Unsafe HTTP
unsafehttp is an extremely minimal HTTP server written in C from scratch, to practice C, *nix socket programming, and C compilation. It just served this webpage to you!
Yes, that's a marquee tag. Backward-compatibility is a beautiful thing.
You can find the source here.
Hosting
It's running on a tiny Orange Pi SBC in my office:
There's no HTTP proxy between you, just a port-forward through my VPS. You're connect ing right to the socket that the code is accept ing on.
Fun Stuff
To prevent user-initiated filesystem interaction, and to avoid having to worry about path cleaning, unsafehttp loads all content into a hash table in memory on startup, with the request/file paths as keys and the file contents as values. Servicing a request is simply looking up the content via the path. Any malicious paths willshould then just fail to find an entry.
HTTP Implementation
... continue reading