From c5ce0f75020db9b3fa7dae9958bedcdb08452e04 Mon Sep 17 00:00:00 2001 From: Eric Wong Date: Tue, 4 Feb 2020 04:44:21 +0000 Subject: www: stricter regexp for 405 errors We want to match "GET" and "HEAD" exactly, not requests which start with "GET" or end with "HEAD". This doesn't seem like a real problem for public-inboxes which are actually public data anyways. --- t/httpd.t | 5 +++++ 1 file changed, 5 insertions(+) (limited to 't/httpd.t') diff --git a/t/httpd.t b/t/httpd.t index 2972afb2..c9756a70 100644 --- a/t/httpd.t +++ b/t/httpd.t @@ -49,6 +49,11 @@ EOF $td = start_script($cmd, undef, { 3 => $sock }); my $host = $sock->sockhost; my $port = $sock->sockport; + { + my $bad = tcp_connect($sock); + print $bad "GETT / HTTP/1.0\r\n\r\n" or die; + like(<$bad>, qr!\AHTTP/1\.[01] 405\b!, 'got 405 on bad req'); + } my $conn = tcp_connect($sock); ok($conn, 'connected'); ok($conn->write("GET / HTTP/1.0\r\n\r\n"), 'wrote data to socket'); -- cgit v1.2.3-24-ge0c7