diff options
Diffstat (limited to 'main.go')
-rw-r--r-- | main.go | 15 |
1 files changed, 14 insertions, 1 deletions
@@ -10,6 +10,7 @@ import ( const ( errSrcInvalid = "source is not a parsable URL" errTgtNotAccepted = "can not process webmentions for this target" + errInvalidScheme = "URL scheme is not HTTP(S)" ) // endpoint is a webmention receiver. @@ -19,15 +20,27 @@ type endpoint struct { // ServeHTTP is http.Handler implementation. func (ep endpoint) ServeHTTP(w http.ResponseWriter, r *http.Request) { - _, err := url.Parse(r.PostFormValue("source")) + source, err := url.Parse(r.PostFormValue("source")) if err != nil { w.WriteHeader(http.StatusBadRequest) w.Write([]byte(errSrcInvalid)) + return + } + if source.Scheme != "http" && source.Scheme != "https" { + w.WriteHeader(http.StatusBadRequest) + w.Write([]byte(errInvalidScheme)) + return } target, err := url.Parse(r.PostFormValue("target")) if err != nil || !ep.targetAllowed(target) { w.WriteHeader(http.StatusBadRequest) w.Write([]byte(errTgtNotAccepted)) + return + } + if target.Scheme != "http" && target.Scheme != "https" { + w.WriteHeader(http.StatusBadRequest) + w.Write([]byte(errInvalidScheme)) + return } } |