If a null name (or HttpHeader or HttpField) is used
it should throw an ISE
+ .add() should remain consistent
+ .put() should remain consistent
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Updates after review.
Now the Content-Length header is generated by HpackEncoder based on
MetaData.contentLength, so that the MetaData.HttpFields are not modified.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Fixes#4542 Root pathspec mapping pathInfo
For the "" root pathspec, the pathinfo should always be the full path and the matched path is ""
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* updates from review
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Changed the way the test directory was created: it was based on a
millisecond timestamp, but the tests run fast and it was possible that
two tests were creating the directory within the same millisecond.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Fix#4541 by initially allocated a header buffer of `min(_config.getResponseHeaderSize(), _config.getOutputBufferSize())`
Only allocate a buffer of `getResponseHeaderSize` if an overflow results.
This should have no effect on the majority of responses where `getOutputBufferSize` is greater than `getResponseHeaderSize` other than the cost of a min operation.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
+ Now applying proper RFC 1952 ISIZE check.
+ Bit shifting is done with Longs against Long value.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Issue #4247 SameSite Session Cookie
Allows sameSite cookie settings to be configured in SessionCookieConfig comments
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4247 SameSite Session Cookies
Use non versioned cookie
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4247 SameSite Session Cookies
Added test and fixed getCommentWithAttributes
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4247 - Updating unit tests for HttpCookie
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Issue #4247 SameSite Session Cookie
While it may be best practise to always use Secure cookies when SameSite is None, there is nothing in the RFC that mandates it and thus I don't believe we should prevent such a configuration. If browsers enforce this, then users will find out soon enough... and if browsers change, then we are not required to do a new release to match.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4247 SameSite Session Cookie
For cookie comments with multiple SameSite attributes, the most strict
value is used. So `Strict` has precedence over `Lax` which has
precedence over `None`.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Joakim Erdfelt
Greg Wilkins
Simone Bordet
Lachlan Roberts
Jan Bartel
olivier lamy