diff options
| author | Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.com> | 2024-01-17 20:17:07 +0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-01-17 07:17:07 -0800 |
| commit | f9cf13fada9ca6f99a87dc474959748c41f67ac7 (patch) | |
| tree | a51636169d29ebc08b1cf4d0c5956f3709e30a6c /weed/server/filer_server_handlers.go | |
| parent | 2eb82778bc85474ef71e5c923780dd141c12856f (diff) | |
| download | seaweedfs-f9cf13fada9ca6f99a87dc474959748c41f67ac7.tar.xz seaweedfs-f9cf13fada9ca6f99a87dc474959748c41f67ac7.zip | |
[filer] avoid return http ok for not allowed methods (#5209)
Diffstat (limited to 'weed/server/filer_server_handlers.go')
| -rw-r--r-- | weed/server/filer_server_handlers.go | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/weed/server/filer_server_handlers.go b/weed/server/filer_server_handlers.go index ac66514f2..c1b883f38 100644 --- a/weed/server/filer_server_handlers.go +++ b/weed/server/filer_server_handlers.go @@ -44,7 +44,7 @@ func (fs *FilerServer) filerHandler(w http.ResponseWriter, r *http.Request) { w.Header().Set("Access-Control-Allow-Methods", "PUT, POST, GET, DELETE, OPTIONS") } - if r.Method == "OPTIONS" { + if r.Method == http.MethodOptions { OptionsHandler(w, r, false) return } @@ -66,7 +66,7 @@ func (fs *FilerServer) filerHandler(w http.ResponseWriter, r *http.Request) { stats.FilerRequestHistogram.WithLabelValues(r.Method).Observe(time.Since(start).Seconds()) }() - isReadHttpCall := r.Method == "GET" || r.Method == "HEAD" + isReadHttpCall := r.Method == http.MethodGet || r.Method == http.MethodHead if !fs.maybeCheckJwtAuthorization(r, !isReadHttpCall) { writeJsonError(w, r, http.StatusUnauthorized, errors.New("wrong jwt")) return @@ -75,17 +75,15 @@ func (fs *FilerServer) filerHandler(w http.ResponseWriter, r *http.Request) { w.Header().Set("Server", "SeaweedFS Filer "+util.VERSION) switch r.Method { - case "GET": + case http.MethodGet, http.MethodHead: fs.GetOrHeadHandler(w, r) - case "HEAD": - fs.GetOrHeadHandler(w, r) - case "DELETE": + case http.MethodDelete: if _, ok := r.URL.Query()["tagging"]; ok { fs.DeleteTaggingHandler(w, r) } else { fs.DeleteHandler(w, r) } - case "POST", "PUT": + case http.MethodPost, http.MethodPut: // wait until in flight data is less than the limit contentLength := getContentLength(r) fs.inFlightDataLimitCond.L.Lock() @@ -102,7 +100,7 @@ func (fs *FilerServer) filerHandler(w http.ResponseWriter, r *http.Request) { fs.inFlightDataLimitCond.Signal() }() - if r.Method == "PUT" { + if r.Method == http.MethodPut { if _, ok := r.URL.Query()["tagging"]; ok { fs.PutTaggingHandler(w, r) } else { @@ -111,6 +109,8 @@ func (fs *FilerServer) filerHandler(w http.ResponseWriter, r *http.Request) { } else { // method == "POST" fs.PostHandler(w, r, contentLength) } + default: + w.WriteHeader(http.StatusMethodNotAllowed) } } @@ -149,7 +149,7 @@ func (fs *FilerServer) readonlyFilerHandler(w http.ResponseWriter, r *http.Reque stats.FilerRequestHistogram.WithLabelValues(r.Method).Observe(time.Since(start).Seconds()) }() // We handle OPTIONS first because it never should be authenticated - if r.Method == "OPTIONS" { + if r.Method == http.MethodOptions { OptionsHandler(w, r, true) return } @@ -162,10 +162,10 @@ func (fs *FilerServer) readonlyFilerHandler(w http.ResponseWriter, r *http.Reque w.Header().Set("Server", "SeaweedFS Filer "+util.VERSION) switch r.Method { - case "GET": - fs.GetOrHeadHandler(w, r) - case "HEAD": + case http.MethodGet, http.MethodHead: fs.GetOrHeadHandler(w, r) + default: + w.WriteHeader(http.StatusMethodNotAllowed) } } |