diff options
author | Loïc Hoguin <[email protected]> | 2017-12-06 00:30:59 +0100 |
---|---|---|
committer | Loïc Hoguin <[email protected]> | 2017-12-06 00:30:59 +0100 |
commit | dd002b81417dabac10daf28cbab00179e7bdf95f (patch) | |
tree | 279a0ad211e7bceac571ec1b03e35d9f12271d05 /src/cowboy_http.erl | |
parent | 10dc2c2ef0ea4f89f7c9cbe7b886ce6327196115 (diff) | |
download | cowboy-dd002b81417dabac10daf28cbab00179e7bdf95f.tar.gz cowboy-dd002b81417dabac10daf28cbab00179e7bdf95f.tar.bz2 cowboy-dd002b81417dabac10daf28cbab00179e7bdf95f.zip |
Disable the CONNECT method completely
It's safer than allow it with the wrong behavior.
Diffstat (limited to 'src/cowboy_http.erl')
-rw-r--r-- | src/cowboy_http.erl | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/cowboy_http.erl b/src/cowboy_http.erl index e9acceb..eca0099 100644 --- a/src/cowboy_http.erl +++ b/src/cowboy_http.erl @@ -347,8 +347,9 @@ parse_request(Buffer, State=#state{opts=Opts, in_streamid=InStreamID}, EmptyLine %% @todo * is only for server-wide OPTIONS request (RFC7230 5.3.4); tests << "OPTIONS * ", Rest/bits >> -> parse_version(Rest, State, <<"OPTIONS">>, <<"*">>, <<>>); -% << "CONNECT ", Rest/bits >> -> -% parse_authority( %% @todo + <<"CONNECT ", _/bits>> -> + error_terminate(501, State, {connection_error, no_error, + 'The CONNECT method is currently not implemented. (RFC7231 4.3.6)'}); %% Accept direct HTTP/2 only at the beginning of the connection. << "PRI * HTTP/2.0\r\n", _/bits >> when InStreamID =:= 1 -> %% @todo Might be worth throwing to get a clean stacktrace. |