aboutsummaryrefslogtreecommitdiffstats
path: root/src/cowboy_http.erl
diff options
context:
space:
mode:
authorLoïc Hoguin <[email protected]>2017-12-06 00:30:59 +0100
committerLoïc Hoguin <[email protected]>2017-12-06 00:30:59 +0100
commitdd002b81417dabac10daf28cbab00179e7bdf95f (patch)
tree279a0ad211e7bceac571ec1b03e35d9f12271d05 /src/cowboy_http.erl
parent10dc2c2ef0ea4f89f7c9cbe7b886ce6327196115 (diff)
downloadcowboy-dd002b81417dabac10daf28cbab00179e7bdf95f.tar.gz
cowboy-dd002b81417dabac10daf28cbab00179e7bdf95f.tar.bz2
cowboy-dd002b81417dabac10daf28cbab00179e7bdf95f.zip
Disable the CONNECT method completely
It's safer than allow it with the wrong behavior.
Diffstat (limited to 'src/cowboy_http.erl')
-rw-r--r--src/cowboy_http.erl5
1 files changed, 3 insertions, 2 deletions
diff --git a/src/cowboy_http.erl b/src/cowboy_http.erl
index e9acceb..eca0099 100644
--- a/src/cowboy_http.erl
+++ b/src/cowboy_http.erl
@@ -347,8 +347,9 @@ parse_request(Buffer, State=#state{opts=Opts, in_streamid=InStreamID}, EmptyLine
%% @todo * is only for server-wide OPTIONS request (RFC7230 5.3.4); tests
<< "OPTIONS * ", Rest/bits >> ->
parse_version(Rest, State, <<"OPTIONS">>, <<"*">>, <<>>);
-% << "CONNECT ", Rest/bits >> ->
-% parse_authority( %% @todo
+ <<"CONNECT ", _/bits>> ->
+ error_terminate(501, State, {connection_error, no_error,
+ 'The CONNECT method is currently not implemented. (RFC7231 4.3.6)'});
%% Accept direct HTTP/2 only at the beginning of the connection.
<< "PRI * HTTP/2.0\r\n", _/bits >> when InStreamID =:= 1 ->
%% @todo Might be worth throwing to get a clean stacktrace.