summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-04-06fix: test_create_cache_if_dir_not_exit (#4636)Yusuke Sakurai
This test doesn't remove created directory after test. It will fail on next run.
2020-04-06Drop headers with trailing whitespace in header name (#4642)Andrew Stucki
This relates directly to [an issue](https://github.com/denoland/deno_std/issues/620) that I initially raised in `deno_std` awhile back, and was reminded about it today when the `oak` project popped up on my github recommended repos. As of now Deno's http servers are vulnerable to the same underlying issue of go CVE-2019-16276 due to the fact that it's based off of ported go code from their old standard library. [Here's the commit that fixed the CVE.](https://github.com/golang/go/commit/6e6f4aaf70c8b1cc81e65a26332aa9409de03ad8) Long story short, some off the shelf proxies and caching servers allow for passing unaltered malformed headers to backends that they're fronting. When they pass invalid headers that they don't understand this can cause issues with HTTP request smuggling. I believe that to this date, this is the default behavior of AWS ALBs--meaning any server that strips whitespace from the tail end of header field names and then interprets the header, when placed behind an ALB, is susceptible to request smuggling. The current behavior is actually specifically called out in [RFC 7230](https://tools.ietf.org/html/rfc7230#section-3.2.4) as something that MUST result in a rejected message, but the change corresponding to this PR, is more lenient and what both go and nginx currently do, and is better than the current behavior.
2020-04-06feat(std/flags): pass key and value to unknown (#4637)Andreas
2020-04-06docs: add README to cli/js/web/ (#4578)Ondřej Žára
2020-04-05feat: Add File support in FormData (#4632)crowlKats
2020-04-04Enable inspector tests (#4628)Andres Villegas
2020-04-04fix(std/testing): formatting bigint (#4626)Khải
2020-04-04doc: Improve the style guide (#4627)Nayeem Rahman
2020-04-03on init create disk_cache directory if it doesn't already exists (#4617)Lorran Rosa
2020-04-03clippy (#4618)Kitson Kelly
2020-04-03fix(#4546) Added Math.trunc to toSecondsFromEpoch to conform the result to ↵Parker Gabel
u64 (#4575)
2020-04-03feat: Expose ReadableStream and make Blob more standardized (#4581)Yusuke Sakurai
Co-authored-by: crowlkats <crowlkats@gmail.com>
2020-04-03v0.39.0Ryan Dahl
2020-04-03fix erroneous assert (#4608)dubiousjim
2020-04-03Properly handle invalid utf8 in paths (#4609)dubiousjim
2020-04-03adjust docs for Deno.seek (#4610)dubiousjim
2020-04-03Make inspector more robust, add --inspect-brk support (#4552)Bert Belder
2020-04-03fix: async ops sanitizer false positives in timers (#4602)Bartek Iwańczuk
2020-04-03upgrade dprint to 0.9.10 (#4601)Bartek Iwańczuk
2020-04-03Remove /std/media_types (#4594)Ryan Dahl
2020-04-03make Worker.poll private (#4603)Bartek Iwańczuk
2020-04-03Improve tests and docs for Deno.rename (#4597)dubiousjim
2020-04-03remove `Send` trait requirement from the `Resource` trait (#4585)Andy Finch
2020-04-03"deno doc" parses the "implements" clause of a class def (#4604)Ondřej Žára
2020-04-03`deno doc` parses super-class names (#4595)Ondřej Žára
Co-Authored-By: Luca Casonato <luca.casonato@antipy.com>
2020-04-02Revert "Respond with 400 on request parse failure" (#4593)Ryan Dahl
readRequest should not write a response. This reverts commit 017a611131a35ccf5dbfce6a2a665fa569e32ec1.
2020-04-02Refactor and expand mkdir tests (#4579)dubiousjim
2020-04-02Publish deno types on release (#4583)Luca Casonato
2020-04-02feat: deno test --filter (#4570)Ryan Dahl
2020-04-02upgrade: rusty_v8 v0.3.10 (#4576)Ryan Dahl
2020-04-02Added 'declare' handling to 'deno doc' (#4573)Luca Casonato
2020-04-01Support dynamic import in bundles. (#4561)Kitson Kelly
2020-04-01Expose global state publicly (#4572)Marcus Weiner
2020-04-01Move encode, decode helpers to /std/encoding/utf8.ts, delete /std/strings/ ↵Ryan Dahl
(#4565) also removes std/encoding/mod.ts and std/archive/mod.ts which are useless.
2020-04-01std(media_types): change .ts content type to application/typescript (#4563)木杉
2020-04-01Remove std/strings/pad.ts because String.prototype.padStart exists (#4564)Ryan Dahl
2020-04-01better parameter names for a couple functions (#4559)Chris Knight
2020-04-01fix(file_server): use media_types for Content-Type header (#4555)Khải
2020-04-01fix(#4550): setCookie should append cookies (#4558)木杉
2020-04-01fix(#4554): use --inspect in repl & eval (#4562)木杉
2020-04-01refactor(cli/js/testing): Reduce testing interfaces (#4451)Nayeem Rahman
* Reduce "testing" interfaces * Use a callback instead of a generator for Deno.runTests() * Default RunTestsOptions::reportToConsole to true * Compose TestMessage into a single interface
2020-04-01feat(std/http/server): Respond with 400 on request parse failure (#4551)Nayeem Rahman
2020-03-31doc: Improve API documentation and add examples (#4548)Chris Knight
2020-03-31Remove old release files (#4545)Ryan Dahl
deno_install scripts were updated in https://github.com/denoland/deno_install/commit/b635b525846d28d09fba1f6e88cccf1b5e66d499
2020-03-31fix: invalid blob type (#4536)crowlKats
2020-03-31Properly track isFile, isSymlink, isDirectory (#4541)dubiousjim
* Properly track isFile, isSymlink, isDirectory These don't exhaust all the possibilities, so none of them should be defined as "neither of the others". * empty
2020-03-31used native padStart/End where possible (#4537)Ondřej Žára
2020-03-30Fix umask test (#4533)dubiousjim
2020-03-30console: print promise details (#4524)Michał Sabiniarz
2020-03-30fix: Add check to fail the benchmark test on server error (#4519)Andres Villegas
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-08 08:48:39 +0000