Refuse requests for non-gemini schemes

2020-09-28 16:07:51 -04:00 · 2020-09-28 16:07:51 -04:00 · 4c0b13fb57
commit 4c0b13fb57
parent a49b0cdaac
2 changed files with 6 additions and 1 deletions
--- a/examples/auth/auth.go
+++ b/examples/auth/auth.go
@ -79,7 +79,7 @@ func login(rw *gmi.ResponseWriter, req *gmi.Request) {
 			sessions[fingerprint] = &session{
 				username: username,
 			}
-			gmi.Redirect(rw, req, "/login/password")
+			gmi.Redirect(rw, req, "/login#password")
 		})
 	})
 }
--- a/server.go
+++ b/server.go
@ -579,6 +579,11 @@ func (mux *ServeMux) shouldRedirectRLocked(host, path string) bool {
 // If there is no registered handler that applies to the request,
 // Handler returns a ``page not found'' handler and an empty pattern.
 func (mux *ServeMux) Handler(r *Request) (h Handler, pattern string) {
+	// Refuse requests for non-gemini schemes.
+	if r.URL.Scheme != "gemini" {
+		return NotFoundHandler(), ""
+	}
+
 	// All other requests have any port stripped and path cleaned
 	// before passing to mux.handler.
 	host := stripHostPort(r.Host)