rhardih / serve Goto Github PK
View Code? Open in Web Editor NEWSimple http server for localhost development with flags for enabling gzip and http2
License: MIT License
Simple http server for localhost development with flags for enabling gzip and http2
License: MIT License
Hello @rhardih , I just saw your package from the go trending list. Congrulations, I know how you're feeling!!
I am thinking of this, and don't missunderstand me please but,
Many packages uses net/http for command line fast-run servers like yours, I think you can do better, using the Iris .
I'm not enough good with command line apps in go and these days I don't have much time to deep into this field. If you prefer to use net/http in this package that's ok, it's your decision, but I have to make this 'offer' too: I want to you to be part of the Iris Contrib in this command line tool which is not ready yet, you can delete all files and start from zero with your preffered way and structure. Think both of them and answer me here or here please. Hopes you the bests!!
This little server is so useful, thanks! I've not found anything else that's quite so handy.
It would be great to have the ability to specify custom HTTP headers. For my immediate use case I want to be able to set:
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
so as to be able to use the performance.measureUserAgentSpecificMemory
API while developing, but I'm sure there will be lots of other use cases.
I'm pretty sure there's a big issue in the current version of serve, but I'm not a security expert so some details in the following description might not be 100% correct.
When running serve -2
, serve serves the current working directory, and also saves the generated certificate and private key in the same directory. This means everyone can just download both files and use them in a Man-in-the-Middle attack with the following consequences:
Usually, while the first part of a MitM attack (routing traffic from a victim via the attacker's computer to the server, leading to seeing all network packets) is easy, the second part (decrypting the packets and having the victim not notice that he's attacked) is very difficult.
Without the certificate and private key the attacker can only generate another self signed certificate. When routing the traffic from the victim via his computer, he can now decrypt the traffic (because the TLS connection is only encrypted between the victim and himself, and a seperate TLS encryption is encrypted between himself and the server), but if the client knows for example the fingerprint of the original server's certificate, he can now tell that the certificate he's shown is different.
So what should be implemented here is two things:
The install instruction to:
go get github.com/rhardih/serve
doesn't appear to work:
go get: github.com/rhardih/serve@none updating to
github.com/rhardih/[email protected]: parsing go.mod:
module declares its path as: serve
but was required as: github.com/rhardih/serve
This is because the commit at 705a565 didn't make it into v1.1.0. Ideally a new release should be made to include this commit. Alternatively, the package can be installed successfully with:
go get github.com/rhardih/serve@master
It's worth the effort, as this is a really useful little tool!
rene $ go version
go version go1.13.3 darwin/amd64
[~/Code/gcal-test]
rene $ go get github.com/rhardih/serve
# github.com/rhardih/serve
../go/src/github.com/rhardih/serve/serve.go:140:15: cannot use cli.BoolFlag literal (type cli.BoolFlag) as type cli.Flag in array or slice literal:
cli.BoolFlag does not implement cli.Flag (Apply method has pointer receiver)
../go/src/github.com/rhardih/serve/serve.go:145:14: cannot use cli.IntFlag literal (type cli.IntFlag) as type cli.Flag in array or slice literal:
cli.IntFlag does not implement cli.Flag (Apply method has pointer receiver)
../go/src/github.com/rhardih/serve/serve.go:151:15: cannot use cli.BoolFlag literal (type cli.BoolFlag) as type cli.Flag in array or slice literal:
cli.BoolFlag does not implement cli.Flag (Apply method has pointer receiver)
../go/src/github.com/rhardih/serve/serve.go:156:15: cannot use cli.BoolFlag literal (type cli.BoolFlag) as type cli.Flag in array or slice literal:
cli.BoolFlag does not implement cli.Flag (Apply method has pointer receiver)
../go/src/github.com/rhardih/serve/serve.go:163:13: cannot use func literal (type func(*cli.Context)) as type cli.ActionFunc in assignment
../go/src/github.com/rhardih/serve/serve.go:165:19: invalid operation: c.Args()[0] (type cli.Args does not support indexing)
I tried out your project but it seems to be throwing this error.
$ go get github.com/rhardih/serve
# github.com/rhardih/serve
../../go/src/github.com/rhardih/serve/serve.go:164: c.NArg undefined (type *cli.Context has no field or method NArg)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.