Home Explore Help
Sign In
Godot
/
godot
mirror of https://github.com/godotengine/godot.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Disable insecure HTTP methods CONNECT and TRACE in HTML5 platform

Leon Krause 7 years ago
parent
8a21f27f54
commit
2cd7bc04ea
1 changed files with 2 additions and 0 deletions
Split View Show Diff Stats
  1. 2 0
      platform/javascript/http_client_javascript.cpp

+ 2 - 0
platform/javascript/http_client_javascript.cpp
View File 

@@ -81,6 +81,8 @@ Ref<StreamPeer> HTTPClient::get_connection() const {
 
 Error HTTPClient::prepare_request(Method p_method, const String &p_url, const Vector<String> &p_headers) {
 
 
 	ERR_FAIL_INDEX_V(p_method, METHOD_MAX, ERR_INVALID_PARAMETER);
 
+	ERR_EXPLAIN("HTTP methods TRACE and CONNECT are not supported for the HTML5 platform");
 
+	ERR_FAIL_COND_V(p_method == METHOD_TRACE || p_method == METHOD_CONNECT, ERR_UNAVAILABLE);
 
 	ERR_FAIL_COND_V(status != STATUS_CONNECTED, ERR_INVALID_PARAMETER);
 
 	ERR_FAIL_COND_V(host.empty(), ERR_UNCONFIGURED);
 
 	ERR_FAIL_COND_V(port < 0, ERR_UNCONFIGURED);