| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
| |
This fixes a bug where cloning buffers with images would crash the
browser.
|
| |
|
|
|
|
|
|
| |
The status code & headers are no longer guaranteed to be sent right
after res/outputId, so read them asynchronously instead.
(This is pretty much the same code as the buffer connection handler in
pager. Hopefully we can merge the two at some point.)
|
| |
|
|
|
|
|
|
| |
It seems registerHandle/unregister doesn't accept cint as handles. Not
sure why it even works on 64-bit targets... (maybe some converter
weirdness?)
Seems best to explicitly cast it away.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* resize images with stb_image_resize
* use tee for output handle redirection (redirectToFile blocks)
* cache original image files
* accept lseek in sandbox
* misc stbi fixes
For now, I just pulled in stb_image_resize v1. v2 is an extra 150K in
size, not sure if it's worth the cost. (Either way, we can always switch
later if needed, since the API is almost the same.)
Next step: move sixel/kitty encoders to CGI, and cache their output in
memory instead of the intermediate RGBA representation.
|
| | |
|
| | |
|
| |
|
|
| |
we no longer crash on broken codecs. yay
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* multi-processed and sandboxed PNG decoding & encoding (through local
CGI)
* improved request body passing (including support for output id as
response body)
* simplified & faster blob()/text() - now every request starts
suspended, and OngoingData.buf has been replaced with loader's
buffering capability
* image caching: we no longer pull bitmaps from the container after
every single getLines call
Next steps: replace our bespoke PNG decoder with something more usable,
add other decoders, and make them stream.
|
| |
|
|
| |
Operation "modularize Chawan somewhat" part 3
|
| |
|
|
|
|
|
| |
* make Client an instance of Window (for less special casing)
* misc work on Request & fetch
* improve origin comparison (opaque origins of same URLs are now
considered the same)
|
| |
|
|
|
|
|
| |
* add $LOGNAME to the tmp directory name, so that tmpdirs of separate
users don't conflict
* use separate directory for sockets, so that we do not have to give
buffers access to all cached pages
|
| |
|
|
|
|
|
| |
* prefix to-be-separated modules with js
* remove dynstreams dependency
* untangle from EmptyPromise
* move typeptr into tojs
|
| |
|
|
|
|
| |
Instead of the error-prone method of selectively applying config values
only for non-initial requests, add a separate (privileged) loader
command which allows specifying a different client config.
|
| |
|
|
|
|
|
| |
Equivalent to curl --insecure.
Note: unfortunately this does not help if the server is using unsafe
legacy renegotiation, you have to allow that in the OpenSSL config.
|
| |
|
|
|
|
|
|
|
| |
* do not use std's parse*Int; they accept weird stuff that we do not
want to accept in any case
* fix bug in parseHost where a parseIpv4 failure would result in an
empty host
* do not use isDigit, isAlphaAscii
* improve parse*IntImpl error handling
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We use libseccomp, which is now a semi-mandatory dependency on Linux.
(You can still build without it, but only if you pass a scary long flag
to make.)
For this to work I had to disable getTimezoneOffset, which would
otherwise call localtime_r which in turn reads in some files from
/usr/share/zoneinfo. To allow this we would have to give unrestricted
openat(2) access to buffer processes, which is unacceptable.
(Giving websites access to the local timezone is a fingerprinting vector
so if this ever gets fixed then it should be an opt-in config setting.)
This patch also includes misc fixes to buffer cloning, and fixes the
LIBEXECDIR override in the makefile so that it is actually useful.
|
| |
|
|
|
|
| |
* separate params with ; (semicolon) instead of , (colon)
* reduce screaming snake case use
* wrap long lines
|
| |
|
|
|
| |
GCC seems to generate something that strongly resembles a constant time
comparison, so I guess this should be good enough.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
It's the sandboxing system of FreeBSD. Quite pleasant to work with.
(Just trying to figure out the basics with this one before tackling the
abomination that is seccomp.)
Indeed, the only non-trivial part was getting newSelector to work with
Capsicum. Long story short it doesn't, so we use an ugly pointer cast +
assignment. But even that is stdlib's "fault", not Capsicum's.
This also gets rid of that ugly SocketPath global.
|
| |
|
|
|
|
|
|
|
|
| |
* fix mismatch between return value & read value that would either crash
or freeze the browser depending on its mood
* add an assertion to detect the above footgun
* fix some resource leaks
* fix iteration over a table that called a function which altered the
table in buffer's cancel()
* if user cancels before anything is loaded, destroy the container too
|
| |
|
|
| |
copy-paste error
|
| |
|
|
|
|
|
|
| |
This way they are no longer compatible, but we no longer need them to
be compatible anyway.
(This also forces us to throw out the old serialize module, and use
packet writers everywhere.)
|
| |
|
|
| |
analogous to bufwriter
|
| |
|
|
|
|
|
| |
So long as we have to live with siteconf, let's at least make it useful.
Also, rewrite the header overriding logic because while it did work,
it only did so accidentally.
|
| |
|
|
| |
no reason to do it separately in setupEnv
|
| |
|
|
| |
This way, we can use it everywhere (e.g. in mailcap).
|
| |
|
|
|
|
|
|
|
|
| |
Unsurprisingly enough, calling `write` a million times is never going to
be very fast.
BufferedWriter basically does the same thing as serialize.swrite did,
but queues up writes in batches before sending them.
TODO: give sread a similar treatment
|
| |
|
|
|
|
|
| |
As simple as it could be; no download panel yet.
Also, remove the xdg-open default mailcap entry; it's better to just
save by default.
|
| |
|
|
|
|
|
| |
Seems wise to flush before e.g. reading.
And unwise to enable buffering on tee() even though we disable it on
startRequest()
|
| | |
|
| |
|
|
|
|
|
|
| |
It was defined in the wrong module, and unnecessarily included
LoaderClientConfig.
Also, referrerPolicy was not being propagated to loader clients because
it was (incorrectly) in BufferConfig instead of LoaderClientConfig.
|
| |
|
|
|
| |
This can easily happen if a buffer process is killed and/or a new
process takes its ID.
|
| |
|
|
|
|
|
|
| |
* extern -> gone, runproc absorbed by pager, others moved into io/
* display -> local/ (where else would we display?)
* xhr -> html/
* move out WindowAttributes from term, so we don't depend on local
from server
|
| |
|
|
|
|
| |
only for source for now, rendered document is a bit more complicated
(also, get rid of useless extern/editor module)
|
| |
|
|
| |
SIGINT is trapped (well, ignored) by forkserver already.
|
| |
|
|
|
| |
Setting istream to nil was preventing finishCycle from unregistering &
closing it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sometimes, headers take a while to reach us even after the result has
been sent. e.g.
echo 'Cha-Control: Connected'
sleep 5
echo 'Cha-Control: ControlDone'
^ this froze the UI for 5 seconds, that's certainly not what we want.
Since we don't have a proper buffered reader yet, and I don't want to
write another disgusting hack like BufStream, we just use a state
machine to figure out how much we can read. Sounds bad, but in practice
it works just fine since loader's response patterns are very simple.
|
| |
|
|
|
|
|
| |
Better compute the values we need on-demand at the call sites; this way,
we can pass through content type attributes to mailcap too.
(Also, remove a bug where applyResponse was called twice.)
|
| |
|
|
| |
if recvData returns 0, it must be treated the same as a broken pipe.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Originally we had several loader processes so that the loader did not
need asynchronity for loading several buffers at once. Since then, the
scope of what loader does has been reduced significantly, and with
that loader has become mostly asynchronous.
This patch finishes the above work as follows:
* We only fork a single loader process for the browser. It is a waste of
resources to do otherwise, and would have made future work on a
download manager very difficult.
* loader becomes (almost) fully async. Now the only sync part is a)
processing commands and b) waiting for clients to consume responses.
b) is a bit more problematic than a), but should not cause problems
unless some other horrible bug exists in a client. (TODO: make it
fully async.)
This gives us a noticable improvement in CSS loading speed, since all
resources can now be queried at once (even before the previous ones
are connected).
* Buffers now only get processes when the *connection* is finished. So
headers, status code, etc. are handled by the client, and the buffer
is forked when the loader starts streaming the response body.
As a result, mailcap entries can simply dup2 the first UNIX domain
socket connection as their stdin. This allows us to remove the ugly
(and slow) `canredir' hack, which required us to send file handles on
a tour accross the entire codebase.
* The "cache" has been reworked somewhat:
- Since canredir is gone, buffer-level requests usually start
in a suspended state, and are explicitly resumed only after
the client could decide whether it wants to cache the response.
- Instead of a flag on Request and the URL as the cache key,
we now use a global counter and the special `cache:' scheme.
* misc fixes: referer_from is now actually respected by buffers (not
just the pager), load info display should work slightly better, etc.
|
| |
|
|
|
|
|
|
|
| |
not a very useful operation, but crashing on it is definitely not the
correct reaction
(hyperfine does this for example. though in that case it's still better
to turn it off, otherwise Chawan will pointlessly open a new buffer for
it...)
|
| |
|
|
|
|
|
|
| |
Ensure that a) dead outputs do not continue to get more data from
istream and b) if all outputs are dead, istream is immediately closed.
Also, remove that pointless loop in loadStreamRegular (it did nothing
that handleRead did not).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Get rid of sostream hack
This is no longer needed, and was in fact causing loadStream to get
stuck with redirects on regular files (i.e. the common case of receiving
<file on stdin without a -T content type override).
* Unify loading from cache and stdin regular file code paths
Until now, loadFromCache was completely sync. This is not a huge
problem, but it's better to make it async *and* not have two separate
procedures for reading regular files. (In fact, loadFromCache had
*another* bug related to its output fd not being added to outputMap.)
* Extra: remove ansi2html select error handling
It was broken, because it didn't handle read events before the
error. Also unnecessary, since recvData breaks from the loop on n == 0.
|
| |
|
|
|
|
|
|
| |
Cache mailcap entry output too, then delete it when the buffer can no
longer read from it.
(Maybe it would be useful to instead preserve it and allow viewSource
for HTML output too? Hmm.)
|
| |
|
|
|
|
|
|
| |
It is a very bad idea to add it before that, because it could be closed
for various reasons without being removed from the map.
More concretely, this was causing ghost ostream fds to block istream
selects in some cases.
|
| |
|
|
|
|
| |
* cancel resources on cancel() call
* call _exit in signal handler (also in loader)
* misc cleanups
|
| |
|
|
|
|
| |
The API is horrid :( but at least it copies less.
TODO: think of a better API.
|
| |
|
|
| |
but I forgot to ensure the output stream gets closed. :(
|