[Fencommits] fenserve: give 403 Forbidden on attempted state changes not from localhost
Benja Fallenstein
benja.fallenstein at gmail.com
Sun Mar 25 20:04:31 EEST 2007
Sun Mar 25 20:04:17 EEST 2007 Benja Fallenstein <benja.fallenstein at gmail.com>
* give 403 Forbidden on attempted state changes not from localhost
diff -rN -u old-fenserve/Main.hs new-fenserve/Main.hs
--- old-fenserve/Main.hs 2007-03-25 20:04:31.000000000 +0300
+++ new-fenserve/Main.hs 2007-03-25 20:04:31.000000000 +0300
@@ -46,9 +46,11 @@
fenserveHandler = Handle $ \req -> do
state <- get; rq <- getEvent
let (result, state') = runFenServe (handleRequest rq) state
- when (not $ rqMethod req `elem` [GET,HEAD]) $
- when (isLocalhost req) $ put state'
- respond $ return result
+ if rqMethod req `elem` [GET,HEAD] then respond $ return result
+ else if isLocalhost req then do put state'; respond $ return result
+ else if state == state' then respond $ return result
+ else respond $ return $ mkResult 403 "text/html" $ toUTF
+ "403 Forbidden: state changes only from localhost at this time"
main :: IO ()
main = do
More information about the Fencommits
mailing list