support less-commonly-used HTTP verbs: PUT, PATCH, DELETE#79
support less-commonly-used HTTP verbs: PUT, PATCH, DELETE#79cuchaz wants to merge 1 commit intoferronweb:developfrom
Conversation
since it seems they're used by Ruby-on-Rails apps
![hikaflow[bot]](https://avatars.githubusercontent.com/in/1109659?s=60&v=4){kind=small}
| Response::builder() | ||
| .status(StatusCode::NO_CONTENT) | ||
| .header(header::ALLOW, "GET, POST, HEAD, OPTIONS") | ||
| .header( |
There was a problem hiding this comment.
Duplicate Code - Priority: High
This block of code is duplicated in ferron/src/request_handler.rs starting at line 805.
| _ => { | ||
| let mut header_map = HeaderMap::new(); | ||
| if let Ok(header_value) = HeaderValue::from_str("GET, POST, HEAD, OPTIONS") { | ||
| if let Ok(header_value) = |
There was a problem hiding this comment.
Duplicate Code - Priority: High
This block of code is duplicated in ferron/src/request_handler.rs starting at line 813.
PR SummaryChanges Overview
Identified Issues
Recommendations
|
|
I was thinking about security scanners... |
|
Yeah, depending on what host is receiving the verbs, that could indeeed be a security concern. So maybe less-common verb support needs to be configured per-host? |
|
Yes, I think that's a good idea to introduce a configuration option for allowing "PUT", "PATCH", and "DELETE" HTTP methods. |
Why have to concern about |
|
I have marked Ferron 1.x as "in maintenance mode" in the f3de200 commit, so I'm not sure if I'm going to merge your pull request, as it's against the development branch for Ferron 1.x... You can open a pull request against |
3 participants
Looks like Ruby-on-Rails apps heavily use less-commonly-used HTTP verbs, so this patch adds support for them.
I'm not entirely sure if this is the right way to patch in support for new HTTP verbs in general, but it did work on my server. Let me know what you think. In my case, I only need the extra verbs for a reverse proxied host, and I think this patch is more general than that?