Fix HEAD to work only for GET resources.

2015-09-27 23:49:59 -07:00 · 2015-09-27 23:49:59 -07:00 · 1fbf2d4990
parent ecd08c0798
commit 1fbf2d4990
2 changed files with 9 additions and 4 deletions
--- a/wfe/web-front-end.go
+++ b/wfe/web-front-end.go
@ -171,16 +171,14 @@ func (wfe *WebFrontEndImpl) HandleFunc(mux *http.ServeMux, pattern string, h fun
 		}
 		response.Header().Set("Access-Control-Allow-Origin", "*")

-		switch request.Method {
-		case "HEAD":
+		// Return a bodyless response to HEAD for any resource that allows GET.
+		if _, ok := methodsOK["GET"]; ok && request.Method == "HEAD" {
 			// We'll be sending an error anyway, but we
 			// should still comply with HTTP spec by not
 			// sending a body.
 			response = BodylessResponseWriter{response}
 			h(response, request)
 			return
-		case "OPTIONS":
-			// TODO, #469
 		}

 		if _, ok := methodsOK[request.Method]; !ok {
--- a/wfe/web-front-end_test.go
+++ b/wfe/web-front-end_test.go
@ -310,6 +310,13 @@ func TestHandleFunc(t *testing.T) {
 	runWrappedHandler(&http.Request{Method: "HEAD"}, "GET", "POST")
 	test.AssertEquals(t, stubCalled, true)
 	test.AssertEquals(t, rw.Body.String(), "")
+
+	// HEAD doesn't work with POST-only endpoints
+	runWrappedHandler(&http.Request{Method: "HEAD"}, "POST")
+	test.AssertEquals(t, stubCalled, false)
+	test.AssertEquals(t, rw.Header().Get("Content-Type"), "application/problem+json")
+	test.AssertEquals(t, rw.Body.String(), `{"type":"urn:acme:error:malformed","detail":"Method not allowed"}`)
+	test.AssertEquals(t, rw.Header().Get("Allow"), "POST")
 }

 func TestStandardHeaders(t *testing.T) {