request-processor-procs.tcl

  • last updated 6 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Make behind_secure_proxy_p more robust against unexpected values in X-SSL-Request

Add dcommented debug line

Bug fix: avoid confusion between command argument and option, when argument starts with "-"

  1. … 81 more files in changeset.
Don't throw an error, when no url2file mapping exists

merged changes from the oacs-5-9 branch and resolved conflicts

    • -182
    • +394
    ./request-processor-procs.tcl
  1. … 7834 more files in changeset.
applying a solution for the minor-version upgrade, not requiring larger refactoring

  1. … 2 more files in changeset.
Setting global var as well in -procs file (debuggin install from repo)

Standardize spellings of names

  1. … 6 more files in changeset.
- additional subcommand [ad_conn vhost_url] to obtain the url of host-node-mapped subsites

- solve the problem with util_current_directory via [ad_conn vhost_url]

  1. … 1 more file in changeset.
- add [ad_conn behind_proxy_p] and [ad_conn behind_secure_proxy_p] to centralize logic

- use the new function fix [security::get_qualified_url] when running behind a proxy

  1. … 2 more files in changeset.
- add [ad_conn ajax_p] to check, whether the request was an ajax requests (assumption: ajax-request sets header-field -Requested-With: XMLHttpRequest")

- extend permission::require_permission to omit redirection of unauthenticaed users to the login page for ajax requests

  1. … 1 more file in changeset.
Add ability to include actual user in the access log (see as well updated sample OpenACS config file in the NaviServer repository)

Remove over-eager safety check

Prefer variable over proc to access the kernel id

add query parameters on redirect to cononical site

Standardize spelling of names of products (Tcl, AOLserver, PostgreSQL, NaviServer)

  1. … 43 more files in changeset.
Place upgrade from insecure request after the optional canonical check

- new feature for future releases: UseCanonicalLocation

to force requests submitted to a alternate DNS entry to be

redirected to a canonical name. For more background, see:

https://support.google.com/webmasters/answer/139066?hl=en

https://webmasters.stackexchange.com/questions/44830/should-i-redirect-the-site-ip-address-to-the-domain-name

- use ns_returnmoved (301) instead of ns_returnredirect (302)

for unwanted requests

Aolserver workaround for ns_set get

- white space change (replace trailing spaces)

- avoid nesting double quotes

- put resetting of untrusted user_id to the right place

  1. … 1 more file in changeset.
- use more consistent quoting

- make handling of URLs pointing to unresolvable package_keys more robust

- avoid potential errors in the error.log for urls which are not pointing to mounted packages (where [ad_conn package_key] is empty)

- remove "global" statements and use "::" prefix instead

- fix code that can't work. ... anyhow, package_key seems not be used here

- move comment to the right place

- Implements "Upgrade Insecure Requests" headers:

W3C Candidate Recommendation

https://www.w3.org/TR/upgrade-insecure-requests/

- added kernel parameter MaxUrlLength (default 2000) to remove

hard-coded length in request-processor-procs.

- lifted data model restriction of 100 characters for url-segments

(changing types of "site_nodes.name" from "varchar(100)" to "text")

(PostgreSQL only)

- site_node__node_id

* use built-in string functions instead of characterwise loop

* use default for last argument

* Improve source-code documentation

- bumped version number of kernel to 5.9.1d15

  1. … 3 more files in changeset.