From 4c0b13fb576042fb4831cd964afbe1f21fb16d31 Mon Sep 17 00:00:00 2001
From: adnano <me@adnano.co>
Date: Mon, 28 Sep 2020 16:07:51 -0400
Subject: [PATCH] Refuse requests for non-gemini schemes

---
 examples/auth/auth.go | 2 +-
 server.go             | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/examples/auth/auth.go b/examples/auth/auth.go
index 94b3016..bcf7bf1 100644
--- a/examples/auth/auth.go
+++ b/examples/auth/auth.go
@@ -79,7 +79,7 @@ func login(rw *gmi.ResponseWriter, req *gmi.Request) {
 			sessions[fingerprint] = &session{
 				username: username,
 			}
-			gmi.Redirect(rw, req, "/login/password")
+			gmi.Redirect(rw, req, "/login#password")
 		})
 	})
 }
diff --git a/server.go b/server.go
index cea6f64..158f9cf 100644
--- a/server.go
+++ b/server.go
@@ -579,6 +579,11 @@ func (mux *ServeMux) shouldRedirectRLocked(host, path string) bool {
 // If there is no registered handler that applies to the request,
 // Handler returns a ``page not found'' handler and an empty pattern.
 func (mux *ServeMux) Handler(r *Request) (h Handler, pattern string) {
+	// Refuse requests for non-gemini schemes.
+	if r.URL.Scheme != "gemini" {
+		return NotFoundHandler(), ""
+	}
+
 	// All other requests have any port stripped and path cleaned
 	// before passing to mux.handler.
 	host := stripHostPort(r.Host)