Skip to content

Commit c7edbd2

Browse files
grokspawngrokspawn
committed
allow POST method only for graphql handler
1 parent 9e65b3e commit c7edbd2

File tree

1 file changed

+4
-4
lines changed

1 file changed

+4
-4
lines changed

internal/catalogd/storage/localdir.go

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -199,9 +199,9 @@ func (s *LocalDirV1) StorageServerHandler() http.Handler {
199199
allowedMethodsHandler := func(next http.Handler, allowedMethods ...string) http.Handler {
200200
allowedMethodSet := sets.New[string](allowedMethods...)
201201
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
202-
// Allow POST requests for GraphQL endpoint
203-
if r.URL.Path != "" && r.URL.Path[len(r.URL.Path)-7:] == "graphql" && r.Method == http.MethodPost {
204-
next.ServeHTTP(w, r)
202+
// Allow POST requests only for GraphQL endpoint
203+
if r.URL.Path != "" && r.URL.Path[len(r.URL.Path)-7:] != "graphql" && r.Method == http.MethodPost {
204+
http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)
205205
return
206206
}
207207
if !allowedMethodSet.Has(r.Method) {
@@ -211,7 +211,7 @@ func (s *LocalDirV1) StorageServerHandler() http.Handler {
211211
next.ServeHTTP(w, r)
212212
})
213213
}
214-
return allowedMethodsHandler(mux, http.MethodGet, http.MethodHead)
214+
return allowedMethodsHandler(mux, http.MethodGet, http.MethodHead, http.MethodPost)
215215
}
216216

217217
func (s *LocalDirV1) handleV1All(w http.ResponseWriter, r *http.Request) {

0 commit comments

Comments
 (0)