[GitHub] wohali commented on a change in pull request #1199: Prevent access to Fauxton on node-local port (5986)
wohali commented on a change in pull request #1199: Prevent access to Fauxton on node-local port (5986) URL: https://github.com/apache/couchdb/pull/1199#discussion_r171994570 ## File path: src/couch/src/couch_httpd_misc_handlers.erl ## @@ -61,22 +61,8 @@ handle_file_req(#httpd{method='GET'}=Req, Document) -> handle_file_req(Req, _) -> send_method_not_allowed(Req, "GET,HEAD"). -handle_utils_dir_req(#httpd{method='GET'}=Req, DocumentRoot) -> -"/" ++ UrlPath = couch_httpd:path(Req), -case couch_httpd:partition(UrlPath) of -{_ActionKey, "/", RelativePath} -> -% GET /_utils/path or GET /_utils/ -CachingHeaders = [{"Cache-Control", "private, must-revalidate"}], -EnableCsp = config:get("csp", "enable", "false"), -Headers = maybe_add_csp_headers(CachingHeaders, EnableCsp), -couch_httpd:serve_file(Req, RelativePath, DocumentRoot, Headers); -{_ActionKey, "", _RelativePath} -> -% GET /_utils -RedirectPath = couch_httpd:path(Req) ++ "/", -couch_httpd:send_redirect(Req, RedirectPath) -end; handle_utils_dir_req(Req, _) -> -send_method_not_allowed(Req, "GET,HEAD"). + throw({forbidden, <<"The Fauxton interface is no longer available on the node-local port.">>}). Review comment: If people don't like returning a `403` here, we could consider returning `410` (Gone) instead. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] wohali commented on a change in pull request #1199: Prevent access to Fauxton on node-local port (5986)
wohali commented on a change in pull request #1199: Prevent access to Fauxton on node-local port (5986) URL: https://github.com/apache/couchdb/pull/1199#discussion_r171994570 ## File path: src/couch/src/couch_httpd_misc_handlers.erl ## @@ -61,22 +61,8 @@ handle_file_req(#httpd{method='GET'}=Req, Document) -> handle_file_req(Req, _) -> send_method_not_allowed(Req, "GET,HEAD"). -handle_utils_dir_req(#httpd{method='GET'}=Req, DocumentRoot) -> -"/" ++ UrlPath = couch_httpd:path(Req), -case couch_httpd:partition(UrlPath) of -{_ActionKey, "/", RelativePath} -> -% GET /_utils/path or GET /_utils/ -CachingHeaders = [{"Cache-Control", "private, must-revalidate"}], -EnableCsp = config:get("csp", "enable", "false"), -Headers = maybe_add_csp_headers(CachingHeaders, EnableCsp), -couch_httpd:serve_file(Req, RelativePath, DocumentRoot, Headers); -{_ActionKey, "", _RelativePath} -> -% GET /_utils -RedirectPath = couch_httpd:path(Req) ++ "/", -couch_httpd:send_redirect(Req, RedirectPath) -end; handle_utils_dir_req(Req, _) -> -send_method_not_allowed(Req, "GET,HEAD"). + throw({forbidden, <<"The Fauxton interface is no longer available on the node-local port.">>}). Review comment: If people don't like returning a `403` here, we could consider returning `410` (Gone) instead. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services