From 2eb3e3f994e464ae2678f7c3d321213e5eec9ad4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lo=C3=AFc=20Hoguin?= <essen@ninenines.eu>
Date: Wed, 6 Dec 2017 10:54:23 +0100
Subject: Also disable the TRACE method entirely

---
 src/cowboy_http2.erl | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'src/cowboy_http2.erl')

diff --git a/src/cowboy_http2.erl b/src/cowboy_http2.erl
index 9c2d74e..28ab37d 100644
--- a/src/cowboy_http2.erl
+++ b/src/cowboy_http2.erl
@@ -842,10 +842,12 @@ stream_decode_init(State=#state{decode_state=DecodeState0}, StreamID, IsFin, Hea
 stream_pseudo_headers_init(State, StreamID, IsFin, Headers0) ->
 	case pseudo_headers(Headers0, #{}) of
 		%% @todo Add clause for CONNECT requests (no scheme/path).
-		{ok, PseudoHeaders=#{method := Method}, _}
-				when Method =:= <<"CONNECT">> ->
+		{ok, PseudoHeaders=#{method := <<"CONNECT">>}, _} ->
 			stream_early_error(State, StreamID, 501, PseudoHeaders,
 				'The CONNECT method is currently not implemented. (RFC7231 4.3.6)');
+		{ok, PseudoHeaders=#{method := <<"TRACE">>}, _} ->
+			stream_early_error(State, StreamID, 501, PseudoHeaders,
+				'The TRACE method is currently not implemented. (RFC7231 4.3.8)');
 		{ok, PseudoHeaders=#{method := _, scheme := _, authority := _, path := _}, Headers} ->
 			stream_regular_headers_init(State, StreamID, IsFin, Headers, PseudoHeaders);
 		{ok, _, _} ->
-- 
cgit v1.2.3