This is an automated email from the ASF dual-hosted git repository.
eze pushed a commit to branch 8.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/8.1.x by this push:
new 35dd3efde7 Add back push_method_enabled enforcement (#9787)
35dd3efde7 is described below
commit 35dd3efde78a73aefa257e12b8fe78d6cd646ba0
Author: Brian Neradt <[email protected]>
AuthorDate: Tue Jun 6 16:51:22 2023 -0500
Add back push_method_enabled enforcement (#9787)
proxy.config.http.push_method_enabled. This adds back the enforcemenent
of this configuration so that hosts can only PUSH when
proxy.config.http.push_method_enabled is 1.
Conflicts:
proxy/http/HttpSM.cc
tests/gold_tests/bigobj/bigobj.test.py
tests/gold_tests/ip_allow/ip_allow.test.py
tests/gold_tests/proxy_protocol/proxy_serve_stale.test.py
tests/gold_tests/proxy_protocol/proxy_serve_stale_dns_fail.test.py
---
proxy/http/HttpSM.cc | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc
index e51d51710e..1080c66c3f 100644
--- a/proxy/http/HttpSM.cc
+++ b/proxy/http/HttpSM.cc
@@ -773,6 +773,13 @@ HttpSM::state_read_client_request_header(int event, void
*data)
}
}
+ if (t_state.hdr_info.client_request.method_get_wksidx() ==
HTTP_WKSIDX_PUSH &&
+ t_state.http_config_param->push_method_enabled == 0) {
+ SMDebug("http", "Rejecting PUSH request because push_method_enabled is
0.");
+ call_transact_and_set_next_state(HttpTransact::Forbidden);
+ return 0;
+ }
+
if (t_state.hdr_info.client_request.method_get_wksidx() ==
HTTP_WKSIDX_TRACE ||
(t_state.hdr_info.client_request.get_content_length() == 0 &&
t_state.client_info.transfer_encoding !=
HttpTransact::CHUNKED_ENCODING)) {
