| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
I just tried it and found that using application/typescript, the browser will download
the file directly, I think that .ts should be mapped to application/javascript or
text/typescript
|
|
|
|
|
|
|
|
|
|
This relates directly to [an
issue](https://github.com/denoland/deno_std/issues/620) that I initially
raised in `deno_std` awhile back, and was reminded about it today when
the `oak` project popped up on my github recommended repos.
As of now Deno's http servers are vulnerable to the same underlying
issue of go CVE-2019-16276 due to the fact that it's based off of ported
go code from their old standard library. [Here's the commit that fixed
the
CVE.](https://github.com/golang/go/commit/6e6f4aaf70c8b1cc81e65a26332aa9409de03ad8)
Long story short, some off the shelf proxies and caching servers allow
for passing unaltered malformed headers to backends that they're
fronting. When they pass invalid headers that they don't understand this
can cause issues with HTTP request smuggling. I believe that to this
date, this is the default behavior of AWS ALBs--meaning any server that
strips whitespace from the tail end of header field names and then
interprets the header, when placed behind an ALB, is susceptible to
request smuggling.
The current behavior is actually specifically called out in [RFC
7230](https://tools.ietf.org/html/rfc7230#section-3.2.4) as something
that MUST result in a rejected message, but the change corresponding to
this PR, is more lenient and what both go and nginx currently do, and is
better than the current behavior.
|
|
|
|
|
|
|
|
|
|
|
|
readRequest should not write a response.
This reverts commit 017a611131a35ccf5dbfce6a2a665fa569e32ec1.
|
|
(#4565)
also removes std/encoding/mod.ts and std/archive/mod.ts which are useless.
|
|
|
|
|
|
|
|
|
|
* Reduce "testing" interfaces
* Use a callback instead of a generator for Deno.runTests()
* Default RunTestsOptions::reportToConsole to true
* Compose TestMessage into a single interface
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Ref #4467
This reverts commit 60cee4f045778777a16b6fffd6d5b9a1400d7246.
|
|
|
|
- moved and renamed append() into bytes from ws and textproto
- renamed textproto/readder_tests.ts -> textproto/test.ts
|
|
|
|
This is to avoid confusion with Deno.args which does not include the
executable to be run.
|
|
|
|
* Remove DENO_BUILD_MODE and DENO_BUILD_PATH
Also remove outdated docs related to ninja/gn.
* fix
* remove parameter to build_mode()
* remove arg parsing from benchmark.py
|
|
|
|
|
|
|
|
|
|
|
|
Due to structure of "Server" for each open connection there's a pending "read" op. Because connection owned by "Server" are not tracked, calling "Server.close()" doesn't close open connections.
This commit introduces simple tracking of connections for server and ensures owned connections are closed on "Server.close()".
|
|
|
|
This introduces BREAKING CHANGE by removing "std/testing/runner.ts".
Std tests are now run using "deno test" subcommand.
|
|
After splitting "failFast" and "exitOnFail" arguments, there was a situation where failing tests did not exit with code 1.
* fixed argument value passed to Deno.runTests() in deno test
* fixed argument value passed to Deno.runTests() in std/testing/runner.ts
* added integration tests for deno test to ensure failFast and exitOnFail work as expected
* don't write test file to file system, but keep it in memory
|
|
|
|
|
|
This PR brings assertOps and assertResources sanitizers to Deno.test() API.
assertOps checks that test doesn't leak async ops, ie. there are no unresolved
promises originating from Deno APIs. Enabled by default, can be disabled using
Deno.TestDefinition.disableOpSanitizer.
assertResources checks that test doesn't leak resources, ie. all resources used
in test are closed. For example; if a file is opened during a test case it must be
explicitly closed before test case finishes. It's most useful for asynchronous
generators. Enabled by default, can be disabled using
Deno.TestDefinition.disableResourceSanitizer.
We've used those sanitizers in internal runtime tests and it proved very useful in
surfacing incorrect tests which resulted in interference between the tests.
All tests have been sanitized.
Closes #4208
|
|
|
|
Introduces `std/types` which is designed to provide types for common
libraries that are compatible with Deno.
|
|
|
