mirror of
https://github.com/caddyserver/caddy.git
synced 2025-01-23 10:45:49 +03:00
browse: Return HTTP errors on unhandled HTTP methods
For example, a HTTP POST should not be answered with StatusOK, and a response to HTTP OPTIONS should not carry any contents.
This commit is contained in:
parent
d3a77ce3c3
commit
4e98cc3005
2 changed files with 50 additions and 0 deletions
|
@ -241,6 +241,11 @@ func (b Browse) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error) {
|
||||||
if !middleware.Path(r.URL.Path).Matches(bc.PathScope) {
|
if !middleware.Path(r.URL.Path).Matches(bc.PathScope) {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
switch r.Method {
|
||||||
|
case http.MethodGet, http.MethodHead:
|
||||||
|
default:
|
||||||
|
return http.StatusMethodNotAllowed, nil
|
||||||
|
}
|
||||||
|
|
||||||
// Browsing navigation gets messed up if browsing a directory
|
// Browsing navigation gets messed up if browsing a directory
|
||||||
// that doesn't end in "/" (which it should, anyway)
|
// that doesn't end in "/" (which it should, anyway)
|
||||||
|
|
|
@ -104,6 +104,51 @@ func TestSort(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestBrowseHTTPMethods(t *testing.T) {
|
||||||
|
tmpl, err := template.ParseFiles("testdata/photos.tpl")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("An error occured while parsing the template: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
b := Browse{
|
||||||
|
Next: middleware.HandlerFunc(func(w http.ResponseWriter, r *http.Request) (int, error) {
|
||||||
|
t.Fatalf("Next shouldn't be called")
|
||||||
|
return 0, nil
|
||||||
|
}),
|
||||||
|
Root: "./testdata",
|
||||||
|
Configs: []Config{
|
||||||
|
{
|
||||||
|
PathScope: "/photos",
|
||||||
|
Template: tmpl,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
rec := httptest.NewRecorder()
|
||||||
|
for method, expected := range map[string]int{
|
||||||
|
http.MethodGet: http.StatusOK,
|
||||||
|
http.MethodHead: http.StatusOK,
|
||||||
|
http.MethodOptions: http.StatusMethodNotAllowed,
|
||||||
|
http.MethodPost: http.StatusMethodNotAllowed,
|
||||||
|
http.MethodPut: http.StatusMethodNotAllowed,
|
||||||
|
http.MethodPatch: http.StatusMethodNotAllowed,
|
||||||
|
http.MethodDelete: http.StatusMethodNotAllowed,
|
||||||
|
"COPY": http.StatusMethodNotAllowed,
|
||||||
|
"MOVE": http.StatusMethodNotAllowed,
|
||||||
|
"MKCOL": http.StatusMethodNotAllowed,
|
||||||
|
} {
|
||||||
|
req, err := http.NewRequest(method, "/photos/", nil)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("Test: Could not create HTTP request: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
code, _ := b.ServeHTTP(rec, req)
|
||||||
|
if code != expected {
|
||||||
|
t.Errorf("Wrong status with HTTP Method %s: expected %d, got %d", method, expected, code)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func TestBrowseTemplate(t *testing.T) {
|
func TestBrowseTemplate(t *testing.T) {
|
||||||
tmpl, err := template.ParseFiles("testdata/photos.tpl")
|
tmpl, err := template.ParseFiles("testdata/photos.tpl")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
Loading…
Reference in a new issue