From eacd9781f78751e4c9775e350ecf82eba288abb0 Mon Sep 17 00:00:00 2001
From: Christine Dodrill <me@christine.website>
Date: Sun, 1 Oct 2017 11:29:31 -0700
Subject: [PATCH] cmd/routed: configure the http listener to redirect if the
 method allows redirecting

---
 cmd/routed/main.go | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/cmd/routed/main.go b/cmd/routed/main.go
index f393d91..0a9a400 100644
--- a/cmd/routed/main.go
+++ b/cmd/routed/main.go
@@ -54,14 +54,21 @@ func main() {
 	defer l.Close()
 
 	hs := &http.Server{
-		Handler: middleware.Trace(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			switch r.Method {
+			case http.MethodPatch, http.MethodPut, http.MethodPost:
+				http.Error(w, "use https", http.StatusNotAcceptable)
+				ln.Log(r.Context(), ln.Action("cannot redirect (wrong method)"), ln.F{"remote": r.RemoteAddr, "host": r.Host, "path": r.URL.Path})
+				return
+			}
+
 			r.URL.Host = r.Host
 			r.URL.Scheme = "https"
 
-			ln.Log(r.Context(), ln.Action("redirecting insecure HTTP to HTTPS"))
+			ln.Log(r.Context(), ln.Action("redirecting insecure HTTP to HTTPS"), ln.F{"remote": r.RemoteAddr, "host": r.Host, "path": r.URL.Path})
 
 			http.Redirect(w, r, r.URL.String(), http.StatusPermanentRedirect)
-		})),
+		}),
 		Addr: scfg.WebAddr,
 	}