Small and lightweight web framework written in C99 and POSIX.1-2008. https://gitea.privatedns.org/xavi/libweb/atom?h=v0.5.1 2025-10-07T23:57:42+00:00 2025-10-07T23:57:42+00:00 Xavier Del Campo Romero xavi92@disroot.org 2025-10-07T23:51:15+00:00 urn:sha1:e85d90fbf37cbd5a3264a2debd9b51438836c729 So far, users had no way to free user-defined data allocated inside the chunk/step function pointers whenever an error occurred. Now, the free callback can be also used in conjunction with chunk/step, so that user-defined data is now deallocated when the operation finishes (in the case of chunk-encoded data) or an error occurs. 2025-10-07T23:57:42+00:00 Xavier Del Campo Romero xavi92@disroot.org 2025-10-06T21:01:42+00:00 urn:sha1:e77bd93693a74ce872d4c13fb45537c34518d84f A new function pointer, namely chunk, has been added to struct http_response so that library users can generate their message bodies dynamically. 2025-10-06T13:51:00+00:00 Xavier Del Campo Romero xavi92@disroot.org 2025-10-05T23:23:20+00:00 urn:sha1:3e4c7c993bbbe2bdeb563fa888b900d01c4be4a1 struct http_response did not provide users any void * that could be used to maintain a state between calls to an asynchronous HTTP response. On the other hand, the user pointer could not be used for this purpose, since it is shared among all HTTP clients for a given struct handler instance. Moreover, the length callback was still not supporting this feature, which in fact might be required by some users. Implementing this was particularly challenging, as this broke the current assumption that all bytes on a call to http_read were being processed. Now, since a client request can only be partially processed because of the length callback, http_read must take this into account so that the remaining bytes are still available for future calls, before reading again from the file descriptor. 2025-09-24T10:33:35+00:00 Xavier Del Campo Romero xavi92@disroot.org 2025-09-23T20:03:57+00:00 urn:sha1:5a6f30440b66fe6713acb9d979dc3e6624e4c36a Sometimes, library users cannot return a HTTP response as soon as the request is received, or the operations that are required to generate it can take a long time. In order to solve this, libweb adds a new member to struct http_response, namely step, which must be assigned to a function whenever a HTTP response should be generated in a non-blocking manner. Leaving the function pointer as null will fall back to the default behaviour. 2025-09-23T14:28:44+00:00 Xavier Del Campo Romero xavi92@disroot.org 2025-09-23T14:28:44+00:00 urn:sha1:f7864cb7d49a8ca5bddf8d1f68b71ecd5ed85adc This cookie attribute allows to mitigate CSRF attacks, while not requiring the server to store additional data. [1] [1]: https://owasp.org/www-community/SameSite 2024-11-10T23:04:39+00:00 Xavier Del Campo Romero xavi.dcr@tutanota.com 2024-11-10T22:56:57+00:00 urn:sha1:5d47b2d12caba33793a078d2eafae6ae3d2ad921 This commit allows the HTTP server to return partial content to clients, rather than returning the whole resource. This can be particularly useful for applications such as audio/video playback or showing large PDF files. Notes: - Applications must not care about partial contents i.e., if a valid user request was made, applications must still return HTTP status 200 ("OK"), as usual. The HTTP server will then translate the status code to 206 ("Partial Content") if required. 2024-10-04T13:16:52+00:00 Xavier Del Campo Romero xavi.dcr@tutanota.com 2024-10-04T13:16:52+00:00 urn:sha1:b8cd00d00fa4dd2c45615c6b0367e3b57e12e98d Defining each struct http_payload manually had the risk of missing some member on the initializer. This was in fact the case for `n_headers` and `headers`, which were only assigned by ctx_to_payload, and therefore some specific HTTP requests would mistakenly not reflect such information to users. 2024-10-04T13:15:16+00:00 Xavier Del Campo Romero xavi.dcr@tutanota.com 2024-10-04T13:15:16+00:00 urn:sha1:ca70c2ae2217e20cebfe3b8a7aa967cba20e5b4f According to POSIX.1-2008, this function is sensitive to the system locale, which might then have different definitions for a whitespace character. Therefore, it is safer to only check against ' ' so as to remove such a dependency. 2024-08-22T00:27:34+00:00 Xavier Del Campo Romero xavi.dcr@tutanota.com 2024-08-21T23:56:20+00:00 urn:sha1:34b62bd0c47c915a12ff1b81f52b123fc3eb4a69 According to RFC 2046, section 5.1.1, end boundaries might not be followed by CRLF. However, so far libweb naively relied on this behaviour as major implementations, such as cURL, Chromium or Gecko always add the optional CRLF, whereas Dillo does not. 2024-08-22T00:27:34+00:00 Xavier Del Campo Romero xavi.dcr@tutanota.com 2024-08-21T21:33:00+00:00 urn:sha1:3a25e79f269aa171f4e5646d52eb2f90d275cb3c "multipart/form-data"-encoded POST requests might use double quotes for their boundaries. While this is required when invalid characters are otherwise used (e.g.: ':'), some web clients always insert double quotes. Additionally, according to RFC 2046 section 5.1.1, the boundary parameter consists of 1 to 70 characters, but libweb was not imposing such restrictions.