Skip to content

support less-commonly-used HTTP verbs: PUT, PATCH, DELETE #79

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

support less-commonly-used HTTP verbs: PUT, PATCH, DELETE #79

wants to merge 1 commit into from

Conversation

@cuchaz
Copy link
Contributor

@cuchaz cuchaz commented May 26, 2025

Looks like Ruby-on-Rails apps heavily use less-commonly-used HTTP verbs, so this patch adds support for them.

I'm not entirely sure if this is the right way to patch in support for new HTTP verbs in general, but it did work on my server. Let me know what you think. In my case, I only need the extra verbs for a reverse proxied host, and I think this patch is more general than that?

@cuchaz
support less-commonly-used HTTP verbs: PUT, PATCH, DELETE
8ca23ce 
since it seems they're used by Ruby-on-Rails apps
hikaflow[bot]
hikaflow bot reviewed May 26, 2025
View reviewed changes
ferron/src/modules/default_handler_checks.rs
Response::builder()
.status(StatusCode::NO_CONTENT)
.header(header::ALLOW, "GET, POST, HEAD, OPTIONS")
.header(
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Duplicate Code - Priority: High
This block of code is duplicated in ferron/src/request_handler.rs starting at line 805.

hikaflow[bot]
hikaflow bot reviewed May 26, 2025
View reviewed changes
ferron/src/modules/default_handler_checks.rs
_ => {
let mut header_map = HeaderMap::new();
if let Ok(header_value) = HeaderValue::from_str("GET, POST, HEAD, OPTIONS") {
if let Ok(header_value) =
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Duplicate Code - Priority: High
This block of code is duplicated in ferron/src/request_handler.rs starting at line 813.

@hikaflow
Copy link

hikaflow bot commented May 26, 2025

PR Summary

Changes Overview

  • No changes were identified in the provided file summaries.

Identified Issues

  • No issues found.

Recommendations

  • None at this time.

@DorianNiemiecSVRJS DorianNiemiecSVRJS added the rust Pull requests that update rust code label May 26, 2025
@DorianNiemiecSVRJS
Copy link
Member

I was thinking about security scanners...
When I compiled your patched version, and run a nikto scan against it, this appeared:

+ Allowed HTTP Methods: GET, POST, HEAD, OPTIONS, PUT, PATCH, DELETE 
+ OSVDB-397: HTTP method ('Allow' Header): 'PUT' method could allow clients to save files on the web server.
+ OSVDB-5646: HTTP method ('Allow' Header): 'DELETE' may allow clients to remove files on the web server.

@cuchaz
Copy link
Contributor Author

cuchaz commented May 26, 2025

Yeah, depending on what host is receiving the verbs, that could indeeed be a security concern. So maybe less-common verb support needs to be configured per-host?

@DorianNiemiecSVRJS
Copy link
Member

Yes, I think that's a good idea to introduce a configuration option for allowing "PUT", "PATCH", and "DELETE" HTTP methods.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@hikaflow hikaflow[bot] hikaflow[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

rust Pull requests that update rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cuchaz @DorianNiemiecSVRJS