Re: [hackers] [quark] Thoughts on CGI and authentication?
On Thu, 22 Oct 2020 20:52:27 +0200 José Miguel Sánchez García wrote: > Hello, > > I'm currently serving my static webpage with quark. I want to add some > CGI, but the opinion here about CGI support in the server is pretty > low. I'm trying to update the basecgi patch, but the latest changes > adding interruptibility seem to complicate the design (the goals of > these two are kinda opposite to what CGI does right? I mean, these are > about memory-bounded operation and CGI scripts can generate > arbitrarily long data, which must be known before even generating the > response header). I have no experience with HTTP whatsoever, so I want > to hear better-informed opinions ;) Hi Jose, I've recently had an idea that instead of adding support for running scripts by HTTP server (which in any case leads to new fork() calls) one could use a library providing HTTP server itself while all the logic is created separately and is performed using callbacks from library main loop. In that case one could attempt to handle dynamic (and static using proper callbacks) content within fixed number of threads. -- Platon Ryzhikov
Re: [hackers] [quark][PATCH] Don't erase response on http_send_error_response
On 10/25/2020 8:39 AM, Laslo Hunhold wrote: Dear Laslo, No, this is supposed to be like this. I agree that the comment is a bit misleading, but http_parse_header() really builds a request from scratch and first sets it all to zero. With "fields" I'm referring to the struct fields in request, and this misleading comment will be fixed in an upcoming commit. I'm currently relying on the req struct NOT being erased, because I'm storing the realm the file belongs to there. Then, I'm using that realm information to build the WWW-Authenticate header for the 401 error response. I could just save that field before erasing everything else, but I wonder if that's the way to go. If you are getting rid of everything, maybe I shouldn't make exceptions? Best regards, José Miguel
Re: [hackers] [quark][PATCH] Don't erase response on http_send_error_response
On Sat, 24 Oct 2020 16:19:13 + José Miguel Sánchez García wrote: Dear José, thanks for taking your time reading the code and reporting this! > The comment before the offending line indicated it was intended to > only erase the fields, but it erased the whole response. It was most > likely a bug. > > /* empty all fields */ > - memset(req, 0, sizeof(*req)); > + memset(&(req->fields), 0, sizeof(req->fields)); No, this is supposed to be like this. I agree that the comment is a bit misleading, but http_parse_header() really builds a request from scratch and first sets it all to zero. With "fields" I'm referring to the struct fields in request, and this misleading comment will be fixed in an upcoming commit. With best regards Laslo