authentication filter frameworkJason A. Donenfeld This leverages the new lua support. See filters/simple-authentication.lua for explaination of how this works. There is also additional documentation in cgitrc.5.txt. Though this is a cookie-based approach, cgit's caching mechanism is preserved for authenticated pages. Very plugable and extendable depending on user needs. The sample script uses an HMAC-SHA1 based cookie to store the currently logged in user, with an expiration date. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-01-16t0111: Additions and fixesLukas Fleischer * Rename the capitalize-* filters to dump.* since they also dump the arguments. * Add full argument validation to the email filters. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> 2014-01-16parsing.c: Remove leading space from committerLukas Fleischer


context:
space:
mode: