diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2023-08-10 09:18:49 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2023-08-10 09:18:49 +0000 |
commit | dd814a7c1a8de056a79f7238578b09236edd5506 (patch) | |
tree | 429e7eed5a634a4efe9a6877ce66da8e64aa1782 /web/server | |
parent | Adding upstream version 1.41.0. (diff) | |
download | netdata-dd814a7c1a8de056a79f7238578b09236edd5506.tar.xz netdata-dd814a7c1a8de056a79f7238578b09236edd5506.zip |
Adding upstream version 1.42.0.upstream/1.42.0
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'web/server')
-rw-r--r-- | web/server/README.md | 2 | ||||
-rw-r--r-- | web/server/h2o/http_server.c | 4 | ||||
-rw-r--r-- | web/server/web_client.c | 25 | ||||
-rw-r--r-- | web/server/web_client.h | 2 |
4 files changed, 25 insertions, 8 deletions
diff --git a/web/server/README.md b/web/server/README.md index 37577b6dd..cff7bebe4 100644 --- a/web/server/README.md +++ b/web/server/README.md @@ -48,7 +48,7 @@ Scroll down to the `[web]` section to find the following settings. | `accept a streaming request every seconds` | `0` | Can be used to set a limit on how often a parent node will accept streaming requests from child nodes in a [streaming and replication setup](https://github.com/netdata/netdata/blob/master/streaming/README.md). | | `respect do not track policy` | `no` | If set to `yes`, Netdata will respect the user's browser preferences for [Do Not Track](https://www.eff.org/issues/do-not-track) (DNT) and storing cookies. If DNT is _enabled_ in the browser, and this option is set to `yes`, users will not be able to sign in to Netdata Cloud via their local Agent dashboard, and their node will not connect to any [registry](https://github.com/netdata/netdata/blob/master/registry/README.md). For certain browsers, users must disable DNT and change this option to `yes` for full functionality. | | `x-frame-options response header` | ` ` | Avoid [clickjacking attacks](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options), by ensuring that the content is not embedded into other sites. | -| `allow connections from` | `localhost *` | Declare which IP addresses or full-qualified domain names (FQDNs) are allowed to connect to the web server, including the [dashboard](https://github.com/netdata/netdata/blob/master/web/gui/README.md) or [HTTP API](https://github.com/netdata/netdata/blob/master/web/api/README.md). This is a global setting with higher priority to any of the ones below. | +| `allow connections from` | `localhost *` | Declare which IP addresses or full-qualified domain names (FQDNs) are allowed to connect to the web server, including the [dashboard](https://github.com/netdata/netdata/blob/master/docs/category-overview-pages/accessing-netdata-dashboards.md) or [HTTP API](https://github.com/netdata/netdata/blob/master/web/api/README.md). This is a global setting with higher priority to any of the ones below. | | `allow connections by dns` | `heuristic` | See the [access list examples](#access-lists) for details on using `allow` settings. | | `allow dashboard from` | `localhost *` | | | `allow dashboard by dns` | `heuristic` | | diff --git a/web/server/h2o/http_server.c b/web/server/h2o/http_server.c index 3a46889c2..b94a7daeb 100644 --- a/web/server/h2o/http_server.c +++ b/web/server/h2o/http_server.c @@ -73,6 +73,10 @@ static int ssl_init() #else accept_ctx.ssl_ctx = SSL_CTX_new(TLS_server_method()); #endif + if (!accept_ctx.ssl_ctx) { + netdata_log_error("Could not allocate a new SSL_CTX"); + return -1; + } SSL_CTX_set_options(accept_ctx.ssl_ctx, SSL_OP_NO_SSLv2); diff --git a/web/server/web_client.c b/web/server/web_client.c index 1a1d63155..92d97e8a8 100644 --- a/web/server/web_client.c +++ b/web/server/web_client.c @@ -204,7 +204,9 @@ void web_client_request_done(struct web_client *w) { break; case WEB_CLIENT_MODE_POST: + case WEB_CLIENT_MODE_PUT: case WEB_CLIENT_MODE_GET: + case WEB_CLIENT_MODE_DELETE: mode = "DATA"; break; @@ -1081,6 +1083,14 @@ static inline char *web_client_valid_method(struct web_client *w, char *s) { s = &s[5]; w->mode = WEB_CLIENT_MODE_POST; } + else if(!strncmp(s, "PUT ", 4)) { + s = &s[4]; + w->mode = WEB_CLIENT_MODE_PUT; + } + else if(!strncmp(s, "DELETE ", 7)) { + s = &s[7]; + w->mode = WEB_CLIENT_MODE_DELETE; + } else if(!strncmp(s, "STREAM ", 7)) { s = &s[7]; @@ -1280,12 +1290,9 @@ void web_client_build_http_header(struct web_client *w) { w->response.data->date = now_realtime_sec(); // set a proper expiration date, if not already set - if(unlikely(!w->response.data->expires)) { - if(w->response.data->options & WB_CONTENT_NO_CACHEABLE) - w->response.data->expires = w->response.data->date + localhost->rrd_update_every; - else - w->response.data->expires = w->response.data->date + 86400; - } + if(unlikely(!w->response.data->expires)) + w->response.data->expires = w->response.data->date + + ((w->response.data->options & WB_CONTENT_NO_CACHEABLE) ? 0 : 86400); // prepare the HTTP response header netdata_log_debug(D_WEB_CLIENT, "%llu: Generating HTTP header with response %d.", w->id, w->response.code); @@ -1756,6 +1763,8 @@ void web_client_process_request(struct web_client *w) { case WEB_CLIENT_MODE_FILECOPY: case WEB_CLIENT_MODE_POST: case WEB_CLIENT_MODE_GET: + case WEB_CLIENT_MODE_PUT: + case WEB_CLIENT_MODE_DELETE: if(unlikely( !web_client_can_access_dashboard(w) && !web_client_can_access_registry(w) && @@ -1888,6 +1897,8 @@ void web_client_process_request(struct web_client *w) { case WEB_CLIENT_MODE_POST: case WEB_CLIENT_MODE_GET: + case WEB_CLIENT_MODE_PUT: + case WEB_CLIENT_MODE_DELETE: netdata_log_debug(D_WEB_CLIENT, "%llu: Done preparing the response. Sending data (%zu bytes) to client.", w->id, w->response.data->len); break; @@ -2051,7 +2062,7 @@ ssize_t web_client_send_deflate(struct web_client *w) // ask for FINISH if we have all the input int flush = Z_SYNC_FLUSH; - if((w->mode == WEB_CLIENT_MODE_GET || w->mode == WEB_CLIENT_MODE_POST) + if((w->mode == WEB_CLIENT_MODE_GET || w->mode == WEB_CLIENT_MODE_POST || w->mode == WEB_CLIENT_MODE_PUT || w->mode == WEB_CLIENT_MODE_DELETE) || (w->mode == WEB_CLIENT_MODE_FILECOPY && !web_client_has_wait_receive(w) && w->response.data->len == w->response.rlen)) { flush = Z_FINISH; netdata_log_debug(D_DEFLATE, "%llu: Requesting Z_FINISH, if possible.", w->id); diff --git a/web/server/web_client.h b/web/server/web_client.h index 68fcbfa31..ff09fcd54 100644 --- a/web/server/web_client.h +++ b/web/server/web_client.h @@ -18,6 +18,8 @@ typedef enum web_client_mode { WEB_CLIENT_MODE_FILECOPY = 2, WEB_CLIENT_MODE_OPTIONS = 3, WEB_CLIENT_MODE_STREAM = 4, + WEB_CLIENT_MODE_PUT = 5, + WEB_CLIENT_MODE_DELETE = 6, } WEB_CLIENT_MODE; typedef enum { |