fix: allow only post method for making requests fixes: grpc#2881

oneslash · Nov 5, 2019 · c981e73 · c981e73
1 parent 583401a
commit c981e73
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/internal/transport/http_util.go b/internal/transport/http_util.go
@@ -133,6 +133,9 @@ type parsedHeaderData struct {
 	grpcErr        error
 	httpErr        error
 	contentTypeErr string
+
+	// HTTP RAW METHOD
+	httpMethod string
 }
 
 // decodeState configures decoding criteria and records the decoded data.
@@ -270,6 +273,10 @@ func (d *decodeState) decodeHeader(frame *http2.MetaHeadersFrame) error {
 		d.processHeaderField(hf)
 	}
 
+	if d.data.httpMethod != http.MethodPost {
+		return status.Error(codes.InvalidArgument, "only POST method is allowed to make a request")
+	}
+
 	if d.data.isGRPC {
 		if d.data.grpcErr != nil {
 			return d.data.grpcErr
@@ -406,6 +413,8 @@ func (d *decodeState) processHeaderField(f hpack.HeaderField) {
 		}
 		d.data.statsTrace = v
 		d.addMetadata(f.Name, string(v))
+	case ":method":
+		d.data.httpMethod = f.Value
 	default:
 		if isReservedHeader(f.Name) && !isWhitelistedHeader(f.Name) {
 			break