mirror of
https://github.com/caddyserver/caddy.git
synced 2025-01-07 11:28:48 +03:00
browse: Return HTTP errors on unhandled HTTP methods
For example, a HTTP POST should not be answered with StatusOK, and a response to HTTP OPTIONS should not carry any contents.
This commit is contained in:
parent
d3a77ce3c3
commit
4e98cc3005
2 changed files with 50 additions and 0 deletions
|
@ -241,6 +241,11 @@ func (b Browse) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error) {
|
|||
if !middleware.Path(r.URL.Path).Matches(bc.PathScope) {
|
||||
continue
|
||||
}
|
||||
switch r.Method {
|
||||
case http.MethodGet, http.MethodHead:
|
||||
default:
|
||||
return http.StatusMethodNotAllowed, nil
|
||||
}
|
||||
|
||||
// Browsing navigation gets messed up if browsing a directory
|
||||
// that doesn't end in "/" (which it should, anyway)
|
||||
|
|
|
@ -104,6 +104,51 @@ func TestSort(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func TestBrowseHTTPMethods(t *testing.T) {
|
||||
tmpl, err := template.ParseFiles("testdata/photos.tpl")
|
||||
if err != nil {
|
||||
t.Fatalf("An error occured while parsing the template: %v", err)
|
||||
}
|
||||
|
||||
b := Browse{
|
||||
Next: middleware.HandlerFunc(func(w http.ResponseWriter, r *http.Request) (int, error) {
|
||||
t.Fatalf("Next shouldn't be called")
|
||||
return 0, nil
|
||||
}),
|
||||
Root: "./testdata",
|
||||
Configs: []Config{
|
||||
{
|
||||
PathScope: "/photos",
|
||||
Template: tmpl,
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
rec := httptest.NewRecorder()
|
||||
for method, expected := range map[string]int{
|
||||
http.MethodGet: http.StatusOK,
|
||||
http.MethodHead: http.StatusOK,
|
||||
http.MethodOptions: http.StatusMethodNotAllowed,
|
||||
http.MethodPost: http.StatusMethodNotAllowed,
|
||||
http.MethodPut: http.StatusMethodNotAllowed,
|
||||
http.MethodPatch: http.StatusMethodNotAllowed,
|
||||
http.MethodDelete: http.StatusMethodNotAllowed,
|
||||
"COPY": http.StatusMethodNotAllowed,
|
||||
"MOVE": http.StatusMethodNotAllowed,
|
||||
"MKCOL": http.StatusMethodNotAllowed,
|
||||
} {
|
||||
req, err := http.NewRequest(method, "/photos/", nil)
|
||||
if err != nil {
|
||||
t.Fatalf("Test: Could not create HTTP request: %v", err)
|
||||
}
|
||||
|
||||
code, _ := b.ServeHTTP(rec, req)
|
||||
if code != expected {
|
||||
t.Errorf("Wrong status with HTTP Method %s: expected %d, got %d", method, expected, code)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestBrowseTemplate(t *testing.T) {
|
||||
tmpl, err := template.ParseFiles("testdata/photos.tpl")
|
||||
if err != nil {
|
||||
|
|
Loading…
Reference in a new issue