1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-12-31 19:44:10 -05:00
denoland-deno/std/http
sarahdenofiletrav 28869a632d
fix(std/http): prevent path traversal (#8474)
Fix path traversal problem when the request URI 
does not have a leading slash.

The file server now returns HTTP 400 when requests 
lack the leading slash, and are not absolute URIs. 
(https://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html).
2020-11-26 22:31:19 +01:00
..
testdata test(std/http): make tests runnable from any directory (#7441) 2020-09-14 12:58:43 +02:00
_io.ts fix(std/http): fix error handling in the request iterator (#8365) 2020-11-18 17:47:47 +01:00
_io_test.ts feat(fmt): Sort named import and export specifiers (#7711) 2020-09-27 12:22:32 +02:00
_mock_conn.ts chore: add copyright (#7593) 2020-09-21 08:26:41 -04:00
bench.ts chore(std/http): rename http_bench.ts -> bench.ts (#7509) 2020-10-04 13:34:52 +02:00
cookie.ts feat(std/http): Validate cookie path value (#8457) 2020-11-22 15:34:31 +01:00
cookie_test.ts feat(std/http): Validate cookie path value (#8457) 2020-11-22 15:34:31 +01:00
file_server.ts fix(std/http): prevent path traversal (#8474) 2020-11-26 22:31:19 +01:00
file_server_test.ts fix(std/http): prevent path traversal (#8474) 2020-11-26 22:31:19 +01:00
http_status.ts feat(std/http) support code 103 Early Hints (#6021) 2020-06-01 11:10:17 -04:00
mod.ts chore: add copyright (#7593) 2020-09-21 08:26:41 -04:00
racing_server.ts Use dprint for internal formatting (#6682) 2020-07-14 15:24:17 -04:00
racing_server_test.ts test(std): make test output less noisy (#8445) 2020-11-20 18:01:58 +01:00
README.md docs: fix command examples use outdated default file_server port (#8062) 2020-10-22 17:17:38 +02:00
server.ts fix(std/http): fix error handling in the request iterator (#8365) 2020-11-18 17:47:47 +01:00
server_test.ts test(std): make test output less noisy (#8445) 2020-11-20 18:01:58 +01:00
test.ts chore: add copyright (#7593) 2020-09-21 08:26:41 -04:00

http

import { serve } from "https://deno.land/std@$STD_VERSION/http/server.ts";
const server = serve({ port: 8000 });
console.log("http://localhost:8000/");
for await (const req of server) {
  req.respond({ body: "Hello World\n" });
}

File Server

A small program for serving local files over HTTP.

deno run --allow-net --allow-read https://deno.land/std/http/file_server.ts
> HTTP server listening on http://0.0.0.0:4507/

Helper to manipulate Cookie through ServerRequest and Response.

import { ServerRequest } from "https://deno.land/std@$STD_VERSION/http/server.ts";
import { getCookies } from "https://deno.land/std@$STD_VERSION/http/cookie.ts";

let request = new ServerRequest();
request.headers = new Headers();
request.headers.set("Cookie", "full=of; tasty=chocolate");

const cookies = getCookies(request);
console.log("cookies:", cookies);
// cookies: { full: "of", tasty: "chocolate" }

To set a Cookie you can add CookieOptions to properly set your Cookie:

import { Response } from "https://deno.land/std@$STD_VERSION/http/server.ts";
import {
  Cookie,
  setCookie,
} from "https://deno.land/std@$STD_VERSION/http/cookie.ts";

let response: Response = {};
const cookie: Cookie = { name: "Space", value: "Cat" };
setCookie(response, cookie);

const cookieHeader = response.headers.get("set-cookie");
console.log("Set-Cookie:", cookieHeader);
// Set-Cookie: Space=Cat

Deleting a Cookie will set its expiration date before now. Forcing the browser to delete it.

import { Response } from "https://deno.land/std@$STD_VERSION/http/server.ts";
import { deleteCookie } from "https://deno.land/std@$STD_VERSION/http/cookie.ts";

let response: Response = {};
deleteCookie(response, "deno");

const cookieHeader = response.headers.get("set-cookie");
console.log("Set-Cookie:", cookieHeader);
// Set-Cookie: deno=; Expires=Thus, 01 Jan 1970 00:00:00 GMT

Note: At the moment multiple Set-Cookie in a Response is not handled.