Skip to content

Commit

Permalink
Merge pull request #3427 from rkday/xss-fix
Browse files Browse the repository at this point in the history
Don't echo back the provided path on a 404 error
  • Loading branch information
ashie authored Jun 23, 2021
2 parents 5bc4c6b + 355e555 commit d0ea8aa
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion lib/fluent/plugin_helper/http_server/router.rb
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ module HttpServer
class Router
class NotFoundApp
def self.call(req)
[404, { 'Content-Type' => 'text/plain' }, "404 Not Found: #{req.path}\n"]
[404, { 'Content-Type' => 'text/plain' }, "404 Not Found\n"]
end
end

Expand Down
2 changes: 1 addition & 1 deletion test/plugin_helper/http_server/test_route.rb
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ class HttpHelperRouterTest < Test::Unit::TestCase
test 'use default app if path is not found' do
router = Fluent::PluginHelper::HttpServer::Router.new
req = flexmock('request', path: 'path/')
assert_equal(router.route!(:get, '/path/', req), [404, { 'Content-Type' => 'text/plain' }, "404 Not Found: #{req.path}\n"])
assert_equal(router.route!(:get, '/path/', req), [404, { 'Content-Type' => 'text/plain' }, "404 Not Found\n"])
end

test 'default app is configurable' do
Expand Down

0 comments on commit d0ea8aa

Please sign in to comment.