Parsing "http://host:80" caused panic (index out of bound) because the
authority end index was computed with the original uri but the uri
stored for later used was sanitized by `Url::parse()` to "http://host"
The fix computes the autority end index with the actual uri used (the
one from `Url::parse()`). Two tests have been added.
The main changes are:
* The entry point is how `Http`, the implementation of `ServerProto`.
This type has a `new` constructor as well as builder methods to
configure it.
* A high-level entry point of `Http::bind` was added which returns a
`Server`. Binding a protocol to a port requires a socket address
(where to bind) as well as the instance of `NewService`. Internally
this creates a core and a TCP listener.
* The returned `Server` has a few methods to learn about itself, e.g.
`local_addr` and `handle`, but mainly has two methods: `run` and
`run_until`.
* The `Server::run` entry point will execute a server infinitely, never
having it exit.
* The `Server::run_until` method is intended as a graceful shutdown
mechanism. When the provided future resolves the server stops
accepting connections immediately and then waits for a fixed period of
time for all active connections to get torn down, after which the
whole server is torn down anyway.
* Finally a `Http::bind_connection` method exists as a low-level entry
point to spawning a server connection. This is used by `Server::run`
as is intended for external use in other event loops if necessary or
otherwise low-level needs.
BREAKING CHANGE: `Server` is no longer the pimary entry point. Instead,
an `Http` type is created and then either `bind` to receiver a `Server`,
or it can be passed to other Tokio things.
This allows us to improve the performance. For now, a Cow is used
internally, so clients can set the host to a static value and no longer
need copies.
Later, we can change it to also possibly have a MemSlice.
BREAKING CHANGE: The fields of the `Host` header are no longer
available. Use the getter methods instead.
This removes the cookie crate, since it has an optional dependency on
openssl, which can cause massive breakage if toggled on. Instead, the
`Cookie` and `SetCookie` headers now just use a `String`. Anyone can
create any typed header, so it is easy to plug in different
implementations.
BREAKING CHANGE: The `Cookie` and `SetCookie` headers no longer use the
cookie crate. New headers can be written for any header, or the ones
provided in hyper can be accessed as strings.
There are many changes involved with this, but let's just talk about
user-facing changes.
- Creating a `Client` and `Server` now needs a Tokio `Core` event loop
to attach to.
- `Request` and `Response` both no longer implement the
`std::io::{Read,Write}` traits, but instead represent their bodies as a
`futures::Stream` of items, where each item is a `Chunk`.
- The `Client.request` method now takes a `Request`, instead of being
used as a builder, and returns a `Future` that resolves to `Response`.
- The `Handler` trait for servers is no more, and instead the Tokio
`Service` trait is used. This allows interoperability with generic
middleware.
BREAKING CHANGE: A big sweeping set of breaking changes.
Support for strict-origin and strict-origin-when-cross-origin in referer
policy required for imporving network security. This commit will attempt
to add missing pieces of referrer policy.
This should fix some busy looping when using OpenSSL. For example, if
the transport was blocked on a read, it wasn't surfaced to the
`http::Conn` and so the wrong interest was registered with the event
loop. Registering for the wrong interest triggered calls to
`http::Conn::ready()` which were unable to make progress.
We encountered some issues where the `Conn::ready()` would busy loop on
reads. Previously, the `ConnInner::can_read_more()` would not consider
whether the previous read got a WouldBlock error, and it didn't consider
whether the transport was blocked. Accounting for this additional state
fixes the busy loop problem.
