d8b6d985f1
Check that the default certificates file exists in a unit test.
2011-02-20 12:33:00 -08:00
19f850e19b
Declare dependencies in setup.py for automatic installation.
2011-02-20 12:16:43 -08:00
c7b118fc79
Add ca-certificates.crt as a data file in setup.py
2011-02-19 15:57:12 -08:00
d470b35985
Track SSL handshake state separately from calling _add_io_state directly.
...
Calling _add_io_state would set a flag that immediately gets overwritten
in _handle_events when it sees that the application-level read/write
operations are idle. This happens to work with kqueue but not with epoll.
2011-02-19 15:39:27 -08:00
5b8b935ed9
Clear the Host header when following redirects
2011-02-19 15:35:37 -08:00
907a9b461d
Add more debugging options to command-line mode of simple_httpclient
2011-02-19 15:31:11 -08:00
5f73de9f14
Call listen() on low-level socket test.
...
This is apparently required on linux but not on mac.
2011-02-19 14:59:39 -08:00
dc10fceaab
Set both VERIFYPEER and VERIFYHOST according to the validate_cert setting.
2011-02-19 14:29:35 -08:00
6fa950ceba
Fix a case where callbacks could be called more than once in error conditions.
2011-02-19 13:58:56 -08:00
3951d5997a
Don't call curl.unsetopt(pycurl.CAINFO) to reset CA certificates to default.
...
This doesn't work because it clobbers the default CA certs, causing all
certificates to be rejected. There doesn't seem to be any way to restore
the defaults, so just leave it untouched in the default case and document
the requirement that all requests use ca_certs if any do.
2011-02-19 13:43:33 -08:00
e7ee4e1f73
Add logout link to authdemo for testing purposes.
2011-02-19 13:33:21 -08:00
2ab946518a
Document new behavior of XSRF tokens.
2011-02-16 13:36:50 -08:00
4e6b96fbcb
Add linkify to the default template namespace.
2011-02-16 13:34:35 -08:00
05b62938e2
Use SO_REUSEADDR in low-level socket tests.
2011-02-16 13:21:40 -08:00
64d9c63050
Update docs for simple_httpclient.
2011-02-16 13:05:23 -08:00
b8500d3cc0
Revert "Undo documentation changes from the introduction of Application.listen()."
...
This reverts commit 2d42c18c36
2011-02-16 11:52:06 -08:00
f69b24d644
Don't modify the IOStream write buffer if the previous socket.send
...
returned EWOULDBLOCK.
This satisfies openssl's requirement that the write buffer address
not change between calls to send.
2011-02-15 14:46:16 -08:00
beee1c28ce
Change IOStream._read_buffer from cStringIO to a deque.
...
This change is mainly for consistency with the _write_buffer change.
2011-02-15 14:25:38 -08:00
d91f5dc809
Change IOStream._write_buffer from cStringIO to a deque.
...
This lays the groundwork for a future change to fix an issue with openssl.
2011-02-15 14:20:21 -08:00
0259909473
Add utility method for dealing with deques of strings, in preparation
...
for moving from cStringIO to deques for IOStream buffers.
2011-02-15 14:14:37 -08:00
6ac2c58db7
Add follow_redirects support to SimpleAsyncHTTPClient.
2011-02-14 20:51:19 -08:00
ab217b6b6f
Last part of certificate validation: check that the hostname matches.
2011-02-14 20:19:58 -08:00
372e545435
Add ssl.match_hostname function backported from Python 3.2.
...
https://bitbucket.org/brandon/backports.ssl_match_hostname
2011-02-14 20:14:43 -08:00
4191ed34f0
Detect the connection being closed by the server in SimpleAsyncHTTPClient.
2011-02-14 20:11:59 -08:00
5bff06d710
Make certificate validation optional with an HTTPRequest parameter
...
for consistency between curl and simple HTTPClients.
2011-02-14 20:05:47 -08:00
cfa8857b81
Part 1 of certificate validation: Require that the cert be signed by a CA.
2011-02-14 19:48:25 -08:00
d14cb06427
In SSLIOStream, delay the connect_callback until the SSL handshake finishes.
2011-02-14 19:23:56 -08:00
f2f504caea
Add a set of default SSL CA certificates for use with SimpleAsyncHTTPClient.
...
This data was copied from the Ubuntu package ca-certificates (and is
ultimately derived for the most part from Mozilla). Its license is
MPL/GPL, unlike the rest of tornado, but for an optional data file it
ought to be fine.
2011-02-14 18:58:02 -08:00
e965299b9e
Add a simple mechanism to override DNS lookups in SimpleAsyncHTTPClient.
...
Intended for use in SSL unittests, where we will need to make requests to
localhost using different domain names.
2011-02-14 15:40:32 -08:00
88833c118f
Make @removeslash a no-op when applied to a request for '/'.
...
This prevents a redirect loop as browsers interpret an empty redirect
as a redirect to /.
2011-02-11 20:25:06 -08:00
73d3c82bc2
Removing the *.png pattern for the 'demos' line.
...
Because there aren't any .png files in the 'demos' hierarchy, this was causing
a warning when the 'egg_info' setup command was run.
2011-02-11 17:53:38 -08:00
b7e8930b82
Check XSRF tokens on all non-idempotent requests instead of just POST.
2011-02-09 17:09:57 -08:00
2d42c18c36
Undo documentation changes from the introduction of Application.listen().
...
The examples given do not work in the 1.1.1 release. This change should be
reverted when 1.2 is released and the new examples work.
2011-02-09 17:01:53 -08:00
4170d351d7
Merge commit 'v1.1.1'
...
Conflicts:
setup.py
2011-02-08 22:53:59 -08:00
b91245427f
Tag release 1.1.1
2011-02-08 22:43:07 -08:00
90b8078739
BACKWARDS-INCOMPATIBLE: Fix XSRF security vulnerability.
...
This is a backwards-incompatible change. Applications that previously
relied on a blanket exception for XMLHTTPRequest may need to be modified
to explicitly include the XSRF token when making ajax requests.
The tornado chat demo application demonstrates one way of adding this
token (specifically the function postJSON in demos/chat/static/chat.js).
More information about this change and its justification can be found at
http://www.djangoproject.com/weblog/2011/feb/08/security/
http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails
Closes #214 .
2011-02-08 22:29:40 -08:00
c32ad6b0e7
Fix error in docstring.
...
Closes #209 .
2011-02-06 18:58:58 -08:00
8ff8535de7
Add a test to verify reasonable behavior when HTTPS server is sent non-SSL request.
...
Prompted by issue #211 .
2011-02-06 18:42:04 -08:00
0687800b5e
Use request.uri instead of request.path in websocket handshake.
...
Closes #208 .
2011-01-25 12:15:37 -08:00
b733c91f12
Update example in XSRF section.
...
Login forms don't actually need XSRF protection, so use a message-posting
form instead.
2011-01-25 12:02:11 -08:00
5ab27b2f7d
Move request logging from RequestHandler to Application.
...
Logging can now be configured with either a subclass or setting of
Application. This replaces the previous method of overriding a private
method of RequestHandler, which was difficult to do for built-in handlers
(StaticFileHandler and RedirectHandler).
2011-01-21 13:14:06 -08:00
84fea83baa
Fix commit 377c160 when connection is None.
2011-01-20 22:13:12 -08:00
377c160a15
Set HTTPRequest.protocol correctly when using the built-in SSL support.
...
Closes #202 .
2011-01-20 11:59:45 -08:00
498438b12f
Use kwargs when constructing RedirectHandlers.
...
Closes #205 .
2011-01-20 11:52:53 -08:00
a2728596fe
Added missing attribute "stream" in call to getpeercert() in HTTPRequest.get_ssl_certificate().
2011-01-19 15:18:30 +01:00
b7dd49cd60
Replace more uses of cStringIO.getvalue() with .tell().
2011-01-13 10:51:35 -08:00
f531bae7f4
Merge remote branch 'didip/master' into merge
2011-01-13 10:50:30 -08:00
c270662df0
Add some comments about thread safety.
2011-01-12 12:14:57 -08:00
bba5a45c3f
reset() only set current position back to 0. What we want here is truncate().
...
But, per http://stackoverflow.com/questions/4330812/how-do-i-clear-a-stringio-object discussion, creating new StringIO() is cheaper.
2011-01-10 11:56:28 -08:00
2514e88a4c
Further optimization by using tell() and reset()
2011-01-10 11:45:08 -08:00
Ben Darnell