wohali commented on a change in pull request #1199: Prevent access to Fauxton
on node-local port (5986)
URL: https://github.com/apache/couchdb/pull/1199#discussion_r171994570
##########
File path: src/couch/src/couch_httpd_misc_handlers.erl
##########
@@ -61,22 +61,8 @@ handle_file_req(#httpd{method='GET'}=Req, Document) ->
handle_file_req(Req, _) ->
send_method_not_allowed(Req, "GET,HEAD").
-handle_utils_dir_req(#httpd{method='GET'}=Req, DocumentRoot) ->
- "/" ++ UrlPath = couch_httpd:path(Req),
- case couch_httpd:partition(UrlPath) of
- {_ActionKey, "/", RelativePath} ->
- % GET /_utils/path or GET /_utils/
- CachingHeaders = [{"Cache-Control", "private, must-revalidate"}],
- EnableCsp = config:get("csp", "enable", "false"),
- Headers = maybe_add_csp_headers(CachingHeaders, EnableCsp),
- couch_httpd:serve_file(Req, RelativePath, DocumentRoot, Headers);
- {_ActionKey, "", _RelativePath} ->
- % GET /_utils
- RedirectPath = couch_httpd:path(Req) ++ "/",
- couch_httpd:send_redirect(Req, RedirectPath)
- end;
handle_utils_dir_req(Req, _) ->
- send_method_not_allowed(Req, "GET,HEAD").
+ throw({forbidden, <<"The Fauxton interface is no longer available on the
node-local port.">>}).
Review comment:
If people don't like returning a `403` here, we could consider returning
`410` (Gone) instead.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
