diff options
| author | Erlang/OTP <otp@erlang.org> | 2021-02-24 14:58:44 +0100 |
|---|---|---|
| committer | Erlang/OTP <otp@erlang.org> | 2021-02-24 14:58:44 +0100 |
| commit | 878dc308da076bd8a26583147de6e13cd738cdf1 (patch) | |
| tree | f0850b6eeb1a86c8e2214e0dc726c5e4d46101ab | |
| parent | f7d6f6a9ef3daa8910e47635e243915f7d1dc9ec (diff) | |
| parent | 769d2b0f390c4a1c25b8eae47ad9d03ba07cb8d6 (diff) | |
| download | erlang-878dc308da076bd8a26583147de6e13cd738cdf1.tar.gz | |
Merge branch 'ingela/inets/httpd/mod-head/reject-dir/OTP-17220' into maint-23
* ingela/inets/httpd/mod-head/reject-dir/OTP-17220:
inets,httpd: HEAD should reject directory link
| -rw-r--r-- | lib/inets/src/http_server/mod_head.erl | 4 | ||||
| -rw-r--r-- | lib/inets/test/httpd_SUITE.erl | 19 |
2 files changed, 19 insertions, 4 deletions
diff --git a/lib/inets/src/http_server/mod_head.erl b/lib/inets/src/http_server/mod_head.erl index 25c11360eb..e90b089f94 100644 --- a/lib/inets/src/http_server/mod_head.erl +++ b/lib/inets/src/http_server/mod_head.erl @@ -64,6 +64,10 @@ do_head(Info) -> Suffix = httpd_util:suffix(Path), %% Does the file exists? case file:read_file_info(Path) of + {ok, #file_info{type = directory}} -> + Status = httpd_file:handle_error(eacces, "access", Info, Path), + {proceed, + [{status, Status} | Info#mod.data]}; {ok, FileInfo} -> MimeType = httpd_util:lookup_mime_default(Info#mod.config_db, diff --git a/lib/inets/test/httpd_SUITE.erl b/lib/inets/test/httpd_SUITE.erl index 027932caa2..1445ff89ac 100644 --- a/lib/inets/test/httpd_SUITE.erl +++ b/lib/inets/test/httpd_SUITE.erl @@ -432,7 +432,17 @@ head(Config) when is_list(Config) -> proplists:get_value(port, Config), proplists:get_value(node, Config), http_request("HEAD /index.html ", Version, Host), - [{statuscode, head_status(Version)}, + [{statuscode, head_status(Version, 200)}, + {version, Version}]), + + ok = httpd_test_lib:verify_request(proplists:get_value(type, Config), Host, + proplists:get_value(port, Config), + proplists:get_value(node, Config), + http_request("HEAD /open/ ", Version, Host), + [{statuscode, head_status(Version, 403)}, + {header, "Content-Type", "text/html"}, + {header, "Date"}, + {header, "Server"}, {version, Version}]). get() -> @@ -2126,10 +2136,11 @@ http_request_missing_CR(Request, "HTTP/1.1" = Version, Host) -> http_request_missing_CR(Request, Version, _) -> Request ++ Version ++ "\r\n\n". -head_status("HTTP/0.9") -> +head_status("HTTP/0.9", _) -> 501; %% Not implemented in HTTP/0.9 -head_status(_) -> - 200. +head_status(_, Expected) -> + Expected. + basic_conf() -> [{modules, [mod_alias, mod_range, mod_responsecontrol, |