diff options
author | Rasmus Dahlberg <rasmus@mullvad.net> | 2022-04-01 02:27:52 +0200 |
---|---|---|
committer | Rasmus Dahlberg <rasmus@mullvad.net> | 2022-04-01 02:56:42 +0200 |
commit | aa903b2f5356f35a486a8e7e6ef92e9db332748e (patch) | |
tree | 3fff6448da782fdebffe9d24bf9b70edca14d396 /pkg/instance/handler.go | |
parent | b09d20111227be5e6d5126ec905b44a7a4e96b0d (diff) |
fix non-compliant use of HTTP status code 405
See RFC 7231, ยง6.5.5.
Diffstat (limited to 'pkg/instance/handler.go')
-rw-r--r-- | pkg/instance/handler.go | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/pkg/instance/handler.go b/pkg/instance/handler.go index f2bc621..95d90a8 100644 --- a/pkg/instance/handler.go +++ b/pkg/instance/handler.go @@ -41,9 +41,9 @@ func (a Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { ctx, cancel := context.WithDeadline(r.Context(), now.Add(a.Instance.Deadline)) defer cancel() - if r.Method != a.Method { + statusCode = a.verifyMethod(w, r) + if statusCode != 0 { glog.Warningf("%s/%s: got HTTP %s, wanted HTTP %s", a.Instance.Prefix, string(a.Endpoint), r.Method, a.Method) - http.Error(w, "", http.StatusMethodNotAllowed) return } @@ -54,6 +54,23 @@ func (a Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { } } +// verifyMethod checks that an appropriate HTTP method is used. Error handling +// is based on RFC 7231, see Sections 6.5.5 (Status 405) and 6.5.1 (Status 400). +func (h *Handler) verifyMethod(w http.ResponseWriter, r *http.Request) int { + if h.Method == r.Method { + return 0 + } + + code := http.StatusBadRequest + if ok := h.Instance.checkHTTPMethod(r.Method); ok { + w.Header().Set("Allow", h.Method) + code = http.StatusMethodNotAllowed + } + + http.Error(w, fmt.Sprintf("error=%s", http.StatusText(code)), code) + return code +} + func addLeaf(ctx context.Context, i *Instance, w http.ResponseWriter, r *http.Request) (int, error) { glog.V(3).Info("handling add-entry request") req, err := i.leafRequestFromHTTP(ctx, r) |