Commits · be8c0bd9033f245a29b53feb062e049218c8e412 · dms3 / go-dms3-cmds

06 Apr, 2020 2 commits
- http: block all ^Mozilla user agents without Origin nor Referer · b00bc407
  Hector Sanjuan authored Apr 06, 2020
  
  b00bc407
- Fix: disallow POST without Origin nor Referer from specific user agents · cd51b41f
  Hector Sanjuan authored Apr 06, 2020
```
Addresses browsers being able to POST without control due to things like
https://bugzilla.mozilla.org/show_bug.cgi?id=429594
```
  cd51b41f
04 Apr, 2020 1 commit

change HandledMethods to AllowGet and cleanup method handling · 3093cad8

Steven Allen authored Apr 04, 2020

Allowing methods isn't as simple as just allowing/disallowing them because
different methods do different things.

* HEAD: should be allowed everywhere GET is allowed.
* OPTIONS:
  * When a CORS request is made, this will be handled by the CORS library.
  * Otherewise, we need to return the allowed methods.
* POST: always allowed.
* Everything else: always denied.

Changing HandledMethods to a simple AllowGet makes it easier to "do the right
thing".

3093cad8

03 Apr, 2020 1 commit

Http API: introduced HandledMethods option. · 2fbebbec

Hector Sanjuan authored Apr 02, 2020

This Handler option is used it to allow/deny request by their method.

The API is an RPC API so it normally should only work with PUT, but we also
use a read-only, GET-based partial API that runs with the gateway.

This commit makes the actual allowed (or handled) methods configurable.

A test is added, and test facilities improved to be able to set/modify
this option.

2fbebbec

08 Jan, 2018 1 commit
- fix go vet errors · 19525e62
  Steven Allen authored Jan 08, 2018
```
fixes #42
```
  19525e62
22 Dec, 2017 1 commit
- CR whyrusleeping · 28ca9e69
  keks authored Dec 22, 2017
  
  28ca9e69
21 Dec, 2017 1 commit
- update cmdkit, make Request a struct, decouple from ipfs · 5b58914e
  keks authored Dec 21, 2017
  
  5b58914e