Mercurial > hg > nginx

changeset 8854:7416d3b2fac5 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
HTTP/3: added CONNECT and TRACE methods rejection. It has got lost in e1eb7f4ca9f1, let alone a subsequent update in 63c66b7cc07c.
author Sergey Kandaurov <pluknet@nginx.com>
date Thu, 16 Sep 2021 13:13:22 +0300
parents 7603284f7af5
children 9ae239d2547d
files src/http/v3/ngx_http_v3_request.c
diffstat 1 files changed, 14 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/src/http/v3/ngx_http_v3_request.c
+++ b/src/http/v3/ngx_http_v3_request.c
@@ -45,7 +45,8 @@ static const struct {
     { ngx_string("LOCK"),      NGX_HTTP_LOCK },
     { ngx_string("UNLOCK"),    NGX_HTTP_UNLOCK },
     { ngx_string("PATCH"),     NGX_HTTP_PATCH },
-    { ngx_string("TRACE"),     NGX_HTTP_TRACE }
+    { ngx_string("TRACE"),     NGX_HTTP_TRACE },
+    { ngx_string("CONNECT"),   NGX_HTTP_CONNECT }
 };
 
 
@@ -780,6 +781,18 @@ ngx_http_v3_process_request_header(ngx_h
         }
     }
 
+    if (r->method == NGX_HTTP_CONNECT) {
+        ngx_log_error(NGX_LOG_INFO, c->log, 0, "client sent CONNECT method");
+        ngx_http_finalize_request(r, NGX_HTTP_NOT_ALLOWED);
+        return NGX_ERROR;
+    }
+
+    if (r->method == NGX_HTTP_TRACE) {
+        ngx_log_error(NGX_LOG_INFO, c->log, 0, "client sent TRACE method");
+        ngx_http_finalize_request(r, NGX_HTTP_NOT_ALLOWED);
+        return NGX_ERROR;
+    }
+
     return NGX_OK;
 
 failed: