We want to match "GET" and "HEAD" exactly, not requests which
start with "GET" or end with "HEAD". This doesn't seem like
a real problem for public-inboxes which are actually public
data anyways.
return invalid_inbox($ctx, $1) || mbox_results($ctx);
}
}
return invalid_inbox($ctx, $1) || mbox_results($ctx);
}
}
- elsif ($method !~ /\AGET|HEAD\z/) {
+ elsif ($method !~ /\A(?:GET|HEAD)\z/) {
$td = start_script($cmd, undef, { 3 => $sock });
my $host = $sock->sockhost;
my $port = $sock->sockport;
$td = start_script($cmd, undef, { 3 => $sock });
my $host = $sock->sockhost;
my $port = $sock->sockport;
+ {
+ my $bad = tcp_connect($sock);
+ print $bad "GETT / HTTP/1.0\r\n\r\n" or die;
+ like(<$bad>, qr!\AHTTP/1\.[01] 405\b!, 'got 405 on bad req');
+ }
my $conn = tcp_connect($sock);
ok($conn, 'connected');
ok($conn->write("GET / HTTP/1.0\r\n\r\n"), 'wrote data to socket');
my $conn = tcp_connect($sock);
ok($conn, 'connected');
ok($conn->write("GET / HTTP/1.0\r\n\r\n"), 'wrote data to socket');