Merge pull request #188 from thisandagain/bugfix/put

Block PUT, POST, and DEL requests
This commit is contained in:
Ray Schamp 2015-10-29 15:48:40 -04:00
commit f2872739da

View file

@ -13,9 +13,23 @@ var log = require('./log');
var proxies = require('./proxies.json'); var proxies = require('./proxies.json');
var routes = require('./routes.json'); var routes = require('./routes.json');
// Server setup // Create server
var app = express(); var app = express();
app.disable('x-powered-by'); app.disable('x-powered-by');
// Block POST & PUT requests in production
if (process.env.NODE_ENV === 'production') {
app.use(function (req, res, next) {
if (req.method === 'GET') return next();
if (req.method === 'OPTIONS') return next();
if (req.method === 'HEAD') return next();
res.writeHead(405, {'content-type' : 'application/json'});
res.end('{"error": "Method not allowed"}');
});
}
// Server setup
app.use(log()); app.use(log());
app.use(compression()); app.use(compression());
app.use(express.static(path.resolve(__dirname, '../build'), { app.use(express.static(path.resolve(__dirname, '../build'), {