/src/wt/src/web/Configuration.h

Source
// This may look like C code, but it's really -*- C++ -*-
/*
 * Copyright (C) 2008 Emweb bv, Herent, Belgium.
 *
 * All rights reserved.
 */

#ifndef CONFIGURATION_H
#define CONFIGURATION_H

#include "Wt/WConfig.h"

#include <exception>
#include <iostream>
#include <string>
#include <utility>
#include <vector>

#if defined(WT_THREADED) && !defined(WT_CONF_NO_SHARED_LOCK)
#if _MSC_VER >= 1900 || __cplusplus >= 201703L
// we're using Visual Studio 2015 or higher, so we can use std::shared_mutex
#define WT_STD_CONF_LOCK
#define WT_CONF_LOCK
#else
#define WT_BOOST_CONF_LOCK
#define WT_CONF_LOCK
#endif
#endif

#ifdef WT_CONF_LOCK
#include <thread>
#endif // WT_CONF_LOCK

#ifdef WT_STD_CONF_LOCK
#include <shared_mutex>
#endif  // WT_STD_CONF_LOCK

#ifdef WT_BOOST_CONF_LOCK
#include <boost/thread/shared_mutex.hpp>
#endif // WT_BOOST_CONF_LOCK

#include "Wt/WApplication.h"

#include "WebSession.h"
#include "Wt/WRandom.h"

#ifndef WT_TARGET_JAVA
#include "Wt/AsioWrapper/asio.hpp"
#endif // WT_TARGET_JAVA

#ifndef WT_TARGET_JAVA
#include "EntryPoint.h"
#endif // WT_TARGET_JAVA

namespace boost {
  namespace program_options {
    class variables_map;
  }
}

namespace Wt {
  namespace rapidxml {
    template<class Ch> class xml_node;
  }

  class WLogger;
  class WServer;

#ifndef WT_TARGET_JAVA

/// A segment in the deployment path of an entry point,
/// used for routing.
struct WT_API PathSegment {
  PathSegment()
    : parent(nullptr),
      entryPoint(nullptr)
  { }

  PathSegment(const std::string &s,
              PathSegment *p)
    : parent(p),
      entryPoint(nullptr),
      segment(s)
  { }

  PathSegment *parent;
  const EntryPoint *entryPoint;
  std::vector<std::unique_ptr<PathSegment>> children; // Static path segments
  std::unique_ptr<PathSegment> dynamicChild; // Dynamic path segment, lowest priority
  std::string segment;
};

#endif // WT_TARGET_JAVA

class WT_API HeadMatter {
public:
  HeadMatter(std::string contents,
             std::string userAgent);

  const std::string& contents() const { return contents_; }
  const std::string& userAgent() const { return userAgent_; }

private:
  std::string contents_;
  std::string userAgent_;
};

class WT_API HttpHeader {
public:
  HttpHeader(std::string name,
             std::string contents)
    : name_(name),
      contents_(contents)
{ }

  const std::string& contents() const { return contents_; }
  const std::string& name() const { return name_; }

private:
  std::string name_;
  std::string contents_;
};

class WT_API Configuration
{
public:
  enum SessionPolicy {
    DedicatedProcess,
    SharedProcess
  };

  enum SessionTracking {
    CookiesURL, // Use cookies if available, or fallback to URL-based,
                // does not support multiple sessions in same browser when
                // using cookies
    URL, // Use URL-based session tracking, support multiple sessions in the same
         // browser
    Combined // Use a combination of multi-session cookie + URL-based session tracking
             // Will error if cookies are not available (no fallback)
             // This should be the most secure option, and supports multiple sessions
             // in the same browser.
  };

  enum ErrorReporting {
    NoErrors, /* do not even catch them */
    ServerSideOnly,
    ErrorMessage
  };

  enum ClientSideErrorReportLevel {
    Framework, /* exclude inline JavaScript and additional scripts, not part of Wt's framework */
    All
  };

  enum BootstrapMethod {
    DetectAjax,
    Progressive
  };

  typedef std::map<std::string, std::string> PropertyMap;
  typedef std::vector<std::string> AgentList;

  Configuration(const std::string& applicationPath,
                const std::string& appRoot,
                const std::string& configurationFile,
                WServer *server);

  void rereadConfiguration();

  // finds a configured approot based on the environment
  static std::string locateAppRoot();

  // finds a config file based on the environment, in the approot,
  // or the default location
  static std::string locateConfigFile(const std::string& appRoot);

  /*
   * Override the sessionIdPrefix setting in the config file
   */
  void setSessionIdPrefix(const std::string& prefix);

#ifndef WT_TARGET_JAVA
  void addEntryPoint(const EntryPoint& entryPoint);
  bool tryAddResource(const EntryPoint& entryPoint); // Returns bool indicating success:
                                                     // false if entry point existed already
  void removeEntryPoint(const std::string& path);
  void setDefaultEntryPoint(const std::string& path);
  // Returns matching entry point and match length
  EntryPointMatch matchEntryPoint(const std::string &scriptName,
                                  const std::string &path,
                                  bool matchAfterSlash) const;
  static bool matchesPath(const std::string &path,
                          const std::string &prefix,
                          bool matchAfterSlash);
  void setNumThreads(int threads);
#endif // WT_TARGET_JAVA

  const std::vector<MetaHeader>& metaHeaders() const { return metaHeaders_; }
  const std::vector<HeadMatter>& headMatter() const { return headMatter_; }
  const std::vector<HttpHeader>& httpHeaders() const { return httpHeaders_; }
  SessionPolicy sessionPolicy() const;
  int numProcesses() const;
  int numThreads() const;
  int maxNumSessions() const;
  ::int64_t maxRequestSize() const;
  ::int64_t maxFormDataSize() const;
  int maxPendingEvents() const;
  ::int64_t isapiMaxMemoryRequestSize() const;
  SessionTracking sessionTracking() const;
  bool reloadIsNewSession() const;
  int sessionTimeout() const;
  int idleTimeout() const;
  int keepAlive() const; // sessionTimeout() / 2, or if sessionTimeout == -1, 1000000
  int multiSessionCookieTimeout() const; // sessionTimeout() * 2
  int bootstrapTimeout() const;
  int indicatorTimeout() const;
  int doubleClickTimeout() const;
  int serverPushTimeout() const;
  std::string valgrindPath() const;
  ErrorReporting errorReporting() const;
  ClientSideErrorReportLevel clientSideErrorReportingLevel() const;
  bool debug() const;
  std::string runDirectory() const;
  int sessionIdLength() const;
  std::string sessionIdPrefix() const;
  int fullSessionIdLength() const; // length of prefix + session id
  int numSessionThreads() const;

  bool isAllowedOrigin(const std::string &origin) const;

#ifndef WT_TARGET_JAVA
  bool readConfigurationProperty(const std::string& name, std::string& value)
    const;
#else
  const std::string *property(const std::string& name) const;
#endif

#ifndef WT_TARGET_JAVA
  using IpAddress = AsioWrapper::asio::ip::address;
#else
  struct IpAddress {};
#endif

  struct WT_API Network {
      IpAddress address;
      unsigned char prefixLength;

#ifndef WT_TARGET_JAVA
      bool operator==(const Network &other) const noexcept
      {
        return address == other.address && prefixLength == other.prefixLength;
      }

      bool operator!=(const Network &other) const noexcept
      {
        return !operator==(other);
      }
#endif

      static Network fromString(const std::string &s);
      bool contains(const IpAddress &address) const;
  };

  void setAppRoot(const std::string& path);
  std::string appRoot() const;
  bool behindReverseProxy() const; // Deprecated
  std::string originalIPHeader() const;
  std::vector<Network> trustedProxies() const;
  bool isTrustedProxy(const std::string &ipAddress) const;
  std::string redirectMessage() const;
  bool serializedEvents() const;
  bool webSockets() const;
  bool inlineCss() const;
  bool persistentSessions() const;
  bool progressiveBoot(const std::string& internalPath) const;
  float maxPlainSessionsRatio() const;
  int minSessionsForDoS() const;
  bool ajaxPuzzle() const;
  bool sessionIdCookie() const;
  bool cookieChecks() const;
  bool useSlashExceptionForInternalPaths() const;
  bool needReadBodyBeforeResponse() const;
  bool webglDetect() const;
  bool useScriptNonce() const;
  bool delayLoadAtBoot() const;
  bool useXFrameSameOrigin() const;

  bool agentIsBot(const std::string& agent) const;
  bool agentSupportsAjax(const std::string& agent) const;
  std::string uaCompatible() const;

  // Things which are overridden by the connector
  void setSessionTimeout(int sessionTimeout);
  void setWebSockets(bool enabled);
  void setRunDirectory(const std::string& path);
  void setUseSlashExceptionForInternalPaths(bool enabled);
  void setNeedReadBodyBeforeResponse(bool needed);
  void setBehindReverseProxy(bool enabled);
  void setOriginalIPHeader(const std::string &originalIPHeader);
  void setTrustedProxies(const std::vector<Network> &trustedProxies);

  void setBootstrapMethod(BootstrapMethod method);

  std::string generateSessionId();
  bool registerSessionId(const std::string& oldId, const std::string& newId);

  std::string sessionSocketPath(const std::string& sessionId);
  const std::string &defaultEntryPoint() const { return defaultEntryPoint_; }
private:
  struct BootstrapEntry {
    bool prefix;
    std::string path;
    BootstrapMethod method;
  };

#ifdef WT_STD_CONF_LOCK
  mutable std::shared_mutex mutex_;
#endif // WT_STD_CONF_LOCK
#ifdef WT_BOOST_CONF_LOCK
  mutable boost::shared_mutex mutex_;
#endif // WT_BOOST_CONF_LOCK

  WServer *server_;
  std::string applicationPath_;
  std::string appRoot_;
  std::string configurationFile_;
  std::string uaCompatible_;

#ifndef WT_TARGET_JAVA
  EntryPointList entryPoints_;
  PathSegment rootPathSegment_; /// The toplevel path segment ('/') for routing,
                                /// root of the rounting tree.
#endif // WT_TARGET_JAVA

  SessionPolicy   sessionPolicy_;
  int             numProcesses_;
  int             numThreads_;
  int             maxNumSessions_;
  ::int64_t       maxRequestSize_;
  ::int64_t       maxFormDataSize_;
  int             maxPendingEvents_;
  ::int64_t       isapiMaxMemoryRequestSize_;
  SessionTracking sessionTracking_;
  bool            reloadIsNewSession_;
  int             sessionTimeout_;
  int             idleTimeout_;
  int             bootstrapTimeout_;
  int             indicatorTimeout_;
  int             doubleClickTimeout_;
  int             serverPushTimeout_;
  std::string     valgrindPath_;
  ErrorReporting  errorReporting_;
  ClientSideErrorReportLevel clientSideErrorReportLevel_;
  std::string     runDirectory_;
  int             sessionIdLength_;
  PropertyMap     properties_;
  bool            xhtmlMimeType_;
  bool            behindReverseProxy_;

  // trusted-proxy-config
  std::string     originalIPHeader_;
  std::vector<Network> trustedProxies_;

  std::string     redirectMsg_;
  bool            serializedEvents_;
  bool            webSockets_;
  bool            inlineCss_;
  AgentList       ajaxAgentList_, botList_;
  bool            ajaxAgentWhiteList_;
  bool            persistentSessions_;
  float           maxPlainSessionsRatio_;
  int             minSessionsForDoS_;
  bool            ajaxPuzzle_;
  bool            sessionIdCookie_;
  bool            cookieChecks_;
  bool            webglDetection_;
  bool            delayLoadAtBoot_;
  int             numSessionThreads_;

  std::vector<std::string> allowedOrigins_;

  std::vector<BootstrapEntry> bootstrapConfig_;
  std::vector<MetaHeader> metaHeaders_;
  std::vector<HeadMatter> headMatter_;
  bool useXFrameSameOrigin_;
  std::vector<HttpHeader> httpHeaders_;
  bool useScriptNonce_;

  bool connectorSlashException_;
  bool connectorNeedReadBody_;
  bool connectorWebSockets_;
  std::string connectorSessionIdPrefix_;
  std::string defaultEntryPoint_;

  void reset();
  void readApplicationSettings(Wt::rapidxml::xml_node<char> *app);
  void readConfiguration(bool silent);
  WLogEntry log(const std::string& type) const;

  // Add the given entryPoint to the routing tree
  // NOTE: Server may not be running, or WRITE_LOCK should
  // be grabbed before registerEntryPoint is invoked.
  // This is to be used by the other entry point functions
  // (addEntryPoint, tryAddResource, removeEntryPoint,...)
  void registerEntryPoint(const EntryPoint &entryPoint);
};

}

#endif // HTTP_CONFIGURATION_HPP

Coverage Report

Created: 2025-10-10 06:09

Line	Count	Source
1		// This may look like C code, but it's really -- C++ --
2		/*
3		* Copyright (C) 2008 Emweb bv, Herent, Belgium.
4		*
5		* All rights reserved.
6		*/
7
8		#ifndef CONFIGURATION_H
9		#define CONFIGURATION_H
10
11		#include "Wt/WConfig.h"
12
13		#include <exception>
14		#include <iostream>
15		#include <string>
16		#include <utility>
17		#include <vector>
18
19		#if defined(WT_THREADED) && !defined(WT_CONF_NO_SHARED_LOCK)
20		#if _MSC_VER >= 1900 \|\| __cplusplus >= 201703L
21		// we're using Visual Studio 2015 or higher, so we can use std::shared_mutex
22		#define WT_STD_CONF_LOCK
23		#define WT_CONF_LOCK
24		#else
25		#define WT_BOOST_CONF_LOCK
26		#define WT_CONF_LOCK
27		#endif
28		#endif
29
30		#ifdef WT_CONF_LOCK
31		#include <thread>
32		#endif // WT_CONF_LOCK
33
34		#ifdef WT_STD_CONF_LOCK
35		#include <shared_mutex>
36		#endif // WT_STD_CONF_LOCK
37
38		#ifdef WT_BOOST_CONF_LOCK
39		#include <boost/thread/shared_mutex.hpp>
40		#endif // WT_BOOST_CONF_LOCK
41
42		#include "Wt/WApplication.h"
43
44		#include "WebSession.h"
45		#include "Wt/WRandom.h"
46
47		#ifndef WT_TARGET_JAVA
48		#include "Wt/AsioWrapper/asio.hpp"
49		#endif // WT_TARGET_JAVA
50
51		#ifndef WT_TARGET_JAVA
52		#include "EntryPoint.h"
53		#endif // WT_TARGET_JAVA
54
55		namespace boost {
56		namespace program_options {
57		class variables_map;
58		}
59		}
60
61		namespace Wt {
62		namespace rapidxml {
63		template<class Ch> class xml_node;
64		}
65
66		class WLogger;
67		class WServer;
68
69		#ifndef WT_TARGET_JAVA
70
71		/// A segment in the deployment path of an entry point,
72		/// used for routing.
73		struct WT_API PathSegment {
74		PathSegment()
75	0	: parent(nullptr),
76	0	entryPoint(nullptr)
77	0	{ }
78
79		PathSegment(const std::string &s,
80		PathSegment *p)
81	0	: parent(p),
82	0	entryPoint(nullptr),
83	0	segment(s)
84	0	{ }
85
86		PathSegment *parent;
87		const EntryPoint *entryPoint;
88		std::vector<std::unique_ptr<PathSegment>> children; // Static path segments
89		std::unique_ptr<PathSegment> dynamicChild; // Dynamic path segment, lowest priority
90		std::string segment;
91		};
92
93		#endif // WT_TARGET_JAVA
94
95		class WT_API HeadMatter {
96		public:
97		HeadMatter(std::string contents,
98		std::string userAgent);
99
100	0	const std::string& contents() const { return contents_; }
101	0	const std::string& userAgent() const { return userAgent_; }
102
103		private:
104		std::string contents_;
105		std::string userAgent_;
106		};
107
108		class WT_API HttpHeader {
109		public:
110		HttpHeader(std::string name,
111		std::string contents)
112	0	: name_(name),
113	0	contents_(contents)
114	0	{ }
115
116	0	const std::string& contents() const { return contents_; }
117	0	const std::string& name() const { return name_; }
118
119		private:
120		std::string name_;
121		std::string contents_;
122		};
123
124		class WT_API Configuration
125		{
126		public:
127		enum SessionPolicy {
128		DedicatedProcess,
129		SharedProcess
130		};
131
132		enum SessionTracking {
133		CookiesURL, // Use cookies if available, or fallback to URL-based,
134		// does not support multiple sessions in same browser when
135		// using cookies
136		URL, // Use URL-based session tracking, support multiple sessions in the same
137		// browser
138		Combined // Use a combination of multi-session cookie + URL-based session tracking
139		// Will error if cookies are not available (no fallback)
140		// This should be the most secure option, and supports multiple sessions
141		// in the same browser.
142		};
143
144		enum ErrorReporting {
145		NoErrors, /* do not even catch them */
146		ServerSideOnly,
147		ErrorMessage
148		};
149
150		enum ClientSideErrorReportLevel {
151		Framework, /* exclude inline JavaScript and additional scripts, not part of Wt's framework */
152		All
153		};
154
155		enum BootstrapMethod {
156		DetectAjax,
157		Progressive
158		};
159
160		typedef std::map<std::string, std::string> PropertyMap;
161		typedef std::vector<std::string> AgentList;
162
163		Configuration(const std::string& applicationPath,
164		const std::string& appRoot,
165		const std::string& configurationFile,
166		WServer *server);
167
168		void rereadConfiguration();
169
170		// finds a configured approot based on the environment
171		static std::string locateAppRoot();
172
173		// finds a config file based on the environment, in the approot,
174		// or the default location
175		static std::string locateConfigFile(const std::string& appRoot);
176
177		/*
178		* Override the sessionIdPrefix setting in the config file
179		*/
180		void setSessionIdPrefix(const std::string& prefix);
181
182		#ifndef WT_TARGET_JAVA
183		void addEntryPoint(const EntryPoint& entryPoint);
184		bool tryAddResource(const EntryPoint& entryPoint); // Returns bool indicating success:
185		// false if entry point existed already
186		void removeEntryPoint(const std::string& path);
187		void setDefaultEntryPoint(const std::string& path);
188		// Returns matching entry point and match length
189		EntryPointMatch matchEntryPoint(const std::string &scriptName,
190		const std::string &path,
191		bool matchAfterSlash) const;
192		static bool matchesPath(const std::string &path,
193		const std::string &prefix,
194		bool matchAfterSlash);
195		void setNumThreads(int threads);
196		#endif // WT_TARGET_JAVA
197
198	0	const std::vector<MetaHeader>& metaHeaders() const { return metaHeaders_; }
199	0	const std::vector<HeadMatter>& headMatter() const { return headMatter_; }
200	0	const std::vector<HttpHeader>& httpHeaders() const { return httpHeaders_; }
201		SessionPolicy sessionPolicy() const;
202		int numProcesses() const;
203		int numThreads() const;
204		int maxNumSessions() const;
205		::int64_t maxRequestSize() const;
206		::int64_t maxFormDataSize() const;
207		int maxPendingEvents() const;
208		::int64_t isapiMaxMemoryRequestSize() const;
209		SessionTracking sessionTracking() const;
210		bool reloadIsNewSession() const;
211		int sessionTimeout() const;
212		int idleTimeout() const;
213		int keepAlive() const; // sessionTimeout() / 2, or if sessionTimeout == -1, 1000000
214		int multiSessionCookieTimeout() const; // sessionTimeout() * 2
215		int bootstrapTimeout() const;
216		int indicatorTimeout() const;
217		int doubleClickTimeout() const;
218		int serverPushTimeout() const;
219		std::string valgrindPath() const;
220		ErrorReporting errorReporting() const;
221		ClientSideErrorReportLevel clientSideErrorReportingLevel() const;
222		bool debug() const;
223		std::string runDirectory() const;
224		int sessionIdLength() const;
225		std::string sessionIdPrefix() const;
226		int fullSessionIdLength() const; // length of prefix + session id
227		int numSessionThreads() const;
228
229		bool isAllowedOrigin(const std::string &origin) const;
230
231		#ifndef WT_TARGET_JAVA
232		bool readConfigurationProperty(const std::string& name, std::string& value)
233		const;
234		#else
235		const std::string *property(const std::string& name) const;
236		#endif
237
238		#ifndef WT_TARGET_JAVA
239		using IpAddress = AsioWrapper::asio::ip::address;
240		#else
241		struct IpAddress {};
242		#endif
243
244		struct WT_API Network {
245		IpAddress address;
246		unsigned char prefixLength;
247
248		#ifndef WT_TARGET_JAVA
249		bool operator==(const Network &other) const noexcept
250	0	{
251	0	return address == other.address && prefixLength == other.prefixLength;
252	0	}
253
254		bool operator!=(const Network &other) const noexcept
255	0	{
256	0	return !operator==(other);
257	0	}
258		#endif
259
260		static Network fromString(const std::string &s);
261		bool contains(const IpAddress &address) const;
262		};
263
264		void setAppRoot(const std::string& path);
265		std::string appRoot() const;
266		bool behindReverseProxy() const; // Deprecated
267		std::string originalIPHeader() const;
268		std::vector<Network> trustedProxies() const;
269		bool isTrustedProxy(const std::string &ipAddress) const;
270		std::string redirectMessage() const;
271		bool serializedEvents() const;
272		bool webSockets() const;
273		bool inlineCss() const;
274		bool persistentSessions() const;
275		bool progressiveBoot(const std::string& internalPath) const;
276		float maxPlainSessionsRatio() const;
277		int minSessionsForDoS() const;
278		bool ajaxPuzzle() const;
279		bool sessionIdCookie() const;
280		bool cookieChecks() const;
281		bool useSlashExceptionForInternalPaths() const;
282		bool needReadBodyBeforeResponse() const;
283		bool webglDetect() const;
284		bool useScriptNonce() const;
285		bool delayLoadAtBoot() const;
286		bool useXFrameSameOrigin() const;
287
288		bool agentIsBot(const std::string& agent) const;
289		bool agentSupportsAjax(const std::string& agent) const;
290		std::string uaCompatible() const;
291
292		// Things which are overridden by the connector
293		void setSessionTimeout(int sessionTimeout);
294		void setWebSockets(bool enabled);
295		void setRunDirectory(const std::string& path);
296		void setUseSlashExceptionForInternalPaths(bool enabled);
297		void setNeedReadBodyBeforeResponse(bool needed);
298		void setBehindReverseProxy(bool enabled);
299		void setOriginalIPHeader(const std::string &originalIPHeader);
300		void setTrustedProxies(const std::vector<Network> &trustedProxies);
301
302		void setBootstrapMethod(BootstrapMethod method);
303
304		std::string generateSessionId();
305		bool registerSessionId(const std::string& oldId, const std::string& newId);
306
307		std::string sessionSocketPath(const std::string& sessionId);
308	0	const std::string &defaultEntryPoint() const { return defaultEntryPoint_; }
309		private:
310		struct BootstrapEntry {
311		bool prefix;
312		std::string path;
313		BootstrapMethod method;
314		};
315
316		#ifdef WT_STD_CONF_LOCK
317		mutable std::shared_mutex mutex_;
318		#endif // WT_STD_CONF_LOCK
319		#ifdef WT_BOOST_CONF_LOCK
320		mutable boost::shared_mutex mutex_;
321		#endif // WT_BOOST_CONF_LOCK
322
323		WServer *server_;
324		std::string applicationPath_;
325		std::string appRoot_;
326		std::string configurationFile_;
327		std::string uaCompatible_;
328
329		#ifndef WT_TARGET_JAVA
330		EntryPointList entryPoints_;
331		PathSegment rootPathSegment_; /// The toplevel path segment ('/') for routing,
332		/// root of the rounting tree.
333		#endif // WT_TARGET_JAVA
334
335		SessionPolicy sessionPolicy_;
336		int numProcesses_;
337		int numThreads_;
338		int maxNumSessions_;
339		::int64_t maxRequestSize_;
340		::int64_t maxFormDataSize_;
341		int maxPendingEvents_;
342		::int64_t isapiMaxMemoryRequestSize_;
343		SessionTracking sessionTracking_;
344		bool reloadIsNewSession_;
345		int sessionTimeout_;
346		int idleTimeout_;
347		int bootstrapTimeout_;
348		int indicatorTimeout_;
349		int doubleClickTimeout_;
350		int serverPushTimeout_;
351		std::string valgrindPath_;
352		ErrorReporting errorReporting_;
353		ClientSideErrorReportLevel clientSideErrorReportLevel_;
354		std::string runDirectory_;
355		int sessionIdLength_;
356		PropertyMap properties_;
357		bool xhtmlMimeType_;
358		bool behindReverseProxy_;
359
360		// trusted-proxy-config
361		std::string originalIPHeader_;
362		std::vector<Network> trustedProxies_;
363
364		std::string redirectMsg_;
365		bool serializedEvents_;
366		bool webSockets_;
367		bool inlineCss_;
368		AgentList ajaxAgentList_, botList_;
369		bool ajaxAgentWhiteList_;
370		bool persistentSessions_;
371		float maxPlainSessionsRatio_;
372		int minSessionsForDoS_;
373		bool ajaxPuzzle_;
374		bool sessionIdCookie_;
375		bool cookieChecks_;
376		bool webglDetection_;
377		bool delayLoadAtBoot_;
378		int numSessionThreads_;
379
380		std::vector<std::string> allowedOrigins_;
381
382		std::vector<BootstrapEntry> bootstrapConfig_;
383		std::vector<MetaHeader> metaHeaders_;
384		std::vector<HeadMatter> headMatter_;
385		bool useXFrameSameOrigin_;
386		std::vector<HttpHeader> httpHeaders_;
387		bool useScriptNonce_;
388
389		bool connectorSlashException_;
390		bool connectorNeedReadBody_;
391		bool connectorWebSockets_;
392		std::string connectorSessionIdPrefix_;
393		std::string defaultEntryPoint_;
394
395		void reset();
396		void readApplicationSettings(Wt::rapidxml::xml_node<char> *app);
397		void readConfiguration(bool silent);
398		WLogEntry log(const std::string& type) const;
399
400		// Add the given entryPoint to the routing tree
401		// NOTE: Server may not be running, or WRITE_LOCK should
402		// be grabbed before registerEntryPoint is invoked.
403		// This is to be used by the other entry point functions
404		// (addEntryPoint, tryAddResource, removeEntryPoint,...)
405		void registerEntryPoint(const EntryPoint &entryPoint);
406		};
407
408		}
409
410		#endif // HTTP_CONFIGURATION_HPP