diff options
author | clsr <clsr@clsr.net> | 2016-06-17 14:06:43 +0200 |
---|---|---|
committer | clsr <clsr@clsr.net> | 2016-06-17 14:06:43 +0200 |
commit | 8e6f1aab4cce360f62e46ba88636e0c1b3fcef8d (patch) | |
tree | e52a9f40861a8471923827f15ed85a61a297be58 | |
parent | d5bfbdefb1bb56d7062975cd04954aa1ad346018 (diff) | |
download | gomf-8e6f1aab4cce360f62e46ba88636e0c1b3fcef8d.tar.gz gomf-8e6f1aab4cce360f62e46ba88636e0c1b3fcef8d.zip |
Handle HTTP OPTIONS and reject unknown HTTP methods
-rw-r--r-- | api.go | 2 | ||||
-rw-r--r-- | main.go | 17 |
2 files changed, 16 insertions, 3 deletions
@@ -63,7 +63,7 @@ func handleUpload(w http.ResponseWriter, r *http.Request) { output := r.FormValue("output") resp := response{Files: []result{}} - if r.Method == "GET" && output == "html" { + if r.Method == http.MethodGet && output == "html" { respond(w, output, resp) return } @@ -33,6 +33,19 @@ func handle(w http.ResponseWriter, r *http.Request) { } } +func methodHandler(handler http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if r.Method == http.MethodGet || r.Method == http.MethodPost || r.Method == http.MethodHead { + handler.ServeHTTP(w, r) + } else { + w.Header().Set("Allow", "POST, HEAD, OPTIONS, GET") + if r.Method != http.MethodOptions { + http.Error(w, "The method is not allowed for the requested URL.", http.StatusMethodNotAllowed) + } + } + }) +} + func main() { flag.StringVar(&uploadUrl, "upload-url", "", "URL to serve uploads from") flag.StringVar(&uploadHost, "upload-host", "", "host to serve uploads on") @@ -93,12 +106,12 @@ func main() { if *listenHttp != "" { exit = false fmt.Printf("listening on http://%s/\n", *listenHttp) - go panic(http.ListenAndServe(*listenHttp, http.HandlerFunc(handle))) + go panic(http.ListenAndServe(*listenHttp, methodHandler(http.HandlerFunc(handle)))) } if *listenHttps != "" { exit = false fmt.Printf("listening on https://%s/\n", *listenHttps) - go panic(http.ListenAndServeTLS(*listenHttps, *cert, *key, http.HandlerFunc(handle))) + go panic(http.ListenAndServeTLS(*listenHttps, *cert, *key, methodHandler(http.HandlerFunc(handle)))) } if !exit { |