A _res_fallback parameter to HTTP_SERVICE_DEFINE is added to optionally
specify a fallback resource detail, which will be served if no other
resource matches the URL.
Signed-off-by: Matt Rodgers <mrodgers@witekio.com>
Passing HTTP upgrade request context to the user callback allows the
user to decide whether to accept or reject the websocket connection
based on the HTTP headers in the request. The primary reason for this is
to enable authentication of the websocket connection (e.g. via cookies
or Authorization header).
Signed-off-by: Matt Rodgers <mrodgers@witekio.com>
Testcase uses certificates from the sample application at
samples/net/sockets/http_server. These were modified and moved into a
different folder by a previous commit, causing a build failure in the
test.
Testcase updated to:
- use new path to certificates
- update available cipher suites, since certificates now use ECDSA
- update expected hostname in certificate
The CA certificate in the sample app is also converted to .der format
for inclusion in the test (the content is exactly the same as the PEM
version, just converted to DER).
Signed-off-by: Matt Rodgers <mrodgers@witekio.com>
Using HTTP/2 to communicate with the sample application using a web
browser requires some additional steps. Add documentation describing
this to the sample README file.
Signed-off-by: Matt Rodgers <mrodgers@witekio.com>
Add application level Kconfig option to enable ALPN usage for
negotiating HTTP/2 connection with web browsers.
Signed-off-by: Matt Rodgers <mrodgers@witekio.com>
Existing cipher suites and certificates used by HTTP server sample are
included in RFC9113 Appendix A: Prohibited TLS 1.2 Cipher Suites. The
RFC specifies that when using HTTP/2, these cipher suites may be treated
as an error of type INADEQUATE_SECURITY, and in practice it seems that
Chrome and Firefox do implement this.
The certificates have been updated to use ECDSA-P265 signatures, and
supported cipher suites updated to include ECDH key exchange and AES GCM
and CCM modes.
Some scripts are included to allow users to generate their own
certificates if desired.
Signed-off-by: Matt Rodgers <mrodgers@witekio.com>
Remove the CONFIG_NET_SAMPLE_CERTS_WITH_SC option and make the CA-signed
certificate the only option - there is no real downside to this over
using the unsigned certificate.
Remove adding of CA certificate as a TLS credential on the server, since
this credential is not used by the server. It may be useful to include
in any client code used to communicate with the server, so the
certificate itself is retained.
After this, some TLS tag enumerations are unused so have been removed.
Signed-off-by: Matt Rodgers <mrodgers@witekio.com>
Concurrent HTTP POST requests on different HTTP2 concurrent streams
require that the client's header_capture_context is re-used to capture
headers on a second stream before all of the body data has been received
(and sent to the application) on the first stream.
As a result, any captured headers must be sent to the application
callback before any headers can be received on a different stream. In
practice this means that for HTTP2 the application callback is called
for the first time on receiving a headers frame, before any data frames
are received. All subsequent application callbacks will not include the
request header data.
While this mechanism is not necessary for HTTP1, it is also updated to
only send headers in the first application callback for consistency.
Fixes#82273
Signed-off-by: Matt Rodgers <mrodgers@witekio.com>
The buffer pointer provided to the dynamic handler should be verified
after checking the transaction status. In case upload was aborted and
underlying connection closed, the callback will get
HTTP_SERVER_DATA_ABORTED status w/o a pointer to any data.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
CONFIG_ZVFS_POLL_MAX is now used to control the maximum number of poll()
entires. Thereby, CONFIG_NET_SOCKETS_POLL_MAX is redundant and shall
be deprecated.
Modify the defaults for NET_SOCKETS_POLL_MAX and ZVS_POLL_MAX so that
the deprecation actually makes sense instead of symbol removal. In case
the application still sets the old config, it will modify the
ZVS_POLL_MAX default.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Signed-off-by: Chris Friedt <cfriedt@tenstorrent.com>
Use the CMake variable for iterable section's subalignment instead of a
global defined macro.
Signed-off-by: Pieter De Gendt <pieter.degendt@basalte.be>
After introduction of struct http_response_ctx, the dynamic resource
data buffer is no longer needed for transferring data between the
application callback and the server. It is therefore removed to avoid
unnecessary copying of data.
Signed-off-by: Matt Rodgers <mrodgers@witekio.com>
Allow the application to send headers and response codes from a dynamic
resource callback by filling out a response context structure.
This also allows simple requests to be completed in a single execution
of the callback, by setting the final_chunk flag.
Signed-off-by: Matt Rodgers <mrodgers@witekio.com>
Added a websocket connection sending network statistics to a client, to
demonstrate how this can be used to push data to the client as an
alternative to GET requests triggered by a Javascript timer.
Signed-off-by: Matt Rodgers <mrodgers@witekio.com>
Accept JSON payload including LED number and state, to demonstrate JSON
parsing and allow control of multiple LEDs if the board supports this.
Signed-off-by: Matt Rodgers <mrodgers@witekio.com>
Previously the dynamic resource in the http_server sample simply echo'd
the received data back to the sender. This doesn't demonstrate how the
dynamic handlers would be used in a more typical use case, where the
application may need to wait for the full request before acting on it or
creating a response.
Therefore two new dynamic resources have bee added: a '/led' resource
which can be used to control the board's LED (if present) via a POST
request, and a '/uptime' resource which can be used to query the kernel
uptime via a GET request.
The static resources are updated with some javascript to support
demonstrating the new dynamic resouces via a web browser.
Signed-off-by: Matt Rodgers <mrodgers@witekio.com>
Achieve proper syntax highlighting using "console"
language when command snippets start with a prompt.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
The sample won't build with PSA crypto enabled on non-secure platform,
causing disturbances in the CI.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
A few samples were not limiting the CI execution scope in any reasonable
way, they should at least limit the execution to platforms that support
netif capability.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The POSIX_MAX_FDS option does not correspond to any standard
POSIX option. It was used to define the size of the file
descriptor table, which is by no means exclusively used by
POSIX (also net, fs, ...).
POSIX_MAX_FDS is being deprecated in order to ensure that
Zephyr's POSIX Kconfig variables correspond to those defined in
the specification, as of IEEE 1003.1-2017. Namely,
POSIX_OPEN_MAX. CONFIG_POSIX_MAX_OPEN_FILES is being deprecated
for the same reason.
To mitigate any possible layering violations, that option is
not user selectable. It tracks the newly added
CONFIG_ZVFS_OPEN_MAX option, which is native to Zephyr.
With this deprecation, we introduce the following Kconfig
options that map directly to standard POSIX Option Groups by
simply removing "CONFIG_":
* CONFIG_POSIX_DEVICE_IO
Similarly, with this deprecation, we introduce the following
Kconfig options that map directly to standard POSIX Options by
simply removing "CONFIG":
* CONFIG_POSIX_OPEN_MAX
In order to maintain parity with the current feature set, we
introduce the following Kconfig options.
* CONFIG_POSIX_DEVICE_IO_ALIAS_CLOSE
* CONFIG_POSIX_DEVICE_IO_ALIAS_OPEN
* CONFIG_POSIX_DEVICE_IO_ALIAS_READ
* CONFIG_POSIX_DEVICE_IO_ALIAS_WRITE
Gate open(), close(), read(), and write() via the
CONFIG_POSIX_DEVICE_IO Kconfig option and move
implementations into device_io.c, to be conformant with the
spec.
Lastly, stage function names for upcoming ZVFS work, to be
completed as part of the LTSv3 Roadmap (e.g. zvfs_open(), ..).
Signed-off-by: Chris Friedt <cfriedt@tenstorrent.com>
Improve navigability in the documentation by adding a link to the main
HTTP Server documentation page to the HTTP Server sample.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Add documentation page for HTTP server functionality.
Rename existing HTTP documentation to HTTP client, as it only covers the
client library.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
A simple HTTP server sample application.
Signed-off-by: Emna Rekik <emna.rekik007@gmail.com>
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
