Skip to content

Commit f26b98e

Browse files
grokspawngrokspawn
committed
allow POST method only for graphql handler
1 parent 2b2ddca commit f26b98e

File tree

1 file changed

+4
-4
lines changed

1 file changed

+4
-4
lines changed

internal/catalogd/storage/localdir.go

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -200,9 +200,9 @@ func (s *LocalDirV1) StorageServerHandler() http.Handler {
200200
allowedMethodsHandler := func(next http.Handler, allowedMethods ...string) http.Handler {
201201
allowedMethodSet := sets.New[string](allowedMethods...)
202202
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
203-
// Allow POST requests for GraphQL endpoint
204-
if r.URL.Path != "" && r.URL.Path[len(r.URL.Path)-7:] == "graphql" && r.Method == http.MethodPost {
205-
next.ServeHTTP(w, r)
203+
// Allow POST requests only for GraphQL endpoint
204+
if r.URL.Path != "" && r.URL.Path[len(r.URL.Path)-7:] != "graphql" && r.Method == http.MethodPost {
205+
http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)
206206
return
207207
}
208208
if !allowedMethodSet.Has(r.Method) {
@@ -212,7 +212,7 @@ func (s *LocalDirV1) StorageServerHandler() http.Handler {
212212
next.ServeHTTP(w, r)
213213
})
214214
}
215-
return allowedMethodsHandler(mux, http.MethodGet, http.MethodHead)
215+
return allowedMethodsHandler(mux, http.MethodGet, http.MethodHead, http.MethodPost)
216216
}
217217

218218
func (s *LocalDirV1) handleV1All(w http.ResponseWriter, r *http.Request) {

0 commit comments

Comments
 (0)