berkus
/
actix-web
mirror of https://github.com/fafhrd91/actix-web
1
0
Fork 0
Code Issues Releases Wiki Activity
3,662 Commits 26 Branches 501 Tags 24 MiB
Commit Graph

489 Commits

Author SHA1 Message Date
Aaron Hill 7940292432
Fix loophole in soundness of `__private_get_type_id__` 
The `downcast_ref` and `downcast_mut` methods rely on
the `TypeId` returned from `__private_get_type_id__` for soundness.
To prevent users from overriding `__private_get_type_id__`, it returns
a tuple containing a type with a private constructor (`PrivateHelper`),
ensuring that any user-provided implementation cannot actually return.

However, there's a loophole - safe code could obtain an instance of
`PrivateHelper` by calling `__private_get_type_id__` on an *existing*
implementation, and then returning that `PrivateHelper` instance from
their own implementation. While this is incredibly contrived, and
could never happen by accident, it's still technically a soundness hole.

To fix this, `__private__get_type_id__` is changed to also take in a
`PrivateHelper` as a parameter. Now, safe code cannot use this method to
obtain a `PrivateHelper`, since a `PrivateHelper` would already need to
be available in order to call the method in the first place.
 2021-05-04 18:18:23 -04:00
Luca Palmieri c17662fe39
Reduce the level of the emitted log line from `error` to `debug`. (#2196) 
Co-authored-by: Rob Ede <robjtede@icloud.com>
 2021-05-03 00:58:14 +01:00
Voldracarno Draconor 1fcf92e11f
Update dependency "language-tags" (#2188) 2021-04-28 01:23:12 +01:00
Rob Ede a7cd4e85cf
use stable codec 0.4.0 2021-04-21 11:14:22 +01:00
Rob Ede 427fe6bd82
improve responseerror trait docs 2021-04-19 23:16:04 +01:00
Rob Ede 52bb2b5daf
hide downcast macros 2021-04-19 03:42:53 +01:00
Rob Ede db97974dc1
make some http re-exports more accessible (#2171) 2021-04-19 03:29:38 +01:00
Rob Ede 35f8188410
restore cookie methods on ServiceRequest 2021-04-19 02:24:20 +01:00
Rob Ede f743e885a3
prepare http release 3.0.0-beta.6 2021-04-17 15:24:18 +01:00
Rob Ede 5747f84736
bump utils to stable v3 2021-04-17 02:07:33 +01:00
Rob Ede d8f56eee3e
bump service to stable v2 2021-04-16 20:28:21 +01:00
fakeshadow 845c02cb86
Add responder impl for Cow<str> (#2164) 2021-04-16 00:54:51 +01:00
Rob Ede ff65f1d006
non exhaustive http errors (#2161) 2021-04-14 06:07:59 +01:00
fakeshadow a9f26286f9
reduce branches in h1 dispatcher poll_keepalive (#2089) 2021-04-14 05:20:45 +01:00
Rob Ede 037ac80a32
document messagebody trait items 2021-04-14 03:23:15 +01:00
Rob Ede 1bfdfd1f41
implement parts as assoc method 2021-04-14 02:57:28 +01:00
Rob Ede 5202bf03c1
add some doc examples to response builder 2021-04-14 02:45:58 +01:00
Rob Ede 387c229f28
move response builder code to own file 2021-04-14 02:12:47 +01:00
Rob Ede 23e0c9b6e0
remove http-codes builders from actix-http (#2159) 2021-04-14 02:00:14 +01:00
Rob Ede 02ced426fd
add body to_bytes helper (#2158) 2021-04-13 13:34:22 +01:00
Rob Ede 4442535a45
clippy 2021-04-13 12:44:38 +01:00
Rob Ede edd9f14752
remove unpin from body types (#2152) 2021-04-13 11:16:12 +01:00
Rob Ede 981c54432c
remove json and url encoded form support from -http (#2148) 2021-04-12 10:30:28 +01:00
Rob Ede 44c55dd036
remove cookie support from -http (#2065) 2021-04-09 18:07:10 +01:00
Rob Ede e0b2246c68
prepare test release 0.1.0-beta.1 2021-04-02 10:03:01 +01:00
Rob Ede 6fb06a720a
prepare http release 3.0.0-beta.5 2021-04-02 09:27:11 +01:00
Rob Ede c54a0713de
migrate integration testing to new crate (#2112) 2021-04-02 08:26:59 +01:00
Ibraheem Ahmed 50dc13f280
move typed headers and implement FromRequest (#2094) 
Co-authored-by: Rob Ede <robjtede@icloud.com>
 2021-04-01 16:42:18 +01:00
Rob Ede c8ed8dd1a4
migrate to -utils beta 4 (#2127) 2021-04-01 15:26:13 +01:00
fakeshadow c49fe79207
Simplify lifetime annotation in HttpServiceBuilder. Simplify PlStream (#2129) 2021-03-30 15:46:09 +01:00
Rob Ede f66774e30b
remove `From<OffsetDateTime>` impl from HttpDate 
fully removes time crate from public api of -http
 2021-03-30 03:32:22 +01:00
fakeshadow 1281a748d0
merge H1ServiceHandler requests into HttpServiceHandler (#2126) 2021-03-30 03:06:16 +01:00
fakeshadow 222acfd070
Fix build for next actix-tls-beta release (#2122) 2021-03-29 13:45:48 +01:00
Rob Ede e8ce73b496
update dep docs 2021-03-29 11:52:59 +01:00
Daniel Egger f954a30c34
Fix typo in CHANGES.md (#2124) 2021-03-29 10:18:05 +01:00
fakeshadow 60f9cfbb2a
Refactor actix_http::h2::service module. Reduce loc. (#2118) 2021-03-26 18:24:51 +00:00
fakeshadow 6822bf2f58
Refactor actix_http::h1::service (#2117) 2021-03-26 16:15:04 +00:00
fakeshadow 2f7f1fa97a
fix broken pipe for h2 when client is instantly dropped (#2113) 2021-03-26 00:05:31 +00:00
fakeshadow 8c2ce2dedb
fix awc compress feature (#2116) 2021-03-25 22:47:37 +00:00
Rob Ede 3188ef5731
don't use rust annotation on code doc blocks 2021-03-25 08:45:52 +00:00
fakeshadow 351286486c
fix clippy warning on nightly (#2088) 
* fix clippy warning on nightly
 2021-03-19 19:25:35 +08:00
Rob Ede 81942d31d6
fix new dyn trait lint 2021-03-19 02:03:09 +00:00
fakeshadow b75b5114c3
refactor actix_http connection types and connector services (#2081) 2021-03-18 17:53:22 +00:00
Rob Ede 983b6904a7
unvendor openssl 2021-03-17 00:38:54 +00:00
Rob Ede 3dc2d145ef
import some traits as _ 2021-03-17 00:38:54 +00:00
fakeshadow c8f6d37290
rename client io trait. reduce duplicate code (#2079) 2021-03-16 16:31:14 +00:00
fakeshadow 69dd1a9bd6
Remove ConnectionLifetime trait. Simplify Acquired handling (#2072) 2021-03-16 02:56:23 +00:00
fakeshadow a55e87faaa
refactor actix_http::helpers to generic over bufmut trait (#2069) 2021-03-15 02:33:51 +00:00
fakeshadow 515d0e3fb4
change behavior of default upgrade handler (#2071) 2021-03-13 22:20:18 +00:00
fakeshadow a2b0e86632
simplify connector generic type (#2063) 2021-03-10 23:57:32 +00:00