summaryrefslogtreecommitdiff
path: root/main.go
diff options
context:
space:
mode:
Diffstat (limited to 'main.go')
-rw-r--r--main.go15
1 files changed, 14 insertions, 1 deletions
diff --git a/main.go b/main.go
index d80ba6a..41f8334 100644
--- a/main.go
+++ b/main.go
@@ -10,6 +10,7 @@ import (
const (
errSrcInvalid = "source is not a parsable URL"
errTgtNotAccepted = "can not process webmentions for this target"
+ errInvalidScheme = "URL scheme is not HTTP(S)"
)
// endpoint is a webmention receiver.
@@ -19,15 +20,27 @@ type endpoint struct {
// ServeHTTP is http.Handler implementation.
func (ep endpoint) ServeHTTP(w http.ResponseWriter, r *http.Request) {
- _, err := url.Parse(r.PostFormValue("source"))
+ source, err := url.Parse(r.PostFormValue("source"))
if err != nil {
w.WriteHeader(http.StatusBadRequest)
w.Write([]byte(errSrcInvalid))
+ return
+ }
+ if source.Scheme != "http" && source.Scheme != "https" {
+ w.WriteHeader(http.StatusBadRequest)
+ w.Write([]byte(errInvalidScheme))
+ return
}
target, err := url.Parse(r.PostFormValue("target"))
if err != nil || !ep.targetAllowed(target) {
w.WriteHeader(http.StatusBadRequest)
w.Write([]byte(errTgtNotAccepted))
+ return
+ }
+ if target.Scheme != "http" && target.Scheme != "https" {
+ w.WriteHeader(http.StatusBadRequest)
+ w.Write([]byte(errInvalidScheme))
+ return
}
}