diff options
| author | Leon Krause <lk@leonkrause.com> | 2018-02-17 16:56:40 +0100 |
|---|---|---|
| committer | Leon Krause <lk@leonkrause.com> | 2018-02-17 16:56:40 +0100 |
| commit | 2cd7bc04ea9a99510c26113a81f8371be5b1f49f (patch) | |
| tree | 89874a89ea6618bd5ea046a5922bddfdf5a89995 | |
| parent | 8a21f27f540750a76f19fcfb7d7a9d5e7f03f771 (diff) | |
Disable insecure HTTP methods CONNECT and TRACE in HTML5 platform
| -rw-r--r-- | platform/javascript/http_client_javascript.cpp | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/platform/javascript/http_client_javascript.cpp b/platform/javascript/http_client_javascript.cpp index 5e6b01f772..5ab3d1b770 100644 --- a/platform/javascript/http_client_javascript.cpp +++ b/platform/javascript/http_client_javascript.cpp @@ -81,6 +81,8 @@ Ref<StreamPeer> HTTPClient::get_connection() const { Error HTTPClient::prepare_request(Method p_method, const String &p_url, const Vector<String> &p_headers) { ERR_FAIL_INDEX_V(p_method, METHOD_MAX, ERR_INVALID_PARAMETER); + ERR_EXPLAIN("HTTP methods TRACE and CONNECT are not supported for the HTML5 platform"); + ERR_FAIL_COND_V(p_method == METHOD_TRACE || p_method == METHOD_CONNECT, ERR_UNAVAILABLE); ERR_FAIL_COND_V(status != STATUS_CONNECTED, ERR_INVALID_PARAMETER); ERR_FAIL_COND_V(host.empty(), ERR_UNCONFIGURED); ERR_FAIL_COND_V(port < 0, ERR_UNCONFIGURED); |