nghttpx: Only allow POST and PUT for API request
This commit is contained in:
parent
92db6820d8
commit
27fa9c3c12
|
@ -73,6 +73,7 @@ int APIDownstreamConnection::send_reply(unsigned int http_status,
|
||||||
|
|
||||||
switch (http_status) {
|
switch (http_status) {
|
||||||
case 400:
|
case 400:
|
||||||
|
case 405:
|
||||||
case 413:
|
case 413:
|
||||||
resp.fs.add_header_token(StringRef::from_lit("connection"),
|
resp.fs.add_header_token(StringRef::from_lit("connection"),
|
||||||
StringRef::from_lit("close"), false,
|
StringRef::from_lit("close"), false,
|
||||||
|
@ -89,6 +90,7 @@ int APIDownstreamConnection::send_reply(unsigned int http_status,
|
||||||
|
|
||||||
int APIDownstreamConnection::push_request_headers() {
|
int APIDownstreamConnection::push_request_headers() {
|
||||||
auto &req = downstream_->request();
|
auto &req = downstream_->request();
|
||||||
|
auto &resp = downstream_->response();
|
||||||
|
|
||||||
if (req.path != StringRef::from_lit("/api/v1alpha1/backend/replace")) {
|
if (req.path != StringRef::from_lit("/api/v1alpha1/backend/replace")) {
|
||||||
send_reply(404, StringRef::from_lit("404 Not Found"));
|
send_reply(404, StringRef::from_lit("404 Not Found"));
|
||||||
|
@ -96,6 +98,15 @@ int APIDownstreamConnection::push_request_headers() {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (req.method != HTTP_POST && req.method != HTTP_PUT) {
|
||||||
|
resp.fs.add_header_token(StringRef::from_lit("allow"),
|
||||||
|
StringRef::from_lit("POST, PUT"), false, -1);
|
||||||
|
send_reply(
|
||||||
|
405, http2::get_status_string(downstream_->get_block_allocator(), 405));
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
// This works with req.fs.content_length == -1
|
// This works with req.fs.content_length == -1
|
||||||
if (req.fs.content_length >
|
if (req.fs.content_length >
|
||||||
static_cast<int64_t>(get_config()->api.max_request_body)) {
|
static_cast<int64_t>(get_config()->api.max_request_body)) {
|
||||||
|
|
Loading…
Reference in New Issue