Summary: | allowmethods should be able to disable individual methods | ||
---|---|---|---|
Product: | Apache httpd-2 | Reporter: | Eric Covener <covener> |
Component: | mod_allowmethods | Assignee: | Apache HTTPD Bugs Mailing List <bugs> |
Status: | NEW --- | ||
Severity: | enhancement | CC: | spiceman |
Priority: | P2 | Keywords: | FixedInTrunk, PatchAvailable |
Version: | 2.5-HEAD | ||
Target Milestone: | --- | ||
Hardware: | All | ||
OS: | All | ||
Attachments: |
mod_allowmethods implementation of +-METHOD options
mod_allowmethods implementation of +-METHOD options mod_allowmethods tests documentation of AllowMethods +|-Method mod_allowmethods implementation of +-METHOD options mod_allowmethods tests mod_allowmethods implementation of +-METHOD options mod_allowmethods tests |
Description
Eric Covener
2020-10-05 11:51:31 UTC
I've been talking to Eric Covener that I'm willing to give this a try. I have no background on httpd hacking so wish me luck. For now I'm checking the source code of allowmethods and server/core.c to see how doing the same with Options was handled. Any pointers are welcome. Created attachment 37484 [details]
mod_allowmethods implementation of +-METHOD options
Well, I'm attaching my jab at implementing this.
There's probably some not so stellar code.
In particular I'm interested in knowing if there's a better way to get a hold
of list of available/recognized methods.
Another aspect I'm not sure about is if a specific aspect of the implementation makes sense. Previously, when conf->allowed == 0, it meant no method was flagged as allowed, so all where (it was effectively a reset/no conf) But now, in the following case, no method would be flagged as allowed, but I'd still expect it to be enforced for /foo/bar: <Directory /foo> AllowMethods GET </Directory> <Directory /foo/bar> AllowMethods -GET </Directory> I think that makes sense, but I'd like know other people's view on this. Created attachment 37490 [details]
mod_allowmethods implementation of +-METHOD options
Created attachment 37491 [details]
mod_allowmethods tests
Patch for two simple test cases.
Created attachment 37495 [details]
documentation of AllowMethods +|-Method
Created attachment 37497 [details]
mod_allowmethods implementation of +-METHOD options
Created attachment 37500 [details]
mod_allowmethods tests
Created attachment 37501 [details]
mod_allowmethods implementation of +-METHOD options
Well, got it working. I've added some tests and everything seems to be in working order, finally. This needs some reviewing :) I think you may have forgotten to "svn add" some of the static files in t/htdocs. Check svn status /t/htdocs/modules/allowmethods|egrep ^? Created attachment 37523 [details]
mod_allowmethods tests
Yes, forgot to add t/htdocs/modules/allowmethods/NoPost for the -POST test, sorry. New patch attached. (In reply to Eric Covener from comment #11) > I think you may have forgotten to "svn add" some of the static files in > t/htdocs. Check svn status /t/htdocs/modules/allowmethods|egrep ^? Thank you Marcel! Committed in http://svn.apache.org/viewvc?rev=1883203&view=rev and will propose for 2.4.x soon. |