|
88e923ffbc
|
Fixed SVR.JS crashes with X-SVR-JS-From-Main-Thread header and unspecified client request IPs
|
2024-02-02 19:23:45 +01:00 |
|
|
4d69f6f1a7
|
Add IP-based virtual hosts alongside hostname-based virtual hosts
|
2024-02-02 19:08:49 +01:00 |
|
|
ea228114e1
|
Head and foot inclusion is now returning 500 error in case of server error instead of server crash.
|
2024-01-24 19:48:50 +00:00 |
|
|
e172c2c005
|
Fix web root postfix prefix support
|
2024-01-24 19:06:00 +00:00 |
|
|
e29d1aa3aa
|
Fix syntax error from previous commit.
|
2024-01-24 18:53:29 +00:00 |
|
|
5fdbc898d0
|
Add support for web root postfix prefixes.
|
2024-01-24 18:52:05 +00:00 |
|
|
6abe280ee8
|
Add support for web root postfixes (for every host)
|
2024-01-23 07:00:23 +01:00 |
|
|
6a9afcbc26
|
Add support for useClientCertificate, rejectUnauthorizedClientCertificates, cipherSuite, ecdhCurve, tlsMinVersion, tlsMaxVersion, signatureAlgorithms and http2Settings config.json properties.
|
2024-01-22 23:21:01 +01:00 |
|
|
1a2019664a
|
Fixed error handling for invalid URL rewrite regexes. Also fixed bug with HTTP proxy not working.
|
2024-01-18 01:12:09 +01:00 |
|
|
60a84d879d
|
Clean up the code (remove trailing spaces)
|
2024-01-14 19:01:49 +01:00 |
|
|
db6c4faeaf
|
Mitigate log file injection vulnerability at mod file names.
|
2024-01-14 19:00:27 +01:00 |
|
|
e1e9338806
|
SVR.JS no longer crashes, when access to a log file is denied.
|
2024-01-14 09:00:08 +01:00 |
|
|
e11dd8d5b5
|
Mitigated log file injection for HTTP authentication
|
2024-01-14 08:41:11 +01:00 |
|
|
55dfa0ad1e
|
Fixed typo that caused 500 error with 308 code redirects
|
2024-01-13 10:25:42 +01:00 |
|
|
9569c7b7fd
|
Added support for 307 and 308 redirects (both in config.json and in redirect() SVR.JS API method)
|
2024-01-13 08:36:00 +01:00 |
|
|
03556813ec
|
Reformatted the source code
|
2024-01-13 08:25:38 +01:00 |
|
|
1123f40961
|
Cleaned up the code
|
2024-01-13 08:09:32 +01:00 |
|
|
4179e4020c
|
Dropped support for svrmodpack; SVR.JS LTS versions will still have svrmodpack support.
|
2024-01-13 08:01:05 +01:00 |
|
|
7e73cb68d3
|
Added support for skipping URL rewriting, when the URL refers to a file or a directory.
|
2024-01-13 07:53:16 +01:00 |
|
|
d942342106
|
Changed rewriteURL method to use callbacks.
|
2024-01-13 07:34:28 +01:00 |
|
|
7a6661b895
|
Fix searchHostname function
|
2023-12-30 23:43:07 +01:00 |
|
|
b0ed92d8ac
|
Removed all remnants of "DorianTech" in SVR.JS
|
2023-12-24 19:17:34 +01:00 |
|
|
7be1c2a73b
|
Fixed host name rewriting
|
2023-12-16 08:59:49 +01:00 |
|
|
949e799d45
|
Improved SNI and host header processing
|
2023-12-15 23:28:06 +01:00 |
|
|
e68118ecbc
|
Improve on new SNI-related changes
|
2023-12-15 00:50:33 +01:00 |
|
|
aac6323401
|
Add Host header processing
|
2023-12-15 00:15:54 +01:00 |
|
|
63f8e98add
|
SVR.JS now refuses to start with misconfigured SNI in order to prevent ReDoS vulnerabilities.
|
2023-12-15 00:05:22 +01:00 |
|
|
179ebf6a7f
|
Changed secure context regex generation
|
2023-12-14 23:45:50 +01:00 |
|
|
355d20a2c1
|
Optimized some anti-XSS measures
|
2023-12-12 23:22:06 +01:00 |
|
|
2faf1e9c61
|
Mitigated even more XSS vulnerabilities.
|
2023-12-12 23:19:29 +01:00 |
|
|
8bad3f918c
|
Fixed multiple XSS vulnerabilities
|
2023-12-12 23:09:39 +01:00 |
|
|
5950d326fe
|
Clean up res.writeHead wraooer code
|
2023-12-12 22:37:23 +01:00 |
|
|
5902dd52fc
|
Added client errors, server errors, and malformed HTTP request counts to SVR.JS status page.
|
2023-12-12 22:29:27 +01:00 |
|
|
2fb4c52777
|
Make status page code more readable.
|
2023-12-12 22:19:51 +01:00 |
|
|
953c95f485
|
Fixes bug in the sizify function
|
2023-12-07 09:56:09 +01:00 |
|
|
ab69abf2da
|
Fixed bug with URL rewriting and trailing slash redirection
|
2023-12-03 16:18:21 +01:00 |
|
|
2cab4349f9
|
Minor code style corrections
|
2023-12-03 14:04:38 +01:00 |
|
|
7229661c8e
|
Replace all instances of "ex" with "err"
|
2023-12-03 14:00:52 +01:00 |
|
|
ebe310eca6
|
Clean up SVR.JS code
|
2023-12-03 13:58:35 +01:00 |
|
|
caf2ad685d
|
Fix environment variable support (after testing)
|
2023-12-03 13:55:56 +01:00 |
|
|
d02c9754c9
|
Invalid compression exclusion list regexes no longer crash SVR.JS
|
2023-12-03 13:09:56 +01:00 |
|
|
17def48271
|
Changed invalid regex error message
|
2023-12-03 13:07:28 +01:00 |
|
|
0ed74bc55d
|
Change base 1000 size prefixes to base 1024.
|
2023-12-03 12:51:05 +01:00 |
|
|
ae1738166f
|
Add new config.json option - environmentVariables.
|
2023-12-03 12:11:15 +01:00 |
|
|
1f42691cbc
|
Correct language errors
|
2023-12-03 12:05:14 +01:00 |
|
|
024d6cc2d3
|
SVR.JS now saves configuration files with trailing newlines.
|
2023-12-03 12:02:49 +01:00 |
|
|
5321f2c6a7
|
Added trailing slash redirect support
|
2023-12-03 11:55:19 +01:00 |
|
|
10b7da09ae
|
Corrected language errors in console error messages.
|
2023-11-12 19:52:59 +01:00 |
|
|
13603adf1b
|
Fix even more language errors in HTTP error message descriptions.
|
2023-11-12 19:47:32 +01:00 |
|
|
fad9dc61ae
|
Fix multiple language errors in HTTP error message descriptions.
|
2023-11-12 18:59:24 +01:00 |
|
|
b38e1cea5f
|
Fixed crashes due of destroyed HTTP/2 stream (Node.JS bug: https://github.com/nodejs/node/issues/24470)
|
2023-11-12 18:41:06 +01:00 |
|
|
ae45c2e132
|
SVR.JS now sends configuration file saving request to one random good worker instead of all workers to prevent configuration file corruption.
|
2023-11-12 18:33:29 +01:00 |
|
|
fccc0ef7ca
|
Fixed bug with non-standard code regex replacements
|
2023-09-17 23:32:42 +02:00 |
|
|
a2ecbe4c5a
|
Optimize mod loader
|
2023-09-12 23:19:14 +02:00 |
|
|
84b7cac684
|
Fix bug with mods executing in wrong order (bug was related with access control vulnerability fix; bug was not present in LTS versions)
|
2023-09-12 23:15:55 +02:00 |
|
|
c8c069aceb
|
Rename properDirectoryListingServe function to properDirectoryListingAndStaticFileServe.
|
2023-09-12 19:50:39 +02:00 |
|
|
75e987dcf4
|
Removed undocumented and non-working code.
|
2023-09-12 19:34:34 +02:00 |
|
|
e84bb426a7
|
Replace sizify function with new one.
|
2023-09-12 19:21:13 +02:00 |
|
|
5a567d09d1
|
Drop dependency on "pretty-bytes" module
|
2023-09-12 18:27:15 +02:00 |
|
|
e048156e18
|
Remove "invoke500.svr" and "crash.svr" (only activated in nightly versions, not in stable or LTS)
|
2023-09-12 18:11:11 +02:00 |
|
|
8050fc766e
|
Partially revert commit 193cede707
|
2023-09-11 23:21:14 +02:00 |
|
|
193cede707
|
Optimize responseEnd method
|
2023-09-11 23:08:02 +02:00 |
|
|
11bc6a32c9
|
Remove "fd" variable.
|
2023-09-11 23:01:46 +02:00 |
|
|
1132ed539a
|
Remove unneccesary whitespaces
|
2023-09-11 21:56:08 +02:00 |
|
|
f4641cd1bb
|
Removed unused SVR.JS code
|
2023-09-11 21:51:03 +02:00 |
|
|
079ce3d974
|
Reposition some if conditions
|
2023-09-11 21:50:42 +02:00 |
|
|
68e7fa9ae6
|
Globalize HTTP error messages object
|
2023-09-11 11:06:03 +02:00 |
|
|
91ab1f4a97
|
Minor changes to status codes
|
2023-09-11 10:36:10 +02:00 |
|
|
e828bb9173
|
Add warning about worker count limited to one when using Bun 1.0 and newer with shimmed (not native) clustering module.
|
2023-09-10 19:30:29 +02:00 |
|
|
24783fc1f9
|
Disable bug workaround for Bun 1.0 and newer (it's not needed anymore for these Bun versions)
|
2023-09-10 19:03:28 +02:00 |
|
|
b39471e8b8
|
Improve Bun shim
|
2023-09-10 18:58:05 +02:00 |
|
|
2ec6b564f5
|
Improve web root error handling
|
2023-09-10 18:37:09 +02:00 |
|
|
15ca36cf16
|
Fixed security vulnerability with information leakage from "temp" directory
|
2023-09-10 10:50:18 +02:00 |
|
|
d0064ee083
|
Log certificate loading errors
|
2023-09-10 10:35:07 +02:00 |
|
|
c7c381d8c9
|
Fix log files only partially saving on failed master startup
|
2023-09-10 10:14:24 +02:00 |
|
|
f475aa8651
|
Remove one obsolete process.cwd() == __dirname check
|
2023-09-09 00:53:24 +02:00 |
|
|
53560a7bcd
|
Mitigiate source-code leakage through hidden files in temp folder. Also change default enableRemoteLogBrowsing to false.
|
2023-09-09 00:36:24 +02:00 |
|
|
6066f77fae
|
Fix svrmodpack deprecation warning
|
2023-09-08 20:17:38 +02:00 |
|
|
1e2d61ff64
|
Improved Bun workaround
|
2023-09-08 20:08:46 +02:00 |
|
|
3edbc80e7d
|
Added TypeError workaround for Bun 1.0.0. Bun 1.0.0 now supports IPC
|
2023-09-08 20:00:02 +02:00 |
|
|
bc6268e2c0
|
Change no HTTP/2 warning
|
2023-09-08 19:39:18 +02:00 |
|
|
b5ac862f5e
|
Add "svrmodpack" deprecation warning
|
2023-09-08 19:26:40 +02:00 |
|
|
2d733b70bf
|
Fix access control bypass vulnerability for non-proxy SVR.JS mods
|
2023-09-07 18:00:58 +02:00 |
|
|
2c93e0fc24
|
Complete out previous fix
|
2023-09-06 20:22:51 +02:00 |
|
|
08816fe4f3
|
Mitigated security vulnerability: SVR.JS mods and server-side JavaScript using req.url could be vulnerable to path traversal.
|
2023-09-06 19:22:03 +02:00 |
|
|
dc23125ce4
|
Fix an error in previous commit
|
2023-09-05 00:15:00 +02:00 |
|
|
2ab7fab9cf
|
Added new property in config.json - exposeModsInErrorPages
|
2023-09-05 00:05:20 +02:00 |
|
Dorian Niemiec
|
5ba3d8f2b3
|
Moved invalid X-Forwader-For header handler
|
2023-09-03 22:40:10 +02:00 |
|
Dorian Niemiec
|
61b0d6ad9c
|
Added missing semicolon
|
2023-09-03 22:31:07 +02:00 |
|
Dorian Niemiec
|
b1ab6e3e4a
|
Added validation of X-Forwarded-For header
|
2023-09-03 14:40:41 +02:00 |
|
Dorian Niemiec
|
d8cf7913be
|
Change listening notice
|
2023-09-03 11:10:01 +02:00 |
|
Dorian Niemiec
|
bd7098c2c6
|
Cleaned up SVR.JS code even more...
|
2023-09-03 11:08:16 +02:00 |
|
Dorian Niemiec
|
8dd707c44d
|
Add notice about user being logged in.
|
2023-09-03 10:27:30 +02:00 |
|
Dorian Niemiec
|
9946c301e4
|
Cleaned up SVR.JS code
|
2023-09-03 10:18:52 +02:00 |
|
|
a663b4f142
|
Improved error handling of SVR.JS configuration, mods and server-side JavaScript.
|
2023-09-02 20:27:27 +02:00 |
|
|
817db0fff9
|
Replaced HTTPS redirect handler
|
2023-09-02 19:56:45 +02:00 |
|
|
b21b8dc84c
|
Moved and fixed bug with "wwwredirect"
|
2023-09-02 19:35:01 +02:00 |
|
|
fdac578678
|
Dropped support for HTTP to HTTPS redirect bypass headers
|
2023-09-02 19:12:46 +02:00 |
|
|
1637e87550
|
Dropped support for unused SVR.JS-specific X-SVR-JS-Client header (use X-Forwarded-For header instead)
|
2023-09-02 18:33:09 +02:00 |
|
|
9b27bacf25
|
Add support for listening to specific IP address.
|
2023-09-02 18:15:00 +02:00 |
|
|
08692a2ff5
|
Added new config.json property - useWebRootServerSideScript
|
2023-09-02 12:57:19 +02:00 |
|
|
a7185d6c94
|
Disable server-side script exposure by default.
|
2023-09-02 09:01:25 +02:00 |
|
|
03b54f94d4
|
Fix callServerError
|
2023-09-01 11:04:04 +02:00 |
|
|
bf3b002190
|
Optimize filterHeaders and add checkHostname and checkHref
|
2023-09-01 01:13:15 +02:00 |
|
|
bbb8a6f899
|
Replace "request" with "req" and "response" with "res"
|
2023-08-31 23:03:02 +02:00 |
|
|
4a138f73d8
|
Add virtual host support
|
2023-08-31 22:47:07 +02:00 |
|
|
e490f8341b
|
Fix modFunction
|
2023-08-29 15:44:01 +02:00 |
|
|
71d1970571
|
Cleaned up SVR.JS code
|
2023-08-29 15:03:13 +02:00 |
|
|
1ebf19d768
|
Fixed non-working blacklist
|
2023-08-29 14:56:39 +02:00 |
|
|
10f9e1b5f2
|
Add reverse DNS lookup support
|
2023-08-28 03:44:04 +02:00 |
|
|
94a7b319f6
|
Fixed server crashes while one of two ports are in use
|
2023-08-25 00:26:51 +02:00 |
|
|
2d266bf1b3
|
Map ENAMETOOLONG to 414 code
|
2023-08-21 19:38:38 +02:00 |
|
|
54ba71212b
|
Pull from SVR.JS 3.7.1
|
2023-08-21 19:32:31 +02:00 |
|
|
e6c1194086
|
Fixed checkEXT again
|
2023-08-19 23:18:52 +02:00 |
|
|
bfcc88a4dd
|
Fixed checkEXT function
|
2023-08-19 23:16:27 +02:00 |
|
|
d31d47bbcd
|
Rewritten some of for loops to use forEach instead.
|
2023-08-19 22:38:58 +02:00 |
|
|
e7e232f6e7
|
Restored easter eggs to easteregg.tar.gz mod, which can be deleted. Also change unused worker kill interval.
|
2023-08-19 21:19:18 +02:00 |
|
|
fba0012690
|
Removed some easter eggs, to prevent SVR.JS version fingerprinting...
|
2023-08-19 21:03:05 +02:00 |
|
|
aedbd134f8
|
Add option to rewrite "dirty" URLs
|
2023-08-18 23:29:18 +02:00 |
|
|
bd475a2e8e
|
Fixed redirect loops related to URL sanitizer
|
2023-08-18 21:54:58 +02:00 |
|
|
47a793b958
|
Added scrypt support for HTTP authentication
|
2023-08-18 21:35:09 +02:00 |
|
|
d93511e97b
|
Enable use of PBKDF2-hashed passwords
|
2023-08-15 19:05:44 +02:00 |
|
|
f8cc7e45cd
|
Optimize credential match checking
|
2023-08-15 14:04:29 +02:00 |
|
|
cbbf8ab79b
|
EMFILE errors now correspond to 503 Service Unavailable error code.
|
2023-08-13 00:43:21 +02:00 |
|
|
028606fb15
|
Fix redirect loop with "[" and "]".
|
2023-08-12 17:40:42 +02:00 |
|
|
86d424f906
|
Add config.json option to disable termination of unused workers
|
2023-08-12 13:37:06 +02:00 |
|
|
e4332e858c
|
Improved error handling for Bun even more.
|
2023-08-12 13:23:59 +02:00 |
|
|
f0193b5933
|
Improve server error handling for Bun.
|
2023-08-12 12:47:48 +02:00 |
|
|
61dead9b4a
|
Improved extension checking function and corrected 503 error description
|
2023-08-12 12:35:46 +02:00 |
|
|
f37a565ca1
|
Changed descriptions of 501 and 503 errors.
|
2023-08-12 12:07:33 +02:00 |
|
Dorian Niemiec
|
986c883327
|
Improve Bun fake IPC connections error handling.
|
2023-08-10 04:20:30 +02:00 |
|
Dorian Niemiec
|
7820c5aade
|
Fix Bun cluster shim and mitigate Bun segmentation faults
|
2023-08-10 04:01:50 +02:00 |
|
Dorian Niemiec
|
8ca945cdbd
|
Fixed master spawning other masters while SVR.JS is run in Bun 0.7.x.
|
2023-08-10 03:16:52 +02:00 |
|
Dorian Niemiec
|
7cc4dbf4d2
|
Fix cluster NotImplementedError when running SVR.JS on newer versions of Bun.
|
2023-08-10 02:03:23 +02:00 |
|
Dorian Niemiec
|
3d4acae311
|
Make SVR.JS gracefully exit on "stop" command.
|
2023-08-10 01:14:10 +02:00 |
|
Dorian Niemiec
|
08cc0ac042
|
Improved minimum thread count calculation algorithm even further. Also disabled x-svr-js-from-main-thread requests from non-localhost clients.
|
2023-08-09 23:03:16 +02:00 |
|
Dorian Niemiec
|
889207e6a2
|
Disabled checking for hung up server processes, while SVR.JS is not listening yet. Also improved minimum thread count calculation algorithm.
|
2023-08-09 22:37:53 +02:00 |
|
Dorian Niemiec
|
6515a54471
|
Disabled killing workers, when server is closed.
|
2023-08-09 21:58:21 +02:00 |
|
Dorian Niemiec
|
68a42ccde8
|
Fixed bug with Can't execute command "KILLREQ" .
|
2023-08-09 21:23:50 +02:00 |
|
Dorian Niemiec
|
e6a25d931c
|
Add termination of unused workers.
|
2023-08-09 21:09:23 +02:00 |
|
Dorian Niemiec
|
1138b6bdf6
|
Replace "isMaster" with "isPrimary", and shim "isPrimary" when it's not available.
|
2023-08-09 18:01:36 +02:00 |
|
Dorian Niemiec
|
aa630cbd0d
|
Changed all references for stable version to git master branch
|
2023-08-06 04:07:04 +02:00 |
|
Dorian Niemiec
|
d15373aa8e
|
Improved reliability while loading server-side JavaScript.
|
2023-08-04 21:19:23 +02:00 |
|
svrjs
|
d4e230fda1
|
Fixed bug with directory listing generating invalid HTML with custom head containing <i><html></i> tag with attributes.
|
2023-08-03 14:33:56 +02:00 |
|
svrjs
|
97519d6cd4
|
Fixed bug with ENOTDIR error (was 500, now it's 404) and with forbidden path checker.
|
2023-08-02 23:54:07 +02:00 |
|
sysadmin
|
1162acad9f
|
Update with SVR.JS 3.6.1
|
2023-07-29 20:44:13 +02:00 |
|
sysadmin
|
e122e7a6ae
|
Initial commit
|
2023-07-29 20:32:17 +02:00 |
|