Главная Обзор Помощь
Вход
n4u
/
cowboy
2
0
Ответвить 0
Файлы Задачи 0 Запросы на слияние 0 Вики
Просмотр исходного кода

Also disable the TRACE method entirely

Loïc Hoguin 7 лет назад
Родитель
dd002b8141
Сommit
2eb3e3f994
3 измененных файлов с 15 добавлено и 4 удалено
Разделённый вид Показать статистику Diff
  1. 3 0
      src/cowboy_http.erl
  2. 4 2
      src/cowboy_http2.erl
  3. 8 2
      test/rfc7231_SUITE.erl

+ 3 - 0
src/cowboy_http.erl
Просмотреть файл 

@@ -350,6 +350,9 @@ parse_request(Buffer, State=#state{opts=Opts, in_streamid=InStreamID}, EmptyLine
 
 				<<"CONNECT ", _/bits>> ->
 
 					error_terminate(501, State, {connection_error, no_error,
 
 						'The CONNECT method is currently not implemented. (RFC7231 4.3.6)'});
 
+				<<"TRACE ", _/bits>> ->
 
+					error_terminate(501, State, {connection_error, no_error,
 
+						'The TRACE method is currently not implemented. (RFC7231 4.3.8)'});
 
 				%% Accept direct HTTP/2 only at the beginning of the connection.
 
 				<< "PRI * HTTP/2.0\r\n", _/bits >> when InStreamID =:= 1 ->
 
 					%% @todo Might be worth throwing to get a clean stacktrace.

+ 4 - 2
src/cowboy_http2.erl
Просмотреть файл 

@@ -842,10 +842,12 @@ stream_decode_init(State=#state{decode_state=DecodeState0}, StreamID, IsFin, Hea
 
 stream_pseudo_headers_init(State, StreamID, IsFin, Headers0) ->
 
 	case pseudo_headers(Headers0, #{}) of
 
 		%% @todo Add clause for CONNECT requests (no scheme/path).
 
-		{ok, PseudoHeaders=#{method := Method}, _}
 
-				when Method =:= <<"CONNECT">> ->
 
+		{ok, PseudoHeaders=#{method := <<"CONNECT">>}, _} ->
 
 			stream_early_error(State, StreamID, 501, PseudoHeaders,
 
 				'The CONNECT method is currently not implemented. (RFC7231 4.3.6)');
 
+		{ok, PseudoHeaders=#{method := <<"TRACE">>}, _} ->
 
+			stream_early_error(State, StreamID, 501, PseudoHeaders,
 
+				'The TRACE method is currently not implemented. (RFC7231 4.3.8)');
 
 		{ok, PseudoHeaders=#{method := _, scheme := _, authority := _, path := _}, Headers} ->
 
 			stream_regular_headers_init(State, StreamID, IsFin, Headers, PseudoHeaders);
 
 		{ok, _, _} ->

+ 8 - 2
test/rfc7231_SUITE.erl
Просмотреть файл 

@@ -151,8 +151,14 @@ method_options(Config) ->
 
 %method_options_asterisk(Config) ->
 
 %method_options_content_length_0(Config) ->
 
 
-%% @todo Should probably disable TRACE entirely until they're implemented.
 
-%method_trace(Config) ->
 
+method_trace(Config) ->
 
+	doc("The TRACE method is currently not implemented. (RFC7231 4.3.8)"),
 
+	ConnPid = gun_open(Config),
 
+	Ref = gun:request(ConnPid, <<"TRACE">>, "/", [
 
+		{<<"accept-encoding">>, <<"gzip">>}
 
+	]),
 
+	{response, fin, 501, _} = gun:await(ConnPid, Ref),
 
+	ok.
 
 
 %% Request headers.