Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

added Rack::Response::Helpers#method_not_allowed?

Rack::File now returns 404 during illegal directory traversal, for backward compat
Rack::File now returns 405 for illegal methods
Rack::Cascade now defaults to catch 405 aswell as 404, for backward compat with 1.3.x in most common use cases
  • Loading branch information...
commit a9b7b0522e3fcb2fe4440317801e31e367ed09a3 1 parent a2cfdbd
@raggi raggi authored
View
2  lib/rack/cascade.rb
@@ -8,7 +8,7 @@ class Cascade
attr_reader :apps
- def initialize(apps, catch=404)
+ def initialize(apps, catch=[404, 405])
@apps = []; @has_app = {}
apps.each { |app| add app }
View
4 lib/rack/file.rb
@@ -34,7 +34,7 @@ def call(env)
def _call(env)
unless ALLOWED_VERBS.include? env["REQUEST_METHOD"]
- return fail(403, "Forbidden")
+ return fail(405, "Method Not Allowed")
end
@path_info = Utils.unescape(env["PATH_INFO"])
@@ -45,7 +45,7 @@ def _call(env)
when '', '.'
depth
when '..'
- return fail(403, "Forbidden") if depth - 1 < 0
+ return fail(404, "Not Found") if depth - 1 < 0
depth - 1
else
depth + 1
View
31 lib/rack/response.rb
@@ -112,21 +112,22 @@ def empty?
alias headers header
module Helpers
- def invalid?; status < 100 || status >= 600; end
-
- def informational?; status >= 100 && status < 200; end
- def successful?; status >= 200 && status < 300; end
- def redirection?; status >= 300 && status < 400; end
- def client_error?; status >= 400 && status < 500; end
- def server_error?; status >= 500 && status < 600; end
-
- def ok?; status == 200; end
- def bad_request?; status == 400; end
- def forbidden?; status == 403; end
- def not_found?; status == 404; end
- def unprocessable?; status == 422; end
-
- def redirect?; [301, 302, 303, 307].include? status; end
+ def invalid?; status < 100 || status >= 600; end
+
+ def informational?; status >= 100 && status < 200; end
+ def successful?; status >= 200 && status < 300; end
+ def redirection?; status >= 300 && status < 400; end
+ def client_error?; status >= 400 && status < 500; end
+ def server_error?; status >= 500 && status < 600; end
+
+ def ok?; status == 200; end
+ def bad_request?; status == 400; end
+ def forbidden?; status == 403; end
+ def not_found?; status == 404; end
+ def method_not_allowed?; status == 405; end
+ def unprocessable?; status == 422; end
+
+ def redirect?; [301, 302, 303, 307].include? status; end
# Headers
attr_reader :headers, :original_headers
View
9 test/spec_cascade.rb
@@ -17,12 +17,15 @@ def cascade(*args)
app3 = Rack::URLMap.new("/foo" => lambda { |env|
[200, { "Content-Type" => "text/plain"}, [""]]})
- should "dispatch onward on 404 by default" do
+ should "dispatch onward on 404 and 405 by default" do
cascade = cascade([app1, app2, app3])
Rack::MockRequest.new(cascade).get("/cgi/test").should.be.ok
Rack::MockRequest.new(cascade).get("/foo").should.be.ok
Rack::MockRequest.new(cascade).get("/toobad").should.be.not_found
- Rack::MockRequest.new(cascade).get("/cgi/../..").should.be.forbidden
+ Rack::MockRequest.new(cascade).get("/cgi/../..").should.be.client_error
+
+ # Put is not allowed by Rack::File so it'll 405.
+ Rack::MockRequest.new(cascade).put("/foo").should.be.ok
end
should "dispatch onward on whatever is passed" do
@@ -42,7 +45,7 @@ def cascade(*args)
Rack::MockRequest.new(cascade).get('/cgi/../bla').should.be.not_found
cascade << app1
Rack::MockRequest.new(cascade).get('/cgi/test').should.be.ok
- Rack::MockRequest.new(cascade).get('/cgi/../..').should.be.forbidden
+ Rack::MockRequest.new(cascade).get('/cgi/../..').should.be.client_error
Rack::MockRequest.new(cascade).get('/foo').should.be.not_found
cascade << app3
Rack::MockRequest.new(cascade).get('/foo').should.be.ok
View
14 test/spec_file.rb
@@ -64,13 +64,15 @@
req = Rack::MockRequest.new(Rack::Lint.new(Rack::File.new(DOCROOT)))
res = req.get("/../README")
- res.should.be.forbidden
+ res.should.be.client_error
res = req.get("../test")
- res.should.be.forbidden
+ res.should.be.client_error
res = req.get("..")
- res.should.be.forbidden
+ res.should.be.client_error
+
+ res.should.be.not_found
end
should "allow files with .. in their name" do
@@ -89,7 +91,8 @@
res = Rack::MockRequest.new(Rack::Lint.new(Rack::File.new(DOCROOT))).
get("/%2E%2E/README")
- res.should.be.forbidden
+ res.should.be.client_error?
+ res.should.be.not_found
end
should "allow safe directory traversal with encoded periods" do
@@ -159,7 +162,8 @@
forbidden.each do |method|
res = req.send(method, "/cgi/test")
- res.should.be.forbidden
+ res.should.be.client_error
+ res.should.be.method_not_allowed
end
allowed = %w[get head]
View
5 test/spec_response.rb
@@ -221,6 +221,11 @@ def object_with_each.each
res.should.be.client_error
res.should.be.not_found
+ res.status = 405
+ res.should.not.be.successful
+ res.should.be.client_error
+ res.should.be.method_not_allowed
+
res.status = 422
res.should.not.be.successful
res.should.be.client_error
Please sign in to comment.
Something went wrong with that request. Please try again.