From 8e6f1aab4cce360f62e46ba88636e0c1b3fcef8d Mon Sep 17 00:00:00 2001 From: clsr Date: Fri, 17 Jun 2016 14:06:43 +0200 Subject: Handle HTTP OPTIONS and reject unknown HTTP methods --- api.go | 2 +- main.go | 17 +++++++++++++++-- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/api.go b/api.go index b3b7063..2e9df52 100644 --- a/api.go +++ b/api.go @@ -63,7 +63,7 @@ func handleUpload(w http.ResponseWriter, r *http.Request) { output := r.FormValue("output") resp := response{Files: []result{}} - if r.Method == "GET" && output == "html" { + if r.Method == http.MethodGet && output == "html" { respond(w, output, resp) return } diff --git a/main.go b/main.go index 40ba912..4c19940 100644 --- a/main.go +++ b/main.go @@ -33,6 +33,19 @@ func handle(w http.ResponseWriter, r *http.Request) { } } +func methodHandler(handler http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if r.Method == http.MethodGet || r.Method == http.MethodPost || r.Method == http.MethodHead { + handler.ServeHTTP(w, r) + } else { + w.Header().Set("Allow", "POST, HEAD, OPTIONS, GET") + if r.Method != http.MethodOptions { + http.Error(w, "The method is not allowed for the requested URL.", http.StatusMethodNotAllowed) + } + } + }) +} + func main() { flag.StringVar(&uploadUrl, "upload-url", "", "URL to serve uploads from") flag.StringVar(&uploadHost, "upload-host", "", "host to serve uploads on") @@ -93,12 +106,12 @@ func main() { if *listenHttp != "" { exit = false fmt.Printf("listening on http://%s/\n", *listenHttp) - go panic(http.ListenAndServe(*listenHttp, http.HandlerFunc(handle))) + go panic(http.ListenAndServe(*listenHttp, methodHandler(http.HandlerFunc(handle)))) } if *listenHttps != "" { exit = false fmt.Printf("listening on https://%s/\n", *listenHttps) - go panic(http.ListenAndServeTLS(*listenHttps, *cert, *key, http.HandlerFunc(handle))) + go panic(http.ListenAndServeTLS(*listenHttps, *cert, *key, methodHandler(http.HandlerFunc(handle)))) } if !exit { -- cgit