From 0340d11a5dbb1d3e45865d1b810d556e98c8e914 Mon Sep 17 00:00:00 2001
From: Fijxu <fijxu@nadeko.net>
Date: Tue, 12 Nov 2024 09:23:30 -0300
Subject: [PATCH] security: restrict the setting of CORS headers to
 inv.nadeko.net related domains

---
 main.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/main.go b/main.go
index 8fd0aaf..b8a1417 100644
--- a/main.go
+++ b/main.go
@@ -352,6 +352,7 @@ func beforeProxy(next http.HandlerFunc) http.HandlerFunc {
 		}
 
 		if req.Method != "GET" && req.Method != "HEAD" {
+			w.WriteHeader(405)
 			io.WriteString(w, "Only GET and HEAD requests are allowed.")
 			return
 		}