walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

nghttpx: Only allow POST and PUT for API request

This commit is contained in:
Tatsuhiro Tsujikawa 2016-06-04 17:55:48 +09:00
parent 92db6820d8
commit 27fa9c3c12
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/shrpx_api_downstream_connection.cc
View File

@ -73,6 +73,7 @@ int APIDownstreamConnection::send_reply(unsigned int http_status,
switch (http_status) {
case 400:
case 405:
case 413:
resp.fs.add_header_token(StringRef::from_lit("connection"),
StringRef::from_lit("close"), false,
@ -89,6 +90,7 @@ int APIDownstreamConnection::send_reply(unsigned int http_status,
int APIDownstreamConnection::push_request_headers() {
auto &req = downstream_->request();
auto &resp = downstream_->response();
if (req.path != StringRef::from_lit("/api/v1alpha1/backend/replace")) {
send_reply(404, StringRef::from_lit("404 Not Found"));
@ -96,6 +98,15 @@ int APIDownstreamConnection::push_request_headers() {
return 0;
}
if (req.method != HTTP_POST && req.method != HTTP_PUT) {
resp.fs.add_header_token(StringRef::from_lit("allow"),
StringRef::from_lit("POST, PUT"), false, -1);
send_reply(
405, http2::get_status_string(downstream_->get_block_allocator(), 405));
return 0;
}
// This works with req.fs.content_length == -1
if (req.fs.content_length >
static_cast<int64_t>(get_config()->api.max_request_body)) {