umgeher/cowboy
0
Fork 0
mirror of https://github.com/ninenines/cowboy.git synced 2025-07-14 12:20:24 +00:00
Code Issues Wiki Activity

Disable the CONNECT method completely

Browse source 
It's safer than allow it with the wrong behavior.
This commit is contained in:
Loïc Hoguin 2017-12-06 00:30:59 +01:00
parent 10dc2c2ef0
commit dd002b8141
No known key found for this signature in database
GPG key ID: 8A9DF795F6FED764
3 changed files with 77 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

11
test/rfc7231_SUITE.erl
View file

@ -129,8 +129,14 @@ method_delete(Config) ->
{ok, <<"DELETE">>} = gun:await_body(ConnPid, Ref),
ok.
%% @todo Should probably disable CONNECT and TRACE entirely until they're implemented.
%method_connect(Config) ->
method_connect(Config) ->
doc("The CONNECT method is currently not implemented. (RFC7231 4.3.6)"),
ConnPid = gun_open(Config),
Ref = gun:request(ConnPid, <<"CONNECT">>, "localhost:8080", [
{<<"accept-encoding">>, <<"gzip">>}
]),
{response, fin, 501, _} = gun:await(ConnPid, Ref),
ok.
method_options(Config) ->
doc("The OPTIONS method is accepted. (RFC7231 4.3.7)"),
@ -145,6 +151,7 @@ method_options(Config) ->
%method_options_asterisk(Config) ->
%method_options_content_length_0(Config) ->
%% @todo Should probably disable TRACE entirely until they're implemented.
%method_trace(Config) ->
%% Request headers.