Restrict supported HTTP methods

Signed-off-by: Graham <gpe@openrs2.org>
Graham 4 years ago
parent a8d048de00
commit a50e0ea998
  1. 6
      game/src/main/kotlin/org/openrs2/game/net/http/HttpChannelHandler.kt

@ -4,6 +4,7 @@ import io.netty.channel.ChannelHandler
import io.netty.channel.ChannelHandlerContext import io.netty.channel.ChannelHandlerContext
import io.netty.channel.SimpleChannelInboundHandler import io.netty.channel.SimpleChannelInboundHandler
import io.netty.handler.codec.http.HttpHeaderValues import io.netty.handler.codec.http.HttpHeaderValues
import io.netty.handler.codec.http.HttpMethod
import io.netty.handler.codec.http.HttpRequest import io.netty.handler.codec.http.HttpRequest
import io.netty.handler.codec.http.HttpResponseStatus import io.netty.handler.codec.http.HttpResponseStatus
import io.netty.handler.timeout.IdleStateEvent import io.netty.handler.timeout.IdleStateEvent
@ -28,6 +29,11 @@ public class HttpChannelHandler @Inject constructor(
return return
} }
if (msg.method() != HttpMethod.HEAD && msg.method() != HttpMethod.GET) {
Http.writeResponse(ctx, msg, HttpResponseStatus.METHOD_NOT_ALLOWED)
return
}
fileProvider.get(uri.substring(1)).use { file -> fileProvider.get(uri.substring(1)).use { file ->
if (file == null) { if (file == null) {
Http.writeResponse(ctx, msg, HttpResponseStatus.NOT_FOUND) Http.writeResponse(ctx, msg, HttpResponseStatus.NOT_FOUND)

Loading…
Cancel
Save