mirror of
https://github.com/golang/go
synced 2024-11-18 16:44:43 -07:00
net/http: make triv.go example less insecure
The triv.go example serves the entire contents of $HOME by default. That seems bad, let's not do that. Also change it to listen on localhost only. Change-Id: I8f1b7bd6b7d737852273e2ba82deabc4a2d11f6b Reviewed-on: https://go-review.googlesource.com/c/go/+/428237 Run-TryBot: Damien Neil <dneil@google.com> Reviewed-by: Tatiana Bradley <tatiana@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org>
This commit is contained in:
parent
e1e88d636b
commit
dc629ec939
@ -118,7 +118,7 @@ func Logger(w http.ResponseWriter, req *http.Request) {
|
|||||||
http.Error(w, "oops", http.StatusNotFound)
|
http.Error(w, "oops", http.StatusNotFound)
|
||||||
}
|
}
|
||||||
|
|
||||||
var webroot = flag.String("root", os.Getenv("HOME"), "web root directory")
|
var webroot = flag.String("root", "", "web root directory")
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
flag.Parse()
|
flag.Parse()
|
||||||
@ -128,11 +128,13 @@ func main() {
|
|||||||
expvar.Publish("counter", ctr)
|
expvar.Publish("counter", ctr)
|
||||||
http.Handle("/counter", ctr)
|
http.Handle("/counter", ctr)
|
||||||
http.Handle("/", http.HandlerFunc(Logger))
|
http.Handle("/", http.HandlerFunc(Logger))
|
||||||
http.Handle("/go/", http.StripPrefix("/go/", http.FileServer(http.Dir(*webroot))))
|
if *webroot != "" {
|
||||||
|
http.Handle("/go/", http.StripPrefix("/go/", http.FileServer(http.Dir(*webroot))))
|
||||||
|
}
|
||||||
http.Handle("/chan", ChanCreate())
|
http.Handle("/chan", ChanCreate())
|
||||||
http.HandleFunc("/flags", FlagServer)
|
http.HandleFunc("/flags", FlagServer)
|
||||||
http.HandleFunc("/args", ArgServer)
|
http.HandleFunc("/args", ArgServer)
|
||||||
http.HandleFunc("/go/hello", HelloServer)
|
http.HandleFunc("/go/hello", HelloServer)
|
||||||
http.HandleFunc("/date", DateServer)
|
http.HandleFunc("/date", DateServer)
|
||||||
log.Fatal(http.ListenAndServe(":12345", nil))
|
log.Fatal(http.ListenAndServe("localhost:12345", nil))
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user