Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
whqwjb
go-ethereum
提交
c5b85697
G
go-ethereum
项目概览
whqwjb
/
go-ethereum
与 Fork 源项目一致
从无法访问的项目Fork
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
go-ethereum
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
c5b85697
编写于
11月 17, 2017
作者:
A
Armani Ferrante
提交者:
Felix Lange
11月 17, 2017
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
rpc: disallow PUT and DELETE on HTTP (#15501)
Fixes #15493
上级
b0190189
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
68 addition
and
15 deletion
+68
-15
rpc/http.go
rpc/http.go
+28
-15
rpc/http_test.go
rpc/http_test.go
+40
-0
未找到文件。
rpc/http.go
浏览文件 @
c5b85697
...
...
@@ -33,6 +33,7 @@ import (
)
const
(
contentType
=
"application/json"
maxHTTPRequestContentLength
=
1024
*
128
)
...
...
@@ -69,8 +70,8 @@ func DialHTTP(endpoint string) (*Client, error) {
if
err
!=
nil
{
return
nil
,
err
}
req
.
Header
.
Set
(
"Content-Type"
,
"application/json"
)
req
.
Header
.
Set
(
"Accept"
,
"application/json"
)
req
.
Header
.
Set
(
"Content-Type"
,
contentType
)
req
.
Header
.
Set
(
"Accept"
,
contentType
)
initctx
:=
context
.
Background
()
return
newClient
(
initctx
,
func
(
context
.
Context
)
(
net
.
Conn
,
error
)
{
...
...
@@ -150,21 +151,11 @@ func (srv *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
if
r
.
Method
==
"GET"
&&
r
.
ContentLength
==
0
&&
r
.
URL
.
RawQuery
==
""
{
return
}
// For meaningful requests, validate it's size and content type
if
r
.
ContentLength
>
maxHTTPRequestContentLength
{
http
.
Error
(
w
,
fmt
.
Sprintf
(
"content length too large (%d>%d)"
,
r
.
ContentLength
,
maxHTTPRequestContentLength
),
http
.
StatusRequestEntityTooLarge
)
return
}
ct
:=
r
.
Header
.
Get
(
"content-type"
)
mt
,
_
,
err
:=
mime
.
ParseMediaType
(
ct
)
if
err
!=
nil
||
mt
!=
"application/json"
{
http
.
Error
(
w
,
"invalid content type, only application/json is supported"
,
http
.
StatusUnsupportedMediaType
)
if
responseCode
,
errorMessage
:=
httpErrorResponse
(
r
);
responseCode
!=
0
{
http
.
Error
(
w
,
errorMessage
,
responseCode
)
return
}
// All checks passed, create a codec that reads direct from the request body
// untilEOF and writes the response to w and order the server to process a
// single request.
...
...
@@ -175,6 +166,28 @@ func (srv *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
srv
.
ServeSingleRequest
(
codec
,
OptionMethodInvocation
)
}
// Returns a non-zero response code and error message if the request is invalid.
func
httpErrorResponse
(
r
*
http
.
Request
)
(
int
,
string
)
{
if
r
.
Method
==
"PUT"
||
r
.
Method
==
"DELETE"
{
errorMessage
:=
"method not allowed"
return
http
.
StatusMethodNotAllowed
,
errorMessage
}
if
r
.
ContentLength
>
maxHTTPRequestContentLength
{
errorMessage
:=
fmt
.
Sprintf
(
"content length too large (%d>%d)"
,
r
.
ContentLength
,
maxHTTPRequestContentLength
)
return
http
.
StatusRequestEntityTooLarge
,
errorMessage
}
ct
:=
r
.
Header
.
Get
(
"content-type"
)
mt
,
_
,
err
:=
mime
.
ParseMediaType
(
ct
)
if
err
!=
nil
||
mt
!=
contentType
{
errorMessage
:=
fmt
.
Sprintf
(
"invalid content type, only %s is supported"
,
contentType
)
return
http
.
StatusUnsupportedMediaType
,
errorMessage
}
return
0
,
""
}
func
newCorsHandler
(
srv
*
Server
,
allowedOrigins
[]
string
)
http
.
Handler
{
// disable CORS support if user has not specified a custom CORS configuration
if
len
(
allowedOrigins
)
==
0
{
...
...
rpc/http_test.go
0 → 100644
浏览文件 @
c5b85697
package
rpc
import
(
"net/http"
"net/http/httptest"
"strings"
"testing"
)
func
TestHTTPErrorResponseWithDelete
(
t
*
testing
.
T
)
{
httpErrorResponseTest
(
t
,
"DELETE"
,
contentType
,
""
,
http
.
StatusMethodNotAllowed
)
}
func
TestHTTPErrorResponseWithPut
(
t
*
testing
.
T
)
{
httpErrorResponseTest
(
t
,
"PUT"
,
contentType
,
""
,
http
.
StatusMethodNotAllowed
)
}
func
TestHTTPErrorResponseWithMaxContentLength
(
t
*
testing
.
T
)
{
body
:=
make
([]
rune
,
maxHTTPRequestContentLength
+
1
,
maxHTTPRequestContentLength
+
1
)
httpErrorResponseTest
(
t
,
"POST"
,
contentType
,
string
(
body
),
http
.
StatusRequestEntityTooLarge
)
}
func
TestHTTPErrorResponseWithEmptyContentType
(
t
*
testing
.
T
)
{
httpErrorResponseTest
(
t
,
"POST"
,
""
,
""
,
http
.
StatusUnsupportedMediaType
)
}
func
TestHTTPErrorResponseWithValidRequest
(
t
*
testing
.
T
)
{
httpErrorResponseTest
(
t
,
"POST"
,
contentType
,
""
,
0
)
}
func
httpErrorResponseTest
(
t
*
testing
.
T
,
method
,
contentType
,
body
string
,
expectedResponse
int
)
{
request
:=
httptest
.
NewRequest
(
method
,
"http://url.com"
,
strings
.
NewReader
(
body
))
request
.
Header
.
Set
(
"content-type"
,
contentType
)
if
response
,
_
:=
httpErrorResponse
(
request
);
response
!=
expectedResponse
{
t
.
Fatalf
(
"response code should be %d not %d"
,
expectedResponse
,
response
)
}
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录