summaryrefslogtreecommitdiffstats
path: root/web/server
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2023-08-10 09:18:49 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2023-08-10 09:18:49 +0000
commitdd814a7c1a8de056a79f7238578b09236edd5506 (patch)
tree429e7eed5a634a4efe9a6877ce66da8e64aa1782 /web/server
parentAdding upstream version 1.41.0. (diff)
downloadnetdata-dd814a7c1a8de056a79f7238578b09236edd5506.tar.xz
netdata-dd814a7c1a8de056a79f7238578b09236edd5506.zip
Adding upstream version 1.42.0.upstream/1.42.0
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'web/server')
-rw-r--r--web/server/README.md2
-rw-r--r--web/server/h2o/http_server.c4
-rw-r--r--web/server/web_client.c25
-rw-r--r--web/server/web_client.h2
4 files changed, 25 insertions, 8 deletions
diff --git a/web/server/README.md b/web/server/README.md
index 37577b6dd..cff7bebe4 100644
--- a/web/server/README.md
+++ b/web/server/README.md
@@ -48,7 +48,7 @@ Scroll down to the `[web]` section to find the following settings.
| `accept a streaming request every seconds` | `0` | Can be used to set a limit on how often a parent node will accept streaming requests from child nodes in a [streaming and replication setup](https://github.com/netdata/netdata/blob/master/streaming/README.md). |
| `respect do not track policy` | `no` | If set to `yes`, Netdata will respect the user's browser preferences for [Do Not Track](https://www.eff.org/issues/do-not-track) (DNT) and storing cookies. If DNT is _enabled_ in the browser, and this option is set to `yes`, users will not be able to sign in to Netdata Cloud via their local Agent dashboard, and their node will not connect to any [registry](https://github.com/netdata/netdata/blob/master/registry/README.md). For certain browsers, users must disable DNT and change this option to `yes` for full functionality. |
| `x-frame-options response header` | ` ` | Avoid [clickjacking attacks](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options), by ensuring that the content is not embedded into other sites. |
-| `allow connections from` | `localhost *` | Declare which IP addresses or full-qualified domain names (FQDNs) are allowed to connect to the web server, including the [dashboard](https://github.com/netdata/netdata/blob/master/web/gui/README.md) or [HTTP API](https://github.com/netdata/netdata/blob/master/web/api/README.md). This is a global setting with higher priority to any of the ones below. |
+| `allow connections from` | `localhost *` | Declare which IP addresses or full-qualified domain names (FQDNs) are allowed to connect to the web server, including the [dashboard](https://github.com/netdata/netdata/blob/master/docs/category-overview-pages/accessing-netdata-dashboards.md) or [HTTP API](https://github.com/netdata/netdata/blob/master/web/api/README.md). This is a global setting with higher priority to any of the ones below. |
| `allow connections by dns` | `heuristic` | See the [access list examples](#access-lists) for details on using `allow` settings. |
| `allow dashboard from` | `localhost *` | |
| `allow dashboard by dns` | `heuristic` | |
diff --git a/web/server/h2o/http_server.c b/web/server/h2o/http_server.c
index 3a46889c2..b94a7daeb 100644
--- a/web/server/h2o/http_server.c
+++ b/web/server/h2o/http_server.c
@@ -73,6 +73,10 @@ static int ssl_init()
#else
accept_ctx.ssl_ctx = SSL_CTX_new(TLS_server_method());
#endif
+ if (!accept_ctx.ssl_ctx) {
+ netdata_log_error("Could not allocate a new SSL_CTX");
+ return -1;
+ }
SSL_CTX_set_options(accept_ctx.ssl_ctx, SSL_OP_NO_SSLv2);
diff --git a/web/server/web_client.c b/web/server/web_client.c
index 1a1d63155..92d97e8a8 100644
--- a/web/server/web_client.c
+++ b/web/server/web_client.c
@@ -204,7 +204,9 @@ void web_client_request_done(struct web_client *w) {
break;
case WEB_CLIENT_MODE_POST:
+ case WEB_CLIENT_MODE_PUT:
case WEB_CLIENT_MODE_GET:
+ case WEB_CLIENT_MODE_DELETE:
mode = "DATA";
break;
@@ -1081,6 +1083,14 @@ static inline char *web_client_valid_method(struct web_client *w, char *s) {
s = &s[5];
w->mode = WEB_CLIENT_MODE_POST;
}
+ else if(!strncmp(s, "PUT ", 4)) {
+ s = &s[4];
+ w->mode = WEB_CLIENT_MODE_PUT;
+ }
+ else if(!strncmp(s, "DELETE ", 7)) {
+ s = &s[7];
+ w->mode = WEB_CLIENT_MODE_DELETE;
+ }
else if(!strncmp(s, "STREAM ", 7)) {
s = &s[7];
@@ -1280,12 +1290,9 @@ void web_client_build_http_header(struct web_client *w) {
w->response.data->date = now_realtime_sec();
// set a proper expiration date, if not already set
- if(unlikely(!w->response.data->expires)) {
- if(w->response.data->options & WB_CONTENT_NO_CACHEABLE)
- w->response.data->expires = w->response.data->date + localhost->rrd_update_every;
- else
- w->response.data->expires = w->response.data->date + 86400;
- }
+ if(unlikely(!w->response.data->expires))
+ w->response.data->expires = w->response.data->date +
+ ((w->response.data->options & WB_CONTENT_NO_CACHEABLE) ? 0 : 86400);
// prepare the HTTP response header
netdata_log_debug(D_WEB_CLIENT, "%llu: Generating HTTP header with response %d.", w->id, w->response.code);
@@ -1756,6 +1763,8 @@ void web_client_process_request(struct web_client *w) {
case WEB_CLIENT_MODE_FILECOPY:
case WEB_CLIENT_MODE_POST:
case WEB_CLIENT_MODE_GET:
+ case WEB_CLIENT_MODE_PUT:
+ case WEB_CLIENT_MODE_DELETE:
if(unlikely(
!web_client_can_access_dashboard(w) &&
!web_client_can_access_registry(w) &&
@@ -1888,6 +1897,8 @@ void web_client_process_request(struct web_client *w) {
case WEB_CLIENT_MODE_POST:
case WEB_CLIENT_MODE_GET:
+ case WEB_CLIENT_MODE_PUT:
+ case WEB_CLIENT_MODE_DELETE:
netdata_log_debug(D_WEB_CLIENT, "%llu: Done preparing the response. Sending data (%zu bytes) to client.", w->id, w->response.data->len);
break;
@@ -2051,7 +2062,7 @@ ssize_t web_client_send_deflate(struct web_client *w)
// ask for FINISH if we have all the input
int flush = Z_SYNC_FLUSH;
- if((w->mode == WEB_CLIENT_MODE_GET || w->mode == WEB_CLIENT_MODE_POST)
+ if((w->mode == WEB_CLIENT_MODE_GET || w->mode == WEB_CLIENT_MODE_POST || w->mode == WEB_CLIENT_MODE_PUT || w->mode == WEB_CLIENT_MODE_DELETE)
|| (w->mode == WEB_CLIENT_MODE_FILECOPY && !web_client_has_wait_receive(w) && w->response.data->len == w->response.rlen)) {
flush = Z_FINISH;
netdata_log_debug(D_DEFLATE, "%llu: Requesting Z_FINISH, if possible.", w->id);
diff --git a/web/server/web_client.h b/web/server/web_client.h
index 68fcbfa31..ff09fcd54 100644
--- a/web/server/web_client.h
+++ b/web/server/web_client.h
@@ -18,6 +18,8 @@ typedef enum web_client_mode {
WEB_CLIENT_MODE_FILECOPY = 2,
WEB_CLIENT_MODE_OPTIONS = 3,
WEB_CLIENT_MODE_STREAM = 4,
+ WEB_CLIENT_MODE_PUT = 5,
+ WEB_CLIENT_MODE_DELETE = 6,
} WEB_CLIENT_MODE;
typedef enum {