Skip to content

Commit

Permalink
Merge pull request elastic#7696 from lukasolson/fix/allow-head
Browse files Browse the repository at this point in the history
Allow HEAD requests without kbn-version header

Former-commit-id: 27c027c
  • Loading branch information
lukasolson authored Jul 15, 2016
2 parents 5495c93 + 724a1e3 commit b91b2f9
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 5 deletions.
11 changes: 7 additions & 4 deletions src/server/http/__tests__/xsrf.js
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ import { fromNode as fn } from 'bluebird';
import { resolve } from 'path';
import * as kbnTestServer from '../../../../test/utils/kbn_server';

const nonDestructiveMethods = ['GET'];
const nonDestructiveMethods = ['GET', 'HEAD'];
const destructiveMethods = ['POST', 'PUT', 'DELETE'];
const src = resolve.bind(null, __dirname, '../../../../src');

Expand All @@ -28,9 +28,10 @@ describe('xsrf request filter', function () {

await kbnServer.ready();

const routeMethods = nonDestructiveMethods.filter(method => method !== 'HEAD').concat(destructiveMethods);
kbnServer.server.route({
path: '/xsrf/test/route',
method: [...nonDestructiveMethods, ...destructiveMethods],
method: routeMethods,
handler: function (req, reply) {
reply(null, 'ok');
}
Expand All @@ -52,7 +53,8 @@ describe('xsrf request filter', function () {
});

expect(resp.statusCode).to.be(200);
expect(resp.payload).to.be('ok');
if (method === 'HEAD') expect(resp.payload).to.be.empty();
else expect(resp.payload).to.be('ok');
});

it('failes on invalid tokens', async function () {
Expand All @@ -66,7 +68,8 @@ describe('xsrf request filter', function () {

expect(resp.statusCode).to.be(400);
expect(resp.headers).to.have.property(xsrfHeader, version);
expect(resp.payload).to.match(/"Browser client is out of date/);
if (method === 'HEAD') expect(resp.payload).to.be.empty();
else expect(resp.payload).to.match(/"Browser client is out of date/);
});
});
}
Expand Down
2 changes: 1 addition & 1 deletion src/server/http/xsrf.js
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ export default function (kbnServer, server, config) {
const header = 'kbn-version';

server.ext('onPostAuth', function (req, reply) {
const noHeaderGet = req.method === 'get' && !req.headers[header];
const noHeaderGet = (req.method === 'get' || req.method === 'head') && !req.headers[header];
if (disabled || noHeaderGet) return reply.continue();

const submission = req.headers[header];
Expand Down

0 comments on commit b91b2f9

Please sign in to comment.