Mercurial > urweb
view tests/cookieJsec.ur @ 2071:739172204214
Introduce recv timeout controlled by '-T' option in http.c
This should prevent a DDoS attack where attacker and keeps the connection open
but send no data.
author | Sergey Mironov <grrwlf@gmail.com> |
---|---|
date | Tue, 02 Sep 2014 17:42:10 +0000 |
parents | 796e42c93c48 |
children |
line wrap: on
line source
table t : {Id : int} cookie c : int fun setter r = setCookie c (readError r.Id); return <xml>Done</xml> fun writer () = ido <- getCookie c; case ido of None => error <xml>No cookie</xml> | Some id => dml (INSERT INTO t (Id) VALUES ({[id]})) fun preWriter () = return <xml><body onload={onConnectFail (alert "RPC error")}> <button onclick={writer ()} value="Write to database"/> <a link={main ()}>Back</a> </body></xml> and main () = return <xml><body> <form> <textbox{#Id}/> <submit value="Get cookie" action={setter}/> </form> <form><submit action={preWriter} value="Prepare to write to database"/></form> </body></xml>