diff options
author | Eric Wong <e@yhbt.net> | 2020-02-04 04:44:21 +0000 |
---|---|---|
committer | Eric Wong <e@yhbt.net> | 2020-02-04 21:39:50 +0000 |
commit | c5ce0f75020db9b3fa7dae9958bedcdb08452e04 (patch) | |
tree | 0c446ccf8161ab7027c48827aa1e903f1d6e40db | |
parent | 69a58f258672fb0b4b5768b6d1cd75c6b1c5f3a8 (diff) | |
download | public-inbox-c5ce0f75020db9b3fa7dae9958bedcdb08452e04.tar.gz |
We want to match "GET" and "HEAD" exactly, not requests which start with "GET" or end with "HEAD". This doesn't seem like a real problem for public-inboxes which are actually public data anyways.
-rw-r--r-- | lib/PublicInbox/WWW.pm | 2 | ||||
-rw-r--r-- | t/httpd.t | 5 |
2 files changed, 6 insertions, 1 deletions
diff --git a/lib/PublicInbox/WWW.pm b/lib/PublicInbox/WWW.pm index efe7c8ca..3ce7cc2a 100644 --- a/lib/PublicInbox/WWW.pm +++ b/lib/PublicInbox/WWW.pm @@ -70,7 +70,7 @@ sub call { return invalid_inbox($ctx, $1) || mbox_results($ctx); } } - elsif ($method !~ /\AGET|HEAD\z/) { + elsif ($method !~ /\A(?:GET|HEAD)\z/) { return r(405); } @@ -49,6 +49,11 @@ EOF $td = start_script($cmd, undef, { 3 => $sock }); my $host = $sock->sockhost; my $port = $sock->sockport; + { + my $bad = tcp_connect($sock); + print $bad "GETT / HTTP/1.0\r\n\r\n" or die; + like(<$bad>, qr!\AHTTP/1\.[01] 405\b!, 'got 405 on bad req'); + } my $conn = tcp_connect($sock); ok($conn, 'connected'); ok($conn->write("GET / HTTP/1.0\r\n\r\n"), 'wrote data to socket'); |