sdk/lib/io/http_headers.dart - Issue 443373003: Make the default HTTP server configuration more secure

Side by Side Diff: sdk/lib/io/http_headers.dart

Issue 443373003: Make the default HTTP server configuration more secure (Closed) Base URL: https://dart.googlecode.com/svn/branches/bleeding_edge/dart

Patch Set: Created 6 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2013, the Dart project authors. Please see the AUTHORS file	1 // Copyright (c) 2013, the Dart project authors. Please see the AUTHORS file

2 // for details. All rights reserved. Use of this source code is governed by a	2 // for details. All rights reserved. Use of this source code is governed by a

3 // BSD-style license that can be found in the LICENSE file.	3 // BSD-style license that can be found in the LICENSE file.

4	4

5 part of dart.io;	5 part of dart.io;

6	6

7 class _HttpHeaders implements HttpHeaders {	7 class _HttpHeaders implements HttpHeaders {

8 final Map<String, List<String>> _headers;	8 final Map<String, List<String>> _headers;

9 final String protocolVersion;	9 final String protocolVersion;

10	10

(...skipping 234 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
245 } else {	245 } else {

246 return null;	246 return null;

247 }	247 }

248 }	248 }

249	249

250 void set contentType(ContentType contentType) {	250 void set contentType(ContentType contentType) {

251 _checkMutable();	251 _checkMutable();

252 _set(HttpHeaders.CONTENT_TYPE, contentType.toString());	252 _set(HttpHeaders.CONTENT_TYPE, contentType.toString());

253 }	253 }

254	254

	255 void clear() {

	256 _headers.clear();
	Anders Johnsen 2014/08/08 06:15:45 What about all the fields? Please add test with e What about all the fields? Please add test with e.g. var headers = ...; headers.contentLength = 0; headers.clear(); Expect.equals(headers.contentLength, -1); Søren Gjesse 2014/08/11 14:10:09 Done. Show quoted text On 2014/08/08 06:15:45, Anders Johnsen wrote: > What about all the fields? > > Please add test with e.g. > > var headers = ...; > headers.contentLength = 0; > headers.clear(); > Expect.equals(headers.contentLength, -1); Done.
	257 }

	258

255 // [name] must be a lower-case version of the name.	259 // [name] must be a lower-case version of the name.

256 void _add(String name, value) {	260 void _add(String name, value) {

257 assert(name == _validateField(name));	261 assert(name == _validateField(name));

258 // Use the length as index on what method to call. This is notable	262 // Use the length as index on what method to call. This is notable

259 // faster than computing hash and looking up in a hash-map.	263 // faster than computing hash and looking up in a hash-map.

260 switch (name.length) {	264 switch (name.length) {

261 case 4:	265 case 4:

262 if (HttpHeaders.DATE == name) {	266 if (HttpHeaders.DATE == name) {

263 _addDate(name, value);	267 _addDate(name, value);

264 return;	268 return;

(...skipping 525 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
790 }	794 }

791	795

792	796

793 class _Cookie implements Cookie {	797 class _Cookie implements Cookie {

794 String name;	798 String name;

795 String value;	799 String value;

796 DateTime expires;	800 DateTime expires;

797 int maxAge;	801 int maxAge;

798 String domain;	802 String domain;

799 String path;	803 String path;

800 bool httpOnly = false;	804 bool httpOnly = true;

801 bool secure = false;	805 bool secure = false;

802	806

803 _Cookie([this.name, this.value]) {	807 _Cookie([this.name, this.value]) {

804 _validate();	808 _validate();

805 }	809 }

806	810

807 _Cookie.fromSetCookieValue(String value) {	811 _Cookie.fromSetCookieValue(String value) {

	812 httpOnly = false;
	Anders Johnsen 2014/08/08 06:15:45 Is this because of spec? Can you add comment? Is this because of spec? Can you add comment? Søren Gjesse 2014/08/11 14:10:09 Changed the default back to false, and set it to t Show quoted text On 2014/08/08 06:15:45, Anders Johnsen wrote: > Is this because of spec? Can you add comment? Changed the default back to false, and set it to true in the non-parsing constructor. Added a comment there.
808 // Parse the 'set-cookie' header value.	813 // Parse the 'set-cookie' header value.

809 _parseSetCookieValue(value);	814 _parseSetCookieValue(value);

810 }	815 }

811	816

812 // Parse a 'set-cookie' header value according to the rules in RFC 6265.	817 // Parse a 'set-cookie' header value according to the rules in RFC 6265.

813 void _parseSetCookieValue(String s) {	818 void _parseSetCookieValue(String s) {

814 int index = 0;	819 int index = 0;

815	820

816 bool done() => index == s.length;	821 bool done() => index == s.length;

817	822

(...skipping 117 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
935 (codeUnit >= 0x23 && codeUnit <= 0x2B) \|\|	940 (codeUnit >= 0x23 && codeUnit <= 0x2B) \|\|

936 (codeUnit >= 0x2D && codeUnit <= 0x3A) \|\|	941 (codeUnit >= 0x2D && codeUnit <= 0x3A) \|\|

937 (codeUnit >= 0x3C && codeUnit <= 0x5B) \|\|	942 (codeUnit >= 0x3C && codeUnit <= 0x5B) \|\|

938 (codeUnit >= 0x5D && codeUnit <= 0x7E))) {	943 (codeUnit >= 0x5D && codeUnit <= 0x7E))) {

939 throw new FormatException(	944 throw new FormatException(

940 "Invalid character in cookie value, code unit: '$codeUnit'");	945 "Invalid character in cookie value, code unit: '$codeUnit'");

941 }	946 }

942 }	947 }

943 }	948 }

944 }	949 }

OLD	NEW

« no previous file with comments | « sdk/lib/io/http.dart ('k') | sdk/lib/io/http_impl.dart » ('j') | sdk/lib/io/http_impl.dart » ('J')