lua-http
lua-http copied to clipboard
daurnimator
HTTP Library for Lua. Supports HTTP(S) 1.0, 1.1 and 2.0; client and server.
e.g. if you only want to allow cookies for certain domains
It only closes the listening/accepting socket; it doesn't stop connections from handling new streams.
[Currently an NYI](https://github.com/daurnimator/lua-http/blob/538ce79ed2acc8bbdee40b168bd2652be018bf03/http/request.lua#L393) Links: - https://daniel.haxx.se/blog/2016/11/26/https-proxy-with-curl/ - [curl commit](https://github.com/curl/curl/commit/cb4e2be7c6d42ca0780f8e0a747cecf9ba45f151) - https://bugzilla.mozilla.org/show_bug.cgi?id=378637 - https://dev.chromium.org/developers/design-documents/secure-web-proxy
- [Draft Spec](https://tools.ietf.org/html/draft-ietf-httpbis-expect-ct-06) - https://scotthelme.co.uk/a-new-security-header-expect-ct/ - [Chrome feature](https://www.chromestatus.com/feature/5677171733430272) available since chrome 61 # Client side support - [x] Support for Expect-CT header in lpeg_patterns (Tracking issue: https://github.com/daurnimator/lpeg_patterns/issues/11) - [ ]...
https://en.m.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities - Need luaossl to bind DANE functions - In http.client, need to do DNS lookup of TLSA records and add them to the SSL object - Would be easier...
Should probably be done at the `http.client` level? Need a 'multi-key' cache structure that allows us to index by a tuple of host, port, version, tls context, etc. Need a...
There are at least two kinds of weak DH groups that `lua-http` silently accepts: - [ ] groups with [small subgroups](https://dh-small-subgroup.badssl.com/); - [ ] [composite groups](https://dh-composite.badssl.com/). I'm not sure whether...
It's a bit cumbersome right now to receive from multiple streams on a same connection, as it basically requires a nested cq for each stream. Not sure what would be...
[OCSP-Must-Staple](https://wiki.mozilla.org/CA:ImprovingRevocation#OCSP_Must-Staple) makes certificate revocation work and scale: it is a standardized [X.509 extension](https://tools.ietf.org/html/rfc7633) that specifies that the user agent must do a hard-fail revocation check, using a stapled OCSP response....
Metadata
Owner
Metadata
HTTP Library for Lua. Supports HTTP(S) 1.0, 1.1 and 2.0; client and server.