httpbeast
httpbeast copied to clipboard
dom96
A highly performant, multi-threaded HTTP 1.1 server written in Nim.
If httpbeast receives large body it will read that all into memory. Ideally we should offer a way to stream this. Ideal solution here is to utilise [`sendfile`](https://man7.org/linux/man-pages/man2/sendfile.2.html)
Though seemingly small, this single line permits a CWE-617 DoS. With a request, an attacker can bring down any httpbeast-reliant framework, including Jester. The vulnerability was found during secure code...
Using latest jester and Apache bench and for some reason it thinks the requests timeout. Perhaps we're not closing a socket properly or something? It's 100% reproducible here and only...
Not sure if this is possible or not - but a community member recently asked about httpbeast | ssl, so I threw together a quick example to test the scenario...
Reproduce with ``` import options, asyncdispatch import httpbeast proc onRequest(req: Request): Future[void] = if req.httpMethod == some(HttpPost): case req.path.get() of "/": req.send("Hello World") else: req.send(Http404) run(onRequest) ``` Then send a...
https://gist.github.com/dom96/26c574ec1491ba98181de6c532fa52fc
I was creating some custom headers to add to my response, and was using IDE magic to replicate some lines, which resulted in my last header arguement still containing trailing...
Hi @dom96, When specifying settings (port, bind address, ...), the domain is set to `AF_UNSPEC`. However, without settings, the domain is set to `AF_INET` This make https://github.com/dom96/httpbeast/blob/b33dba93a134faa2adc3b991cb69890375987076/src/httpbeast.nim#L464 and https://github.com/dom96/httpbeast/blob/b33dba93a134faa2adc3b991cb69890375987076/src/httpbeast.nim#L492 have...
It might come as a surprise to some but I haven't actually profiled httpbeast thus far. I am getting more curious whether there are some low hanging fruit there to...