inets httpd incorrectly returns 501 Not Implemented for 'PUT' and 'DELETE' methods

Hunter Morris <>
Mon Jul 6 14:01:45 CEST 2009


Hello,

httpd_request:validate/3 does not allow applications to use the 'PUT'
and 'DELETE' methods which are common in many server applications.
The patch included inline would allow the two additional methods:

---
 lib/inets/src/http_server/httpd_request.erl |    6 +++++-
 lib/inets/src/http_server/mod_cgi.erl       |    2 ++
 lib/inets/src/http_server/mod_esi.erl       |   24 ++++++++++++++++++++++++
 3 files changed, 31 insertions(+), 1 deletions(-)

diff --git a/lib/inets/src/http_server/httpd_request.erl
b/lib/inets/src/http_server/httpd_request.erl
index ad2cc4b..5a2f0d4 100644
--- a/lib/inets/src/http_server/httpd_request.erl
+++ b/lib/inets/src/http_server/httpd_request.erl
@@ -71,7 +71,7 @@ body_data(Headers, Body) ->
 %%-------------------------------------------------------------------------
 %% validate(Method, Uri, Version) -> ok | {error, {bad_request, Reason} |
 %%			     {error, {not_supported, {Method, Uri, Version}}
-%%      Method = "HEAD" | "GET" | "POST" | "TRACE"
+%%      Method = "HEAD" | "GET" | "POST" | "TRACE" | "PUT" | "DELETE"
 %%      Uri = uri()
 %%      Version = "HTTP/N.M"
 %% Description: Checks that HTTP-request-line is valid.
@@ -86,6 +86,10 @@ validate("GET", Uri, "HTTP/1." ++ _N) ->
     validate_uri(Uri);
 validate("POST", Uri, "HTTP/1." ++ _N) ->
     validate_uri(Uri);
+validate("PUT", Uri, "HTTP/1." ++ _N) ->
+    validate_uri(Uri);
+validate("DELETE", Uri, "HTTP/1." ++ _N) ->
+    validate_uri(Uri);
 validate("TRACE", Uri, "HTTP/1." ++ N) when hd(N) >= $1 ->
     validate_uri(Uri);
 validate(Method, Uri, Version) ->
diff --git a/lib/inets/src/http_server/mod_cgi.erl
b/lib/inets/src/http_server/mod_cgi.erl
index ab12a3b..a0206bd 100644
--- a/lib/inets/src/http_server/mod_cgi.erl
+++ b/lib/inets/src/http_server/mod_cgi.erl
@@ -335,6 +335,8 @@ script_elements(#mod{method = "GET"}, {PathInfo,
QueryString}) ->
     [{query_string, QueryString}, {path_info, PathInfo}];
 script_elements(#mod{method = "POST", entity_body = Body}, _) ->
     [{entity_body, Body}];
+script_elements(#mod{method = "PUT", entity_body = Body}, _) ->
+    [{entity_body, Body}];
 script_elements(_, _) ->
     [].

diff --git a/lib/inets/src/http_server/mod_esi.erl
b/lib/inets/src/http_server/mod_esi.erl
index dd6f62a..ec9de66 100644
--- a/lib/inets/src/http_server/mod_esi.erl
+++ b/lib/inets/src/http_server/mod_esi.erl
@@ -249,6 +249,18 @@ erl(#mod{method = Method} = ModData, ESIBody, Modules)
 	    {proceed, [{status,{400, none, BadRequest}} | ModData#mod.data]}
     end;

+erl(#mod{request_uri = ReqUri, method = "PUT",
+         http_version = Version, data = Data}, _ESIBody, _Modules) ->
+    {proceed,[{status,{501,{"PUT", ReqUri, Version},
+		       ?NICE("Erl mechanism doesn't support method PUT")}}|
+	      Data]};
+
+erl(#mod{request_uri = ReqUri, method = "DELETE",
+         http_version = Version, data = Data}, _ESIBody, _Modules) ->
+    {proceed,[{status,{501,{"DELETE", ReqUri, Version},
+		       ?NICE("Erl mechanism doesn't support method DELETE")}}|
+	      Data]};
+
 erl(#mod{method = "POST", entity_body = Body} = ModData, ESIBody, Modules) ->
     case httpd_util:split(ESIBody,":|%3A|/",2) of
 	{ok,[ModuleName, Function]} ->
@@ -450,6 +462,18 @@ eval(#mod{request_uri = ReqUri, method = "POST",
 		       ?NICE("Eval mechanism doesn't support method POST")}}|
 	      Data]};

+eval(#mod{request_uri = ReqUri, method = "PUT",
+	  http_version = Version, data = Data}, _ESIBody, _Modules) ->
+    {proceed,[{status,{501,{"PUT", ReqUri, Version},
+		       ?NICE("Eval mechanism doesn't support method PUT")}}|
+	      Data]};
+
+eval(#mod{request_uri = ReqUri, method = "DELETE",
+	  http_version = Version, data = Data}, _ESIBody, _Modules) ->
+    {proceed,[{status,{501,{"DELETE", ReqUri, Version},
+		       ?NICE("Eval mechanism doesn't support method DELETE")}}|
+	      Data]};
+
 eval(#mod{method = Method} = ModData, ESIBody, Modules)
   when Method == "GET"; Method == "HEAD" ->
     case is_authorized(ESIBody, Modules) of
--


More information about the erlang-bugs mailing list