Wapp

Check-in [04b1d555cf]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix documentation typos.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 04b1d555cf767bccd20525d2e9d7f17c57a599be633ee467fc0a149150c55a92
User & Date: drh 2019-10-15 14:54:09.920
Context
2020-02-28
21:30
Add the external content demo script. (check-in: bd84938961 user: drh tags: trunk)
2019-10-15
14:54
Fix documentation typos. (check-in: 04b1d555cf user: drh tags: trunk)
2019-08-01
23:40
Adjust the makefile to use SQLITE_ENABLE_DESERIALIZE. (check-in: 6b66ed109d user: drh tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to docs/commands.md. 
1
2
3
4
5
6
7
8
9
10
11

Wapp Commands
=============

Wapp really just a collection of TCL procs.  All procs are in a single file
named "wapp.tcl".

The procs that form the public interface for Wapp begin with "wapp-".  The
implementation uses various private procedures that have names beginning
with "wappInt-".  Applications should use the public interface only.

The most important Wapp interfaces are:




|








1
2
3
4
5
6
7
8
9
10
11

Wapp Commands
=============

Wapp is really just a collection of TCL procs. All procs are in a single file
named "wapp.tcl".

The procs that form the public interface for Wapp begin with "wapp-".  The
implementation uses various private procedures that have names beginning
with "wappInt-".  Applications should use the public interface only.

The most important Wapp interfaces are:
Changes to docs/intro.md. 
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179

        <pre>%html([wapp-debug-env])</pre>
      }
    }
    wapp-start $argv

Many Wapp applications contain an /env page for debugging and
trouble-shooting purpose.  Examples:
<https://sqlite.org/checklists/env> and
<https://sqlite.org/search?env=1>


2.1 Binary Resources
--------------------

Here is another variation on the same "hello, world" program that adds an








|








165
166
167
168
169
170
171
172
173
174
175
176
177
178
179

        <pre>%html([wapp-debug-env])</pre>
      }
    }
    wapp-start $argv

Many Wapp applications contain an /env page for debugging and
trouble-shooting purpose.  Examples:
<https://sqlite.org/src/ext/checklist/top/env> and
<https://sqlite.org/search?env=1>


2.1 Binary Resources
--------------------

Here is another variation on the same "hello, world" program that adds an
Changes to docs/params.md. 
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313

    http://example.com/cgi-bin/script/method/extra/path?q1=5
    \______________________________________/ \________/
                       |                          |
                    SELF_URL                   PATH_TAIL

### 3.2 Undefined Parameters When Using SCGI on Nginx

Some of the CGI parameters are undefined by default when using CGI mode
with Nginx.  If these CGI parameters are needed by the application, then
values must be assigned in the Nginx configuration file.  For example:

>
    location /scgi/ {
       include scgi_params;
       scgi_pass localhost:9000;








|








299
300
301
302
303
304
305
306
307
308
309
310
311
312
313

    http://example.com/cgi-bin/script/method/extra/path?q1=5
    \______________________________________/ \________/
                       |                          |
                    SELF_URL                   PATH_TAIL

### 3.2 Undefined Parameters When Using SCGI on Nginx

Some of the CGI parameters are undefined by default when using SCGI mode
with Nginx.  If these CGI parameters are needed by the application, then
values must be assigned in the Nginx configuration file.  For example:

>
    location /scgi/ {
       include scgi_params;
       scgi_pass localhost:9000;
Changes to docs/security.md. 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

Security Considerations
=======================

Wapp strives for security by default.  Applications can disable security
features on an as-needed basis, but the default setting for security
features is always "on".

Security features in Wapp include:

  1.  The default
      [Content Security Policy](https://en.wikipedia.org/wiki/Content_Security_Policy)
      of "CSP"
      for all Wapp applications is _default-src 'self'_.  In that mode,
      resources must all be loaded from the same origin, the use of
      eval() and similar commands in javascript is prohibited, and
      no in-line javascript or CSS is allowed.  These limitations help
      keep applications safe from 
      [XSS attacks](https://en.wikipedia.org/wiki/Cross-site_scripting)
      attacks, even in the face of application coding errors. If these
      restrictions are too severe for an application, the CSP can be
      relaxed or disabled using the 
      "[wapp-content-security-policy](commands.md#csp)" command.

  2.  Access to GET query parameters and POST parameters is prohibited
      unless the origin of the request is the application itself, as
      determined by the Referrer field in the HTTP header. This feature












|





|
|








1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

Security Considerations
=======================

Wapp strives for security by default.  Applications can disable security
features on an as-needed basis, but the default setting for security
features is always "on".

Security features in Wapp include:

  1.  The default
      [Content Security Policy](https://en.wikipedia.org/wiki/Content_Security_Policy)
      ("CSP")
      for all Wapp applications is _default-src 'self'_.  In that mode,
      resources must all be loaded from the same origin, the use of
      eval() and similar commands in javascript is prohibited, and
      no in-line javascript or CSS is allowed.  These limitations help
      keep applications safe from 
      [XSS attacks](https://en.wikipedia.org/wiki/Cross-site_scripting),
      even in the face of application coding errors. If these
      restrictions are too severe for an application, the CSP can be
      relaxed or disabled using the 
      "[wapp-content-security-policy](commands.md#csp)" command.

  2.  Access to GET query parameters and POST parameters is prohibited
      unless the origin of the request is the application itself, as
      determined by the Referrer field in the HTTP header. This feature