summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--srv/src/http/api.go49
-rw-r--r--srv/src/http/apiutil/apiutil.go7
2 files changed, 29 insertions, 27 deletions
diff --git a/srv/src/http/api.go b/srv/src/http/api.go
index 92f5db1..bcd0150 100644
--- a/srv/src/http/api.go
+++ b/srv/src/http/api.go
@@ -167,15 +167,21 @@ func (a *api) handler() http.Handler {
}
formMiddleware := func(h http.Handler) http.Handler {
- h = checkCSRFMiddleware(h)
- h = disallowGetMiddleware(h)
- h = logReqMiddleware(h)
- h = addResponseHeaders(map[string]string{
+ wh := checkCSRFMiddleware(h)
+ wh = logReqMiddleware(wh)
+ wh = addResponseHeaders(map[string]string{
"Cache-Control": "no-store, max-age=0",
"Pragma": "no-cache",
"Expires": "0",
- }, h)
- return h
+ }, wh)
+
+ return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
+ if r.Method != "GET" {
+ wh.ServeHTTP(rw, r)
+ } else {
+ h.ServeHTTP(rw, r)
+ }
+ })
}
mux := http.NewServeMux()
@@ -199,33 +205,27 @@ func (a *api) handler() http.Handler {
a.requirePowMiddleware,
)))
- mux.Handle("/api/", http.StripPrefix("/api", formMiddleware(apiMux)))
+ mux.Handle("/api/", http.StripPrefix("/api",
+ // disallowGetMiddleware is used rather than a MethodMux because it
+ // has an exception for websockets, which is needed for chat.
+ disallowGetMiddleware(apiMux),
+ ))
}
mux.Handle("/posts/", http.StripPrefix("/posts",
apiutil.MethodMux(map[string]http.Handler{
- "GET": a.renderPostHandler(),
- "POST": authMiddleware(a.auther,
- formMiddleware(a.postPostHandler()),
- ),
- "DELETE": authMiddleware(a.auther,
- formMiddleware(a.deletePostHandler()),
- ),
- "PREVIEW": authMiddleware(a.auther,
- formMiddleware(a.previewPostHandler()),
- ),
+ "GET": a.renderPostHandler(),
+ "POST": authMiddleware(a.auther, a.postPostHandler()),
+ "DELETE": authMiddleware(a.auther, a.deletePostHandler()),
+ "PREVIEW": authMiddleware(a.auther, a.previewPostHandler()),
}),
))
mux.Handle("/assets/", http.StripPrefix("/assets",
apiutil.MethodMux(map[string]http.Handler{
- "GET": a.getPostAssetHandler(),
- "POST": authMiddleware(a.auther,
- formMiddleware(a.postPostAssetHandler()),
- ),
- "DELETE": authMiddleware(a.auther,
- formMiddleware(a.deletePostAssetHandler()),
- ),
+ "GET": a.getPostAssetHandler(),
+ "POST": authMiddleware(a.auther, a.postPostAssetHandler()),
+ "DELETE": authMiddleware(a.auther, a.deletePostAssetHandler()),
}),
))
@@ -235,6 +235,7 @@ func (a *api) handler() http.Handler {
mux.Handle("/", a.renderIndexHandler())
var globalHandler http.Handler = mux
+ globalHandler = formMiddleware(globalHandler)
globalHandler = setCSRFMiddleware(globalHandler)
globalHandler = setLoggerMiddleware(a.params.Logger, globalHandler)
diff --git a/srv/src/http/apiutil/apiutil.go b/srv/src/http/apiutil/apiutil.go
index d427b65..aa62299 100644
--- a/srv/src/http/apiutil/apiutil.go
+++ b/srv/src/http/apiutil/apiutil.go
@@ -121,10 +121,11 @@ func MethodMux(handlers map[string]http.Handler) http.Handler {
return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
- method := strings.ToUpper(r.FormValue("method"))
+ method := strings.ToUpper(r.Method)
+ formMethod := strings.ToUpper(r.FormValue("method"))
- if method == "" {
- method = strings.ToUpper(r.Method)
+ if method == "POST" && formMethod != "" {
+ method = formMethod
}
handler, ok := handlers[method]