diff --git a/README.lwsws.md b/README.lwsws.md index b15dcd00..e2238371 100644 --- a/README.lwsws.md +++ b/README.lwsws.md @@ -328,6 +328,18 @@ options are given, the content is marked uncacheable. } ``` +Normally a file suffix MUST match one of the canned mimetypes or one of the extra +mimetypes, or the file is not served. This adds a little bit of security because +even if there is a bug somewhere and the mount dirs are circumvented, lws will not +serve, eg, /etc/passwd. + +If you provide an extra mimetype entry + + "*": "" + +Then any file is served, if the mimetype was not known then it is served without a +Content-Type: header. + @section lwswspl Lwsws Plugins Protcols and extensions may also be provided from "plugins", these are diff --git a/doc/html/md_README.lwsws.html b/doc/html/md_README.lwsws.html index 86223ae5..a3447b8e 100644 --- a/doc/html/md_README.lwsws.html +++ b/doc/html/md_README.lwsws.html @@ -148,7 +148,10 @@ Lwsws Other mount options

3) It's also possible to set the cgi timeout (in secs) per cgi:// mount, like this

1 "cgi-timeout": "30"

4) callback:// protocol may be used when defining a mount to associate a named protocol callback with the URL namespace area. For example

1 {
2  "mountpoint": "/formtest",
3  "origin": "callback://protocol-post-demo"
4 }

All handling of client access to /formtest[anything] will be passed to the callback registered to the protocol "protocol-post-demo".

This is useful for handling POST http body content or general non-cgi http payload generation inside a plugin.

See the related notes in README.coding.md

-

5) Cache policy of the files in the mount can also be set. If no options are given, the content is marked uncacheable.

1 {
2  "mountpoint": "/",
3  "origin": "file:///var/www/mysite.com",
4  "cache-max-age": "60", # seconds
5  "cache-reuse": "1", # allow reuse at client at all
6  "cache-revalidate": "1", # check it with server each time
7  "cache-intermediaries": "1" # allow intermediary caches to hold
8 }

6) You can also define a list of additional mimetypes per-mount

1 "extra-mimetypes": {
2  ".zip": "application/zip",
3  ".doc": "text/evil"
4  }

+

5) Cache policy of the files in the mount can also be set. If no options are given, the content is marked uncacheable.

1 {
2  "mountpoint": "/",
3  "origin": "file:///var/www/mysite.com",
4  "cache-max-age": "60", # seconds
5  "cache-reuse": "1", # allow reuse at client at all
6  "cache-revalidate": "1", # check it with server each time
7  "cache-intermediaries": "1" # allow intermediary caches to hold
8 }

6) You can also define a list of additional mimetypes per-mount

1 "extra-mimetypes": {
2  ".zip": "application/zip",
3  ".doc": "text/evil"
4  }

Normally a file suffix MUST match one of the canned mimetypes or one of the extra mimetypes, or the file is not served. This adds a little bit of security because even if there is a bug somewhere and the mount dirs are circumvented, lws will not serve, eg, /etc/passwd.

+

If you provide an extra mimetype entry

                    "*": ""
+

Then any file is served, if the mimetype was not known then it is served without a Content-Type: header.

+

Lwsws Plugins

Protcols and extensions may also be provided from "plugins", these are lightweight dynamic libraries. They are scanned for at init time, and any protocols and extensions found are added to the list given at context creation time.

Protocols receive init (LWS_CALLBACK_PROTOCOL_INIT) and destruction (LWS_CALLBACK_PROTOCOL_DESTROY) callbacks per-vhost, and there are arrangements they can make per-vhost allocations and get hold of the correct pointer from the wsi at the callback.

diff --git a/lib/server.c b/lib/server.c index 66e3035d..480824dc 100644 --- a/lib/server.c +++ b/lib/server.c @@ -325,6 +325,9 @@ lws_get_mimetype(const char *file, const struct lws_http_mount *m) return "application/xml"; while (pvo) { + if (pvo->name[0] == '*') /* ie, match anything */ + return pvo->value; + if (!strcmp(&file[n - strlen(pvo->name)], pvo->name)) return pvo->value; @@ -430,8 +433,10 @@ lws_http_serve(struct lws *wsi, char *uri, const char *origin, mimetype = lws_get_mimetype(path, m); if (!mimetype) { lwsl_err("unknown mimetype for %s\n", path); - goto bail; + goto bail; } + if (!mimetype[0]) + lwsl_debug("sending no mimetype for %s\n", path); wsi->sending_chunked = 0; @@ -1958,10 +1963,12 @@ lws_serve_http_file(struct lws *wsi, const char *file, const char *content_type, if (lws_add_http_header_status(wsi, 200, &p, end)) return -1; - if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_CONTENT_TYPE, - (unsigned char *)content_type, - strlen(content_type), &p, end)) - return -1; + if (content_type && content_type[0]) { + if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_CONTENT_TYPE, + (unsigned char *)content_type, + strlen(content_type), &p, end)) + return -1; + } if (!wsi->sending_chunked) { if (lws_add_http_header_content_length(wsi, wsi->u.http.filelen, &p, end))