Age | Commit message (Collapse) | Author |
|
Add hostname option to mitigate DNS rebinding
|
|
|
|
|
|
|
|
This adds the `hostname` opt to allow the server to validate the `Host` header of incoming requests to prevent DNS rebinding attacks. Needed for https://github.com/brave/browser-laptop/issues/12616.
|
|
|
|
fix debug function undefined bug
|
|
|
|
In Node.js 8.2.1, when a torrent is removed while a file from it is being
streamed, file-stream.js exits, crashing Node with a TypeError:
VM535 file-stream.js:64 Uncaught TypeError: Cannot read property 'get' of null
This patch checks whether the torrent has been marked as destroyed, and
if so, raises the error to the file stream.
|
|
Add `origin` option for torrent.createServer()
|
|
|
|
|
|
Fixes: https://github.com/feross/webtorrent/issues/1100
Fixes: https://github.com/feross/webtorrent/issues/1101
|
|
When the origin option is specified, only requests from the given
origin will be allowed.
This is useful to add additional security to any app that is starting a
WebTorrent server but doesn't want it to be exposed to the entire Web.
|
|
add filename to path
|
|
|
|
|
|
Fixes: https://github.com/feross/webtorrent/issues/1077
Bug originally introduced in:
https://github.com/feross/webtorrent/commit/6ef2785e4bbed07f2429725ed2b0
5bd91fc36233?diff=split
|
|
|
|
To prevent it from possibly being called twice, which will do extra work
|
|
fixes deprecation warnings
|
|
Refactored the server into many smaller functions to make it easier to
understand all the different code paths.
- added a Content-Disposition header, which tells the browser the
file's name, since we use urls like http://localhost:port/0 <-- no
human-readable file name
- Server returns valid HTML documents (with all the required tags) now.
- Return 204 status for OPTIONS request
- reduce access-control-max-age to chromium max of 600s
- respond to OPTIONS requests that lack
'access-control-request-headers' (before they were treated as GET)
- return '405 invalid verb' for all other verbs
For: https://github.com/brave/browser-laptop/issues/6737
|
|
|
|
|
|
Fixes: https://github.com/feross/webtorrent/issues/1022
We also check `self.destroyed` since `torrent.destroy()` could have
been called in the `torrent.on('done')` handler, triggered by
`_checkDone()`.
|
|
|
|
Emit more warnings
|
|
Set user-agent header for http tracker requests
|
|
Convert some debug statements that could be useful for an API user
(either because they want to show to the user, or to react to the
warning in some way)
Fixes https://github.com/feross/webtorrent/issues/960
|
|
|
|
Fixes: https://github.com/feross/webtorrent/issues/962
|
|
|
|
Web seeds should be considered as pure unchecked seeds according to BEP19
So we should never choke on them. Otherwise when there are no other
seeds, the downloads will hang
|
|
|
|
|
|
Fixes: #920
|
|
|
|
|
|
|
|
|
|
See https://github.com/feross/run-parallel-limit/issues/5
|
|
Fix #878.
|
|
// Remove default selection (whole torrent)
torrent.deselect(0, torrent.pieces.length - 1, false)
Can now be called earlier, after 'metadata' instead of after 'ready'
https://github.com/feross/webtorrent/issues/857#issuecomment-236022556
|
|
|
|
|
|
Don't send the entire response body
|
|
Get a W3C `Blob` object which contains the file data.
The file will be fetched from the network with highest priority, and
`callback` will be
called once the file is ready. `callback` must be specified, and will
be called with a an
`Error` (or `null`) and the `Blob` object.
|
|
|
|
Prevent arrayRemove if the pool is already destroyed. Fixes possible error `TypeError: Cannot read property 'indexOf' of null`
|
|
|