about summary refs log tree commit homepage
diff options
context:
space:
mode:
authorEric Wong <e@yhbt.net>2020-02-04 04:44:21 +0000
committerEric Wong <e@yhbt.net>2020-02-04 21:39:50 +0000
commitc5ce0f75020db9b3fa7dae9958bedcdb08452e04 (patch)
tree0c446ccf8161ab7027c48827aa1e903f1d6e40db
parent69a58f258672fb0b4b5768b6d1cd75c6b1c5f3a8 (diff)
downloadpublic-inbox-c5ce0f75020db9b3fa7dae9958bedcdb08452e04.tar.gz
We want to match "GET" and "HEAD" exactly, not requests which
start with "GET" or end with "HEAD".  This doesn't seem like
a real problem for public-inboxes which are actually public
data anyways.
-rw-r--r--lib/PublicInbox/WWW.pm2
-rw-r--r--t/httpd.t5
2 files changed, 6 insertions, 1 deletions
diff --git a/lib/PublicInbox/WWW.pm b/lib/PublicInbox/WWW.pm
index efe7c8ca..3ce7cc2a 100644
--- a/lib/PublicInbox/WWW.pm
+++ b/lib/PublicInbox/WWW.pm
@@ -70,7 +70,7 @@ sub call {
                         return invalid_inbox($ctx, $1) || mbox_results($ctx);
                 }
         }
-        elsif ($method !~ /\AGET|HEAD\z/) {
+        elsif ($method !~ /\A(?:GET|HEAD)\z/) {
                 return r(405);
         }
 
diff --git a/t/httpd.t b/t/httpd.t
index 2972afb2..c9756a70 100644
--- a/t/httpd.t
+++ b/t/httpd.t
@@ -49,6 +49,11 @@ EOF
         $td = start_script($cmd, undef, { 3 => $sock });
         my $host = $sock->sockhost;
         my $port = $sock->sockport;
+        {
+                my $bad = tcp_connect($sock);
+                print $bad "GETT / HTTP/1.0\r\n\r\n" or die;
+                like(<$bad>, qr!\AHTTP/1\.[01] 405\b!, 'got 405 on bad req');
+        }
         my $conn = tcp_connect($sock);
         ok($conn, 'connected');
         ok($conn->write("GET / HTTP/1.0\r\n\r\n"), 'wrote data to socket');