It removes `public` from `Cache-Control` value, leaving max-age=<VALUE>, which can prevent CDN and Basic Authentication issues. See details on #560.
This applies to the "Cache-Control Headers" feature, with no user-breaking changes expected.
- `sws.toml` used if present
- But `config.toml` has priority if it exists
- A warning message is printed if `config.toml` is used, as it will be removed in a future release previous advice.
- BREAKING: End support for unmaintained Windows 7, 8, 8.1 platforms as previously announced on v2.36.1.
- SECURITY (RUSTSEC-2024-0437): Crash due to uncontrolled recursion in protobuf crate was temporarily solved in the previous release. However, this PR applies the dependency patches recently available.
- RESTORED: `experimental` Cargo feature for metrics and in-memory cache.
* refactor: prevent single wildcards from matching path separators for URL Rewrites
* Fix log output in documentation
BREAKING CHANGE: Up to version 2.33.1 the wildcard `*` was matching the path separator. For example, `/{*}/{*}/` matched `/assets/images/logo/`. In later versions, the default has changed such that `*` does not match the path separator. In contrast, double wildcard (`**`) can match also a path separator.
* Enable literal_separator for redirects
This ensures that * does not match the path separator.
* Fix tests
* Update documentation
BREAKING CHANGE: Up to version 2.33.1 the wildcard `*` was matching the path separator. For example, `/{*}/{*}/` matched `/assets/images/logo/`. In later versions, the default has changed such that `*` does not match the path separator. In contrast, double wildcard (`**`) can match also a path separator.
* chore: update dependencies 26-10-2024
* chore: update dependencies 2024-10-31
* fix: move out handler.rs tests
* chore: pin rust version to 1.81.0 for freebsd on ci due to issues on 1.82.0 for i386 toolchain
Via a new advanced configuration entry.
The feature also supports expiration policies such as Time To Live (TTL) and Time To Idle (TTI).
Admission to a cache is controlled by the Least Frequently Used (LFU) policy and the eviction from a cache is controlled by the Least Recently Used (LRU) policy.
Example:
```toml
[general]
[advanced]
[advanced.memory-cache]
# Maximum capacity entries of the memory cache-store. Default 256
capacity = 256
# Time to live in seconds of a cached file entry. Default 1h
ttl = 3600
# Time to idle in seconds of a cached file entry. Default 5min
tti = 300
# Maximum size in bytes for a file entry to be cached. Default 8MB
max-file-size = 8192
```
Note that this feature requires Rust 1.76.0 or newer.
This feature is **experimental**. However, when stabilized then a cargo feature will be available as well as a proper documentation page.
When running tests with additional non-sws arguments, tests execution
fails because sws is trying to parse cli arguments anyways.
Now, sws won't parse arguments by default when running tests.
For example, the following command will work as expected:
cargo test -- --test-threads 1 --nocapture
* feat: disable symlinks option
--disable-symlinks[=<DISABLE_SYMLINKS>]
Prevent following files or directories if any path name component is
a symbolic link [env: SERVER_DISABLE_SYMLINKS=] [default: false]
[possible values: true, false]
* chore: add tests
* docs: feature page [skip ci]
it prevents duplicate `vary` headers in responses when enabling
`compression` and `compression-static`.
* fix: duplicate `vary` response headers for compression feature
* fix: failed tests for experimental features
* search for all accepted static compression formats
* add test
* fix syntax issues and improve the test
---------
Co-authored-by: Jose Quintana <1700322+joseluisq@users.noreply.github.com>
* fix: don't percent-encode unreserved chars in the directory listing links
those chars (a.k.a unreserved marks) are now not percent-encoded:
https://www.ietf.org/rfc/rfc3986.txt
* chore: revert partially previous functionality
* Fix Accept-Encoding handling to work correctly if only two compression schemes are available
* Fixed typo and slightly extended test
---------
Co-authored-by: Jose Quintana <1700322+joseluisq@users.noreply.github.com>
also, if only one compression feature is
enabled (e.g. compression-gzip) then the preferred encoding gets
re-evaluated and assigned to that compression feature format but only if it
was part of the `accept-encoding` request header value.
now the following scenarios will work:
[dependencies]
static-web-server = { version = "2.28.0", default-features = false }
or
[dependencies]
static-web-server = { version = "2.28.0", default-features = false, features = ["compression-brotli"] }
in addition, some tracing logs are added to reflect the changes.
* feat: `all` and `experimental` cargo feature flags
- the `all` will host all available features (`default`) plus the
`experimental`.
- the `experimental` will only hold unstable features like for example
`metrics` (as of writing)
* chore: enable the `all` cargo feature for freebsd
this feature also fixes#312
* feat: Prometheus metrics endpoint at /metrics
Signed-off-by: Tom Plant <tom@tplant.com.au>
* fix: add `experimental` prefix to metrics arg, env var, and logs
Signed-off-by: Tom Plant <tom@tplant.com.au>
* fix: disable tokio-metrics-collector on Windows
Signed-off-by: Tom Plant <tom@tplant.com.au>
* chore: address feedback
* refactor: rename feature to `experimental-metrics` and add test
* fix: freebsd ci tests
* refactor: move dependencies to the unix target section
---------
Signed-off-by: Tom Plant <tom@tplant.com.au>
Co-authored-by: Jose Quintana <joseluisquintana20@gmail.com>
* feat: support for `Range` requests out of bounds
SWS will make sure to return only what's available in that case which
seems to be a very common behavior across web servers.
Previously exceeding the length of a file returning `416 Requested
Range Not Satisfiable`. Now it will return what's available.
```sh
$ curl -IH "Range: bytes=50-9000" http://localhost/index.html
\# HTTP/1.1 206 Partial Content
\# Server: nginx/1.25.3
\# Date: Sun, 28 Jan 2024 22:09:20 GMT
\# Content-Type: text/html
\# Content-Length: 486
\# Last-Modified: Mon, 02 Oct 2023 04:49:01 GMT
\# Connection: keep-alive
\# ETag: "651a4bbd-218"
\# Content-Range: bytes 50-535/536
```
it resolves#295 and relates to https://github.com/orgs/static-web-server/discussions/145
* fix: wrong glob brace expansion capture in url redirects/rewrites
now an url redirect (or rewrite) `source` that uses glob groups with
brace expansions like `**/{*}.{jpg,jpeg}` will works as expected:
```toml
[advanced]
[[advanced.redirects]]
source = "**/{*}.{jpg,jpeg}"
destination = "http://localhost/new-images/$2.$3"
kind = 302
```
* chore: url rewrites/redirects test cases
* feat: optional `host` uri support for URL redirects
which allows redirecting based on a host's incoming uri making it
possible to perform for example www to non-www redirects.
config example:
```toml
[advanced]
[[advanced.redirects]]
host = "127.0.0.1:4433"
source = "/{*}"
destination = "https://localhost:4433/$1"
kind = 301
```
* chore: add test cases
by removing the non-capturing group that appeared during the glob to regex conversion.
the following glob example works now
```toml
[advanced]
[[advanced.rewrites]]
source = "/files/{*}"
destination = "/$1"
```
