moved where invalid method request are rejected
This commit is contained in:
parent
e901f1679b
commit
4a6d21f0b5
|
@ -31,13 +31,21 @@ module.exports.create = function (deps, conf) {
|
|||
res.setHeader('Access-Control-Allow-Methods', methods.join(', '));
|
||||
res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
|
||||
|
||||
if (req.method.toUpperCase() !== 'OPTIONS') {
|
||||
return false;
|
||||
if (req.method.toUpperCase() === 'OPTIONS') {
|
||||
res.setHeader('Allow', methods.join(', '));
|
||||
res.end();
|
||||
return true;
|
||||
}
|
||||
|
||||
res.setHeader('Allow', methods.join(', '));
|
||||
res.end();
|
||||
return true;
|
||||
if (methods.indexOf('*') >= 0) {
|
||||
return false;
|
||||
}
|
||||
if (methods.indexOf(req.method.toUpperCase()) < 0) {
|
||||
res.statusCode = 405;
|
||||
res.setHeader('Content-Type', 'application/json');
|
||||
res.end(JSON.stringify({ error: { message: 'method '+req.method+' not allowed', code: 'EBADMETHOD'}}));
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
function isAuthorized(req, res, fn) {
|
||||
|
@ -143,12 +151,6 @@ module.exports.create = function (deps, conf) {
|
|||
if (handleCors(req, res, 'POST')) {
|
||||
return;
|
||||
}
|
||||
if (req.method !== 'POST') {
|
||||
res.statusCode = 405;
|
||||
res.setHeader('Content-Type', 'application/json');
|
||||
res.end(JSON.stringify({ error: { message: 'method '+req.method+' not allowed'}}));
|
||||
return;
|
||||
}
|
||||
|
||||
jsonParser(req, res, function () {
|
||||
|
||||
|
|
Loading…
Reference in New Issue