Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Update the documentation on the "fossil http" and "fossil server" commands to talk about restrictions on filenames and to describe how static content files can be returned. |
|---|---|
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
99ab9fb47cfb20106564012b7678ca5d |
| User & Date: | drh 2012-12-01 04:49:38.958 |
Context
|
2012-12-01
| ||
| 09:53 | update wrong comment check-in: 39807cdf0c user: jan.nijtmans tags: trunk | |
| 04:49 | Update the documentation on the "fossil http" and "fossil server" commands to talk about restrictions on filenames and to describe how static content files can be returned. check-in: 99ab9fb47c user: drh tags: trunk | |
| 04:37 | Additional restrictions on the names of files served by "fossil server DIRECTORY": (1) only alphanumerics, "_", "-", "/", and "." characters are allowed in the pathname. (2) A "-" may not occur after a "/". (3) Every "." must be surrounded on both sides alphanumerics. This check-in also updates the changelog for the 1.25 release. check-in: c71e096800 user: drh tags: trunk | |
Changes
Changes to src/main.c.
| ︙ | ︙ | |||
1699 1700 1701 1702 1703 1704 1705 1706 1707 1708 1709 1710 1711 1712 | ** repository. ** ** If REPOSITORY is a directory that contains one or more repositories ** with names of the form "*.fossil" then the first element of the URL ** pathname selects among the various repositories. If the pathname does ** not select a valid repository and the --notfound option is available, ** then the server redirects (HTTP code 302) to the URL of --notfound. ** ** The --host option can be used to specify the hostname for the server. ** The --https option indicates that the request came from HTTPS rather ** than HTTP. If --nossl is given, then SSL connections will not be available, ** thus also no redirecting from http: to https: will take place. ** ** If the --localauth option is given, then automatic login is performed | > > > > > > | 1699 1700 1701 1702 1703 1704 1705 1706 1707 1708 1709 1710 1711 1712 1713 1714 1715 1716 1717 1718 | ** repository. ** ** If REPOSITORY is a directory that contains one or more repositories ** with names of the form "*.fossil" then the first element of the URL ** pathname selects among the various repositories. If the pathname does ** not select a valid repository and the --notfound option is available, ** then the server redirects (HTTP code 302) to the URL of --notfound. ** When REPOSITORY is a directory, the pathname must contain only ** alphanumerics, "_", "/", "-" and "." and no "-" may occur after a "/" ** and every "." must be surrounded on both sides by alphanumerics or else ** a 404 error is returned. Static content files in the directory are ** returned if they have a well-known suffix. Repository files and their ** journals are never returned as static content. ** ** The --host option can be used to specify the hostname for the server. ** The --https option indicates that the request came from HTTPS rather ** than HTTP. If --nossl is given, then SSL connections will not be available, ** thus also no redirecting from http: to https: will take place. ** ** If the --localauth option is given, then automatic login is performed |
| ︙ | ︙ | |||
1820 1821 1822 1823 1824 1825 1826 | ** The "ui" command automatically starts a web browser after initializing ** the web server. The "ui" command also binds to 127.0.0.1 and so will ** only process HTTP traffic from the local machine. ** ** In the "server" command, the REPOSITORY can be a directory (aka folder) ** that contains one or more repositories with names ending in ".fossil". ** In that case, the first element of the URL is used to select among the | | > > > > > > | > > > | 1826 1827 1828 1829 1830 1831 1832 1833 1834 1835 1836 1837 1838 1839 1840 1841 1842 1843 1844 1845 1846 1847 1848 1849 1850 1851 1852 1853 1854 1855 1856 1857 1858 1859 1860 1861 |
** The "ui" command automatically starts a web browser after initializing
** the web server. The "ui" command also binds to 127.0.0.1 and so will
** only process HTTP traffic from the local machine.
**
** In the "server" command, the REPOSITORY can be a directory (aka folder)
** that contains one or more repositories with names ending in ".fossil".
** In that case, the first element of the URL is used to select among the
** various repositories. To thwart mischief, the pathname in the URL must
** contain only alphanumerics, "_", "/", "-", and ".", and no "-" may
** occur after "/", and every "." must be surrounded on both sides by
** alphanumerics. Any pathname that does not satisfy these constraints
** results in a 404 error. Files in REPOSITORY that have known suffixes
** such as ".txt" or ".html" or ".jpeg" (but not ".fossil"!) will be
** served as static content.
**
** By default, the "ui" command provides full administrative access without
** having to log in. This can be disabled by setting turning off the
** "localauth" setting. Automatic login for the "server" command is available
** if the --localauth option is present and the "localauth" setting is off
** and the connection is from localhost. The optional REPOSITORY argument
** to "ui" may be a directory and will function as "server" if and only if
** the --notfound option is used.
**
** Options:
** --localauth enable automatic login for requests from localhost
** -P|--port TCPPORT listen to request on port TCPPORT
** --th-trace trace TH1 execution (for debugging purposes)
** --baseurl URL Use URL as the base (useful for reverse proxies)
** --notfound URL Redirect
**
** See also: cgi, http, winsrv
*/
void cmd_webserver(void){
int iPort, mxPort; /* Range of TCP ports allowed */
const char *zPort; /* Value of the --port option */
const char *zBrowser; /* Name of web browser program */
|
| ︙ | ︙ |