aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLoïc Hoguin <[email protected]>2017-12-06 10:54:23 +0100
committerLoïc Hoguin <[email protected]>2017-12-06 10:54:23 +0100
commit2eb3e3f994e464ae2678f7c3d321213e5eec9ad4 (patch)
tree3b91f2e0da3d4fc17c7da0704c0f471c67e5ad6a
parentdd002b81417dabac10daf28cbab00179e7bdf95f (diff)
downloadcowboy-2eb3e3f994e464ae2678f7c3d321213e5eec9ad4.tar.gz
cowboy-2eb3e3f994e464ae2678f7c3d321213e5eec9ad4.tar.bz2
cowboy-2eb3e3f994e464ae2678f7c3d321213e5eec9ad4.zip
Also disable the TRACE method entirely
-rw-r--r--src/cowboy_http.erl3
-rw-r--r--src/cowboy_http2.erl6
-rw-r--r--test/rfc7231_SUITE.erl10
3 files changed, 15 insertions, 4 deletions
diff --git a/src/cowboy_http.erl b/src/cowboy_http.erl
index eca0099..71b7099 100644
--- a/src/cowboy_http.erl
+++ b/src/cowboy_http.erl
@@ -350,6 +350,9 @@ parse_request(Buffer, State=#state{opts=Opts, in_streamid=InStreamID}, EmptyLine
<<"CONNECT ", _/bits>> ->
error_terminate(501, State, {connection_error, no_error,
'The CONNECT method is currently not implemented. (RFC7231 4.3.6)'});
+ <<"TRACE ", _/bits>> ->
+ error_terminate(501, State, {connection_error, no_error,
+ 'The TRACE method is currently not implemented. (RFC7231 4.3.8)'});
%% Accept direct HTTP/2 only at the beginning of the connection.
<< "PRI * HTTP/2.0\r\n", _/bits >> when InStreamID =:= 1 ->
%% @todo Might be worth throwing to get a clean stacktrace.
diff --git a/src/cowboy_http2.erl b/src/cowboy_http2.erl
index 9c2d74e..28ab37d 100644
--- a/src/cowboy_http2.erl
+++ b/src/cowboy_http2.erl
@@ -842,10 +842,12 @@ stream_decode_init(State=#state{decode_state=DecodeState0}, StreamID, IsFin, Hea
stream_pseudo_headers_init(State, StreamID, IsFin, Headers0) ->
case pseudo_headers(Headers0, #{}) of
%% @todo Add clause for CONNECT requests (no scheme/path).
- {ok, PseudoHeaders=#{method := Method}, _}
- when Method =:= <<"CONNECT">> ->
+ {ok, PseudoHeaders=#{method := <<"CONNECT">>}, _} ->
stream_early_error(State, StreamID, 501, PseudoHeaders,
'The CONNECT method is currently not implemented. (RFC7231 4.3.6)');
+ {ok, PseudoHeaders=#{method := <<"TRACE">>}, _} ->
+ stream_early_error(State, StreamID, 501, PseudoHeaders,
+ 'The TRACE method is currently not implemented. (RFC7231 4.3.8)');
{ok, PseudoHeaders=#{method := _, scheme := _, authority := _, path := _}, Headers} ->
stream_regular_headers_init(State, StreamID, IsFin, Headers, PseudoHeaders);
{ok, _, _} ->
diff --git a/test/rfc7231_SUITE.erl b/test/rfc7231_SUITE.erl
index bbd7ec5..feb53b9 100644
--- a/test/rfc7231_SUITE.erl
+++ b/test/rfc7231_SUITE.erl
@@ -151,8 +151,14 @@ method_options(Config) ->
%method_options_asterisk(Config) ->
%method_options_content_length_0(Config) ->
-%% @todo Should probably disable TRACE entirely until they're implemented.
-%method_trace(Config) ->
+method_trace(Config) ->
+ doc("The TRACE method is currently not implemented. (RFC7231 4.3.8)"),
+ ConnPid = gun_open(Config),
+ Ref = gun:request(ConnPid, <<"TRACE">>, "/", [
+ {<<"accept-encoding">>, <<"gzip">>}
+ ]),
+ {response, fin, 501, _} = gun:await(ConnPid, Ref),
+ ok.
%% Request headers.