summaryrefslogtreecommitdiff
path: root/usr.sbin/httpd
AgeCommit message (Expand)Author
2015-07-31repair hsts header output, wrong format strings caused brokenSebastian Benoit
2015-07-29backout the previous: it broke wordpress somehow.Reyk Floeter
2015-07-29Read fcgi response records until we have the whole http header and canFlorian Obser
2015-07-28add HSTS to fcgi responsesFlorian Obser
2015-07-23The realm in authenticate directive of config file isn't escaped for '"' char.Sebastien Marie
2015-07-20ensure http_path is escaped before using it in Location redirection.Sebastien Marie
2015-07-19handle error returns from bufferevent_write()Bret Lambert
2015-07-19For the completeness of HSTS, add the non-standard preload option.Reyk Floeter
2015-07-18remove XXX and handle error return from evbuffer_add()Bret Lambert
2015-07-18libtls has been changed to set SSL_MODE_ENABLE_PARTIAL_WRITE andReyk Floeter
2015-07-18treat asprintf failure in REQUEST_URI case as a fatal errorBret Lambert
2015-07-18Fix check against NULL which was reverted by accident in r1.56.Matthias Kilian
2015-07-18tweak previous;Jason McIntyre
2015-07-18Allow to change the default media type globally or per-location,Reyk Floeter
2015-07-18Implement HTTP Strict Transport Security (HSTS).Florian Obser
2015-07-17Adjust server_file_modified_since() to our style. Please keep httpd clean.Reyk Floeter
2015-07-17According to RFC 3875 PATH_INFO should either contain a full path orReyk Floeter
2015-07-16spacingReyk Floeter
2015-07-16If we can read faster from disk than send data to the client stopFlorian Obser
2015-07-16VIS_QUOTE is not there yet, unbreak the tree. Noticed by semarie@Reyk Floeter
2015-07-15Escape the message in server_log() as well.Reyk Floeter
2015-07-15For some values like the User-Agent, use vis(3) instead of url_encode().Reyk Floeter
2015-07-15Simplify the error path of the previous commit: by using ret = -1 byReyk Floeter
2015-07-15Close connections that fail to complete a TLS handshake.Joel Sing
2015-07-15Unbreak configurations that have a non-TLS listen statement followed by aJoel Sing
2015-07-15Fix typo in comment.Joel Sing
2015-07-15Document default locations for TLS certificate and key.Joel Sing
2015-07-15httpd don't sanitize variables before putting them in logs. It is possible forsemarie
2015-07-15Send the TLS certificate and key via separate imsgs, rather thanJoel Sing
2015-07-15Explicitly check for and handle EOF on a TLS connection.Joel Sing
2015-07-15Fix memory leaks that can occur when config_getserver() fails.Joel Sing
2015-06-30new sentence, new line;Jason McIntyre
2015-06-30Add a small paragraph about some difference with Lua implementation.semarie
2015-06-27Corrects the manpage for patterns(7): the indexing for empty capture followsemarie
2015-06-26move #include inside #ifndef PATTERNS_Hsemarie
2015-06-26Corrects some minors nits. Patch from Theo Buehler.semarie
2015-06-23various tweaks;Jason McIntyre
2015-06-23escape the matched substrings before using it in expansion.semarie
2015-06-23remove a deprecated character class.semarie
2015-06-23Add initial support for pattern matching using Lua's pattern matching code.Reyk Floeter
2015-06-22After the last change, we also have to url_encode $SERVER_NAME andReyk Floeter
2015-06-21When encoding the Location url, only encode the query and pathReyk Floeter
2015-06-11Use "compliant" header guards by avoiding the reserved '_' namespace.Reyk Floeter
2015-06-09plug fd leak found by Todd MortimerJoerg Jung
2015-06-03Do not assume that asprintf() clears the pointer on failure, whichTodd C. Miller
2015-05-28use "uri"; from yegor timoschenkoJason McIntyre
2015-05-28Do not try to unlink the control socket in an unprivileged childFlorian Obser
2015-05-20Use off_t instead of size_t to pass file size and print it using %lld whenMark Kettenis
2015-05-19better spacing in media types.Igor Sobrado
2015-05-19sort media type extensions for text/html and image/jpeg as given inIgor Sobrado