HTTP/3: added CONNECT and TRACE methods rejection.

It has got lost in e1eb7f4ca9f1, let alone a subsequent update in 63c66b7cc07c.

1 files changed, 14 insertions, 1 deletions

diff --git a/src/http/v3/ngx_http_v3_request.c b/src/http/v3/ngx_http_v3_request.c
index f11c32da9..793a34816 100644
--- a/src/http/v3/ngx_http_v3_request.c
+++ b/src/http/v3/ngx_http_v3_request.c
@@ -45,7 +45,8 @@ static const struct {
     { ngx_string("LOCK"),      NGX_HTTP_LOCK },
     { ngx_string("UNLOCK"),    NGX_HTTP_UNLOCK },
     { ngx_string("PATCH"),     NGX_HTTP_PATCH },
-    { ngx_string("TRACE"),     NGX_HTTP_TRACE }
+    { ngx_string("TRACE"),     NGX_HTTP_TRACE },
+    { ngx_string("CONNECT"),   NGX_HTTP_CONNECT }
 };
 
 
@@ -780,6 +781,18 @@ ngx_http_v3_process_request_header(ngx_http_request_t *r)
         }
     }
 
+    if (r->method == NGX_HTTP_CONNECT) {
+        ngx_log_error(NGX_LOG_INFO, c->log, 0, "client sent CONNECT method");
+        ngx_http_finalize_request(r, NGX_HTTP_NOT_ALLOWED);
+        return NGX_ERROR;
+    }
+
+    if (r->method == NGX_HTTP_TRACE) {
+        ngx_log_error(NGX_LOG_INFO, c->log, 0, "client sent TRACE method");
+        ngx_http_finalize_request(r, NGX_HTTP_NOT_ALLOWED);
+        return NGX_ERROR;
+    }
+
     return NGX_OK;
 
 failed: