]> git.kaiwu.me - nginx.git/commitdiff
HTTP/3: added CONNECT and TRACE methods rejection.
authorSergey Kandaurov <pluknet@nginx.com>
Thu, 16 Sep 2021 10:13:22 +0000 (13:13 +0300)
committerSergey Kandaurov <pluknet@nginx.com>
Thu, 16 Sep 2021 10:13:22 +0000 (13:13 +0300)
It has got lost in e1eb7f4ca9f1, let alone a subsequent update in 63c66b7cc07c.

src/http/v3/ngx_http_v3_request.c

index f11c32da9a7e1c0cb9a88af0f4eea163dbba24f7..793a34816aa5ac11253b98d1d65351f22f638a12 100644 (file)
@@ -45,7 +45,8 @@ static const struct {
     { ngx_string("LOCK"),      NGX_HTTP_LOCK },
     { ngx_string("UNLOCK"),    NGX_HTTP_UNLOCK },
     { ngx_string("PATCH"),     NGX_HTTP_PATCH },
-    { ngx_string("TRACE"),     NGX_HTTP_TRACE }
+    { ngx_string("TRACE"),     NGX_HTTP_TRACE },
+    { ngx_string("CONNECT"),   NGX_HTTP_CONNECT }
 };
 
 
@@ -780,6 +781,18 @@ ngx_http_v3_process_request_header(ngx_http_request_t *r)
         }
     }
 
+    if (r->method == NGX_HTTP_CONNECT) {
+        ngx_log_error(NGX_LOG_INFO, c->log, 0, "client sent CONNECT method");
+        ngx_http_finalize_request(r, NGX_HTTP_NOT_ALLOWED);
+        return NGX_ERROR;
+    }
+
+    if (r->method == NGX_HTTP_TRACE) {
+        ngx_log_error(NGX_LOG_INFO, c->log, 0, "client sent TRACE method");
+        ngx_http_finalize_request(r, NGX_HTTP_NOT_ALLOWED);
+        return NGX_ERROR;
+    }
+
     return NGX_OK;
 
 failed: