urbit/shrub
1
1
Fork 0
mirror of https://github.com/urbit/shrub.git synced 2024-12-01 14:42:02 +03:00
Code Issues Packages Projects Releases Wiki Activity

eyre: only allow authenticated GET scry requests

Browse Source 
Lacking any other permissioning mechanism, we must simply reject
unauthenticated HTTP-scry requests for now.
This commit is contained in:
Fang 2020-06-12 00:57:25 +02:00
parent d20877e414
commit b870466977
No known key found for this signature in database
GPG Key ID: EB035760C1BBA972
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/arvo/sys/vane/eyre.hoon
View File

@ -870,6 +870,10 @@
++ handle-scry
|= [authenticated=? =address =request:http]
|^ ^- (quip move server-state)
?. authenticated
(error-response 403 ~)
?. =(%'GET' method.request)
(error-response 405 "may only GET scries")
:: make sure the path contains an app to scry into
::
=+ req=(parse-request-line url.request)