diff --git a/server/context/context.go b/server/context/context.go index be01df0..14a3972 100644 --- a/server/context/context.go +++ b/server/context/context.go @@ -42,10 +42,6 @@ func (c *Context) String(raw string, status ...int) { _, _ = c.RespWriter.Write([]byte(raw)) } -func (c *Context) IsMethod(m string) bool { - return c.Req.Method == m -} - func (c *Context) Redirect(uri string, statusCode int) { http.Redirect(c.RespWriter, c.Req, uri, statusCode) } diff --git a/server/handler.go b/server/handler.go index caa483a..4006a96 100644 --- a/server/handler.go +++ b/server/handler.go @@ -49,9 +49,19 @@ func Handler(mainDomainSuffix, rawDomain string, ctx.RespWriter.Header().Set("Strict-Transport-Security", hsts) } - // Block all methods not required for static pages - if !ctx.IsMethod(http.MethodGet) && !ctx.IsMethod(http.MethodHead) && !ctx.IsMethod(http.MethodOptions) { - ctx.RespWriter.Header().Set("Allow", http.MethodGet+", "+http.MethodHead+", "+http.MethodOptions) // duplic 1 + // Handle all http methods + ctx.RespWriter.Header().Set("Allow", http.MethodGet+", "+http.MethodHead+", "+http.MethodOptions) + switch ctx.Req.Method { + case http.MethodOptions: + // return Allow header + ctx.RespWriter.WriteHeader(http.StatusNoContent) + return + case http.MethodGet, + http.MethodHead: + // end switch case and handle allowed requests + break + default: + // Block all methods not required for static pages ctx.String("Method not allowed", http.StatusMethodNotAllowed) return } @@ -77,12 +87,6 @@ func Handler(mainDomainSuffix, rawDomain string, ctx.RespWriter.Header().Set(headerAccessControlAllowMethods, http.MethodGet+", "+http.MethodHead) } - ctx.RespWriter.Header().Set("Allow", http.MethodGet+", "+http.MethodHead+", "+http.MethodOptions) // duplic 1 - if ctx.IsMethod(http.MethodOptions) { - ctx.RespWriter.WriteHeader(http.StatusNoContent) - return - } - // Prepare request information to Gitea targetOptions := &upstream.Options{ TryIndexPages: true,