security: restrict the setting of CORS headers to inv.nadeko.net related domains
Some checks failed
CI / build (push) Has been cancelled
Some checks failed
CI / build (push) Has been cancelled
This commit is contained in:
parent
24fd3fc26a
commit
0340d11a5d
GPG key ID:
32C1DDF333EDA6A4
1 changed files with 1 additions and 0 deletions
1
main.go
1
main.go
|
|
@ -352,6 +352,7 @@ func beforeProxy(next http.HandlerFunc) http.HandlerFunc {
|
||||||
}
|
}
|
||||||
|
|
||||||
if req.Method != "GET" && req.Method != "HEAD" {
|
if req.Method != "GET" && req.Method != "HEAD" {
|
||||||
|
w.WriteHeader(405)
|
||||||
io.WriteString(w, "Only GET and HEAD requests are allowed.")
|
io.WriteString(w, "Only GET and HEAD requests are allowed.")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue