From ee614ace35138709de1a53befed3dd27fa550f81 Mon Sep 17 00:00:00 2001 From: Armon Dadgar Date: Tue, 19 Aug 2014 10:53:25 -0700 Subject: [PATCH] agent: Enforce PUT for session destroy. Fixes #285. --- command/agent/session_endpoint.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/command/agent/session_endpoint.go b/command/agent/session_endpoint.go index a5c02b4df..760255f22 100644 --- a/command/agent/session_endpoint.go +++ b/command/agent/session_endpoint.go @@ -103,6 +103,12 @@ func FixupLockDelay(raw interface{}) error { // SessionDestroy is used to destroy an existing session func (s *HTTPServer) SessionDestroy(resp http.ResponseWriter, req *http.Request) (interface{}, error) { + // Mandate a PUT request + if req.Method != "PUT" { + resp.WriteHeader(405) + return nil, nil + } + args := structs.SessionRequest{ Op: structs.SessionDestroy, }