Vladimir Golovnev (Glassez)
bb683bd393
Switch built-in Web UI html to HTML5
2018-01-23 11:08:37 +03:00
Chocobo1
c1a282aa7b
Fix missing qbt logo on login page in webUI. Closes #7953 .
2017-12-02 14:31:48 +08:00
thalieht
525fdd6c2b
Coding style, use nullptr and other minor things
2017-10-08 10:20:54 +03:00
Chocobo1
0532d546d7
Implement HTTP host header filtering
...
This filtering is required to defend against DNS rebinding attack.
2017-07-12 17:26:13 +03:00
sledgehammer999
d88f0f36e0
Merge pull request #6889 from Chocobo1/lowercase
...
Convert all http header name constants to lowercase
2017-06-14 02:38:57 +03:00
Chocobo1
8419ca87f9
Fix KEEP_ALIVE_DURATION value
...
I intended to specify 7 seconds, which should be 7000 milliseconds
2017-06-07 21:45:47 +08:00
Chocobo1
45c21f62f9
[WebAPI] Convert all header name constants to lowercase
...
This save us another transition when some day we implements HTTP/2
(which all headers are in lowercase).
2017-06-02 21:55:16 +08:00
Chocobo1
087856d3d8
[WebUI]: Implement CSRF defense
...
Bump API version
2017-06-01 19:37:57 +03:00
Chocobo1
0b5de9ff54
Temporary revert to the old behavior.
2017-04-20 22:26:35 +08:00
Chocobo1
302c8ba850
Revise Utils::Gzip::compress code
...
Change signature
Add ZLIB_CONST define to make z_stream.next_in const
Cast to zlib defined type Bytef*
Set memLevel to 9 in deflateInit2() for maximum performance
Revise compression loop
On returning false, free memory correctly by calling deflateEnd()
Reserve space by the estimation of deflateBound()
2017-04-20 22:24:50 +08:00
Chocobo1
94b496354b
Rewrite rules for gzipping http response content
2017-04-20 22:22:17 +08:00
Chocobo1
4600e679d1
Implement robust acceptsGzipEncoding()
...
Adhere more to http/1.1 standard
2017-04-20 22:22:17 +08:00
Chocobo1
129172453b
Fix "Content-Encoding" header is always created.
...
Was side effect of operator[]
2017-04-20 22:22:17 +08:00
Chocobo1
7d36c81949
Cleanup Http::responseGenerator()
...
Add CRLF definition
Rewrite loop using iterator, slightly more efficient
Rename variables
2017-04-20 22:22:17 +08:00
Chocobo1
6cb2f05a6c
Demote to helper function
...
Rename function
2017-04-20 22:22:17 +08:00
Chocobo1
829e1399ca
Convert Qstring to char arrays
...
Cleanup header
Sort constants
2017-04-20 22:22:17 +08:00
Chocobo1
4b2266a8e2
Send Date http header
...
It's not strict required but often expected.
change class to namespace
cleanup header
2017-04-20 22:22:17 +08:00
Chocobo1
9496b2a159
Always send Content-Length header.
...
Because without it, HTTP/1.1 (with persistence connection) clients will
keep waiting for more data.
2017-04-20 22:22:17 +08:00
Chocobo1
0b28fb6c6b
Implement http persistence connection
...
Max simultaneous connection limit set to 500
This also release allocated memory of Connection instances at runtime instead of at program shutdown.
2017-04-20 22:22:14 +08:00
sledgehammer999
018574e546
Merge pull request #6475 from OpenGG/master
...
[WebUI-API] Add "skip_checking" and "paused" to "/command/download" and "/command/upload"
2017-04-17 17:12:24 +03:00
Chocobo1
d1ee54f6ea
Refactor: move methods under the same #if section.
2017-04-11 23:16:16 +08:00
Chocobo1
7f346b49a7
Refactor: move the validation of certificates & key functions under Server class
...
Rename method
Add log messages
2017-04-10 21:18:59 +08:00
opengg
db3158c410
[WebUI] bugfix: RequestParser::splitMultipartData
drop extra trailing newline.
2017-03-11 01:26:22 +08:00
Eugene Shalygin
e64bb1de8c
Drop Qt 4 support
2017-03-05 22:24:59 +01:00
Chocobo1
ea9d65f377
Fix incomplete type compile error with Qt4
2017-03-04 16:20:36 +08:00
Chocobo1
7756dd80f3
[WebUI]: add X-XSS-Protection, X-Content-Type-Options, CSP header
2017-03-03 21:28:28 +02:00
ngosang
f5ad04766f
[WebUI] Avoid clickjacking attacks
2017-03-03 21:28:27 +02:00
Chocobo1
f9c39e3dac
[WebUI]: exclude insecure ciphers
2017-03-03 21:28:26 +02:00
Chocobo1
84bc011df5
Code formatting
...
Remove extra private keyword
2017-03-03 21:28:25 +02:00
Eugene Shalygin
be8eab4e54
Disable proxy in WebUI HTTP server. Closes #6349 .
...
Due to a bug in Qt 5.8 (QTBUG-58706) QTcpServer tries to use HTTP proxy
when it is set as default app proxy (for instance via "http_proxy"
environment variable) and this breaks the server. So we disable any proxy
in it.
2017-02-21 00:07:09 +01:00
Chocobo1
d84461c9b2
Remove unused header
2016-11-29 17:31:14 +08:00
borouhin
501a2d7c45
Don't request client SSL certificate (closes issue #3883 )
2016-09-21 02:42:51 +03:00
UnDifferential
f50a8d4f59
Support SSL certificate bundles. Issue #4896 .
2016-03-05 14:10:28 -05:00
sledgehammer999
3ddb1b98b3
Merge pull request #4833 from dsemi/master
...
Do not try to parse request message when content-length is 0
2016-03-04 17:26:28 -06:00
Vladimir Golovnev (Glassez)
dd34663224
Implement Advanced Saving Management subsystem
...
Closes #4696
2016-03-04 19:59:53 +03:00
Dan Seminara
d75564b885
Do not try to parse request message when content-length is 0
2016-02-29 15:57:34 -05:00
Naikel Aparicio
c9293dd2d1
Fixed bug when uploading several files and only the last one was considered.
2015-12-26 20:55:13 -04:30
Vladimir Golovnev (Glassez)
9db93e5d8f
Rename Core to Base ( Closes #3733 ).
2015-12-06 14:27:00 +03:00