| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
By the time we come around to accepting a connection on macOS, the
remote may have already disappeared, in which case setting options on
the socket may fail with an error.
Instead of failing and shutting down the server we want to continue, so
move the setting of socket options into the try/except block and log the
error instead.
|
| |\
| |
| | |
Make use of ident while showing server error (generated by waitress)
|
| | |
| |
| | |
Co-authored-by: Bert JW Regeer <xistence@0x58.com>
|
| | |
| |
| | |
Co-authored-by: Bert JW Regeer <xistence@0x58.com>
|
| | |
| |
| |
| |
| |
| | |
this will help users to hide the server details from waitress generated error response with the help of ident value.
Some organization don't want to expose there server details to user, since it will help the attackers perform attacks based on the known vulnerability of the server.
So instead of showing generated by waitress, we can show a generic text.
|
| |\ \
| | |
| | | |
Remove `__nonzero__` methods
|
| | |/ |
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are small typos in:
- docs/runner.rst
- docs/usage.rst
- src/waitress/parser.py
- src/waitress/server.py
- tests/test_functional.py
Fixes:
- Should read `preceding` rather than `preceeding`.
- Should read `multiple` rather than `multipe`.
- Should read `descriptors` rather than `desctriptors`.
- Should read `descriptor` rather than `desctriptor`.
- Should read `attempt` rather than `atempt`.
- Should read `analogous` rather than `analagous`.
Signed-off-by: Tim Gates <tim.gates@iress.com>
|
| | |
|
| |
|
|
| |
This reverts commit 2784628a0fd1a38492e27384815953a44b3a3d5a.
|
| |
|
|
|
| |
This reverts commit 603d2c12ce09fcd1be0b7a5734b4fca339820286, reversing
changes made to 9e0b8c801e4d505c2ffc91b891af4ba48af715e0.
|
| |\
| |
| | |
Bugfix: Retry if a thread closes a socket before we select() on it
|
| | |
| |
| |
| |
| |
| | |
This solves a race condition that may exist when attempting to loop over
the open sockets and then calling select() and accidentally have called
close() on the socket in an app thread.
|
| |/ |
|
| |\
| |
| | |
Bugfix: header calculation
|
| | |
| |
| |
| |
| |
| |
| | |
This would manifest itself is the headers were sent in multiple
individual packets that were processed after each other, the calculation
for max header size would be wrong and Waitress would incorrectly return
RequestHeaderFieldsTooLarge.
|
| | | |
|
| |/ |
|
| | |
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
To be valid chunked encoding we should not be removing any whitespace as
the standard does not allow for optional whitespace.
If whitespace is encountered in the wrong place, it should lead to a 400
Bad Request instead.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
RFC7230 states that a chunk-size should be 1*HEXDIG, this is now
validated before passing the resulting string to int() which would also
parse other formats for hex, such as: `0x01` as `1` and `+0x01` as `1`.
This would lead to a potential for a frontend proxy server and waitress
to disagree on where a chunk started and ended, thereby potentially
leading to request smuggling.
With the increased validation if the size is not just hex digits,
Waitress now returns a Bad Request and stops processing the request.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Waitress discards chunked extensions and does no further processing on
them, however it failed to validate that the chunked encoding extension
did not contain invalid data.
We now validate that if there are any chunked extensions that they are
well-formed, if they are not and contain invalid characters, then
Waitress will now correctly return a Bad Request and stop any further
processing of the request.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Validate that we are only parsing digits and nothing else. RFC7230 is
explicit in that the Content-Length can only exist of 1*DIGIT and may
not include any additional sign information.
The Python int() function parses `+10` as `10` which means we were more
lenient than the standard intended.
|
| | |
| |
| |
| |
| | |
This also moves some regular expressions for QUOTED_PAIR/QUOTED_STRING
into this module from utilities so that they may be reused.
|
| |/ |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To speed up how soon the connected client sees data we now attempt to
flush data from the application thread when we get new data to write to
the socket.
This saves us the need to wake up the main thread, which would then
return from select(), process all sockets, look for the ones that are
writable, and then call select() again. When that select() would return
it would finally start writing data to the remote socket.
There was also no gaurantee that the main thread would get the lock for
the output buffers, and it would not be able to write any data at all
thereby looping on select() until the application thread had written
enough data to the buffers for it to hit the high water mark, or the
response was fully buffered, potentially overflowing from memory buffers
to disk.
If the socket is not ready for data, due it being non-blocking, we will
not flush any data at all, and will go notify/wake up the main thread to
start sending the data when the socket is ready.
Delivery of first byte from the WSGI application to the remote client is
now faster, and it may alleviate buffer pressure. Especially if the
remote client is connected over localhost, as is the case with a load
balancer in front of waitress.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
When Waitress fails to launch on Windows due to an issue with the
trigger socket not being ready for connections, we attempt to loop. In
the past this was done by subscripting the OSError and checking to see
if it matched errno.WSAEADDRINUSE, this is no longer possible in newer
verisons of Python.
This is a quick bugfix for a rare case which should no longer happen on
Windows.
|
| | |
|
| |
|
|
|
|
|
| |
When switching from a BytesIO to a file backed buffer, we were not
closing the old buffer after we had copied its contents. With this
change when we switch from a small buffer to a larger buffer or
vice-versa we will now attempt to close the old buffer.
|
| |
|
|
|
|
| |
The help message contained a misaligned option. This fixes it.
Signed-off-by: Felipe Franciosi <felipe@nutanix.com>
|
| | |
|
| |
|
|
| |
CHANGES.txt entry included.
|
| | |
|
| |
|
|
| |
Instead we just rely on the server_name passed in to the adjustment.
|
| | |
|
| |\
| |
| | |
Notify client close
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This inserts a callable `waitress.client_disconnected` into the
environment that allows the task to check if the client disconnected
while waiting for the response at strategic points in the execution,
allowing to cancel the operation.
It requires setting the new adjustment `channel_request_lookahead` to a
value larger than 0, which continues to read requests from a channel
even if a request is already being processed on that channel, up to the
given count, since a client disconnect is detected by reading from a
readable socket and receiving an empty result.
|
| | | |
|
| | | |
|
| |/ |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
We no longer mark the socket as readable if we are attempting to flush
whatever remaining data we have and are trying to shut down the channel.
Whatever data is ready to be read, it's no longer our concern.
We don't want to spend time reading data we don't care about.
|
| |
|
|
|
| |
This looks to be an artifact that was left behind from the original
codebase Waitress was forked from and no longer servces a purpose.
|
| | |
|
| | |
|
| | |
|
