scratchfoundation/scratch-www
1
0
Fork 0
mirror of https://github.com/scratchfoundation/scratch-www.git synced 2024-11-23 07:38:07 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Block PUT, POST, and DEL requests

Browse source
This commit is contained in:
Andrew Sliwinski 2015-10-29 12:06:13 -04:00
parent 73b3a91a05
commit 6913a688d3
1 changed files with 15 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
server/index.js
View file

@ -13,9 +13,23 @@ var log = require('./log');
var proxies = require('./proxies.json');
var routes = require('./routes.json');
// Server setup
// Create server
var app = express();
app.disable('x-powered-by');
// Block POST & PUT requests in production
if (process.env.NODE_ENV === 'production') {
app.use(function (req, res, next) {
if (req.method === 'GET') return next();
if (req.method === 'OPTIONS') return next();
if (req.method === 'HEAD') return next();
res.writeHead(405, {'content-type' : 'application/json'});
res.end('{"error": "Method not allowed"}');
});
}
// Server setup
app.use(log());
app.use(compression());
app.use(express.static(path.resolve(__dirname, '../build'), {