diff options
author | Loïc Hoguin <[email protected]> | 2017-12-06 10:54:23 +0100 |
---|---|---|
committer | Loïc Hoguin <[email protected]> | 2017-12-06 10:54:23 +0100 |
commit | 2eb3e3f994e464ae2678f7c3d321213e5eec9ad4 (patch) | |
tree | 3b91f2e0da3d4fc17c7da0704c0f471c67e5ad6a | |
parent | dd002b81417dabac10daf28cbab00179e7bdf95f (diff) | |
download | cowboy-2eb3e3f994e464ae2678f7c3d321213e5eec9ad4.tar.gz cowboy-2eb3e3f994e464ae2678f7c3d321213e5eec9ad4.tar.bz2 cowboy-2eb3e3f994e464ae2678f7c3d321213e5eec9ad4.zip |
Also disable the TRACE method entirely
-rw-r--r-- | src/cowboy_http.erl | 3 | ||||
-rw-r--r-- | src/cowboy_http2.erl | 6 | ||||
-rw-r--r-- | test/rfc7231_SUITE.erl | 10 |
3 files changed, 15 insertions, 4 deletions
diff --git a/src/cowboy_http.erl b/src/cowboy_http.erl index eca0099..71b7099 100644 --- a/src/cowboy_http.erl +++ b/src/cowboy_http.erl @@ -350,6 +350,9 @@ parse_request(Buffer, State=#state{opts=Opts, in_streamid=InStreamID}, EmptyLine <<"CONNECT ", _/bits>> -> error_terminate(501, State, {connection_error, no_error, 'The CONNECT method is currently not implemented. (RFC7231 4.3.6)'}); + <<"TRACE ", _/bits>> -> + error_terminate(501, State, {connection_error, no_error, + 'The TRACE method is currently not implemented. (RFC7231 4.3.8)'}); %% Accept direct HTTP/2 only at the beginning of the connection. << "PRI * HTTP/2.0\r\n", _/bits >> when InStreamID =:= 1 -> %% @todo Might be worth throwing to get a clean stacktrace. diff --git a/src/cowboy_http2.erl b/src/cowboy_http2.erl index 9c2d74e..28ab37d 100644 --- a/src/cowboy_http2.erl +++ b/src/cowboy_http2.erl @@ -842,10 +842,12 @@ stream_decode_init(State=#state{decode_state=DecodeState0}, StreamID, IsFin, Hea stream_pseudo_headers_init(State, StreamID, IsFin, Headers0) -> case pseudo_headers(Headers0, #{}) of %% @todo Add clause for CONNECT requests (no scheme/path). - {ok, PseudoHeaders=#{method := Method}, _} - when Method =:= <<"CONNECT">> -> + {ok, PseudoHeaders=#{method := <<"CONNECT">>}, _} -> stream_early_error(State, StreamID, 501, PseudoHeaders, 'The CONNECT method is currently not implemented. (RFC7231 4.3.6)'); + {ok, PseudoHeaders=#{method := <<"TRACE">>}, _} -> + stream_early_error(State, StreamID, 501, PseudoHeaders, + 'The TRACE method is currently not implemented. (RFC7231 4.3.8)'); {ok, PseudoHeaders=#{method := _, scheme := _, authority := _, path := _}, Headers} -> stream_regular_headers_init(State, StreamID, IsFin, Headers, PseudoHeaders); {ok, _, _} -> diff --git a/test/rfc7231_SUITE.erl b/test/rfc7231_SUITE.erl index bbd7ec5..feb53b9 100644 --- a/test/rfc7231_SUITE.erl +++ b/test/rfc7231_SUITE.erl @@ -151,8 +151,14 @@ method_options(Config) -> %method_options_asterisk(Config) -> %method_options_content_length_0(Config) -> -%% @todo Should probably disable TRACE entirely until they're implemented. -%method_trace(Config) -> +method_trace(Config) -> + doc("The TRACE method is currently not implemented. (RFC7231 4.3.8)"), + ConnPid = gun_open(Config), + Ref = gun:request(ConnPid, <<"TRACE">>, "/", [ + {<<"accept-encoding">>, <<"gzip">>} + ]), + {response, fin, 501, _} = gun:await(ConnPid, Ref), + ok. %% Request headers. |