www: stricter regexp for 405 errors

We want to match "GET" and "HEAD" exactly, not requests which
start with "GET" or end with "HEAD".  This doesn't seem like
a real problem for public-inboxes which are actually public
data anyways.

diff --git a/lib/PublicInbox/WWW.pm b/lib/PublicInbox/WWW.pm
index efe7c8ca0064427e3425bb99190e41c373837a94..3ce7cc2a7b6ddb2ef74616898e60accd3f92b0ae 100644 (file)
--- a/lib/PublicInbox/WWW.pm
+++ b/lib/PublicInbox/WWW.pm
@@ -70,7 +70,7 @@ sub call {
                        return invalid_inbox($ctx, $1) || mbox_results($ctx);
                }
        }
                        return invalid_inbox($ctx, $1) || mbox_results($ctx);
                }
        }

-       elsif ($method !~ /\AGET|HEAD\z/) {
+       elsif ($method !~ /\A(?:GET|HEAD)\z/) {

                return r(405);
        }
 
                return r(405);
        }
 

diff --git a/t/httpd.t b/t/httpd.t
index 2972afb26a33cba68569a37fbd8415703c49b36c..c9756a705c67cd1c5161c69f242d410ea0c39437 100644 (file)
--- a/t/httpd.t
+++ b/t/httpd.t
@@ -49,6 +49,11 @@ EOF
        $td = start_script($cmd, undef, { 3 => $sock });
        my $host = $sock->sockhost;
        my $port = $sock->sockport;
        $td = start_script($cmd, undef, { 3 => $sock });
        my $host = $sock->sockhost;
        my $port = $sock->sockport;

+       {
+               my $bad = tcp_connect($sock);
+               print $bad "GETT / HTTP/1.0\r\n\r\n" or die;
+               like(<$bad>, qr!\AHTTP/1\.[01] 405\b!, 'got 405 on bad req');
+       }

        my $conn = tcp_connect($sock);
        ok($conn, 'connected');
        ok($conn->write("GET / HTTP/1.0\r\n\r\n"), 'wrote data to socket');
        my $conn = tcp_connect($sock);
        ok($conn, 'connected');
        ok($conn->write("GET / HTTP/1.0\r\n\r\n"), 'wrote data to socket');