Comparing changes

This change addresses the issue that currently, any HTTP method is handled by returning success and metrics data, which causes network scanners to report issues. Details: * This change rejects any HTTP methods and resources other than the following: OPTIONS (any) - returns 200 and an 'Allow' header indicating allowed methods GET (any) - returns 200 and metrics GET /favicon.ico - returns 200 and no body (this is no change) Other HTTP methods than these are rejected with 405 "Method Not Allowed" and an 'Allow' header indicating the allowed HTTP methods. Any returned HTTP errors are also displayed in the response body after a hash sign and with a brief hint, e.g. "# HTTP 405 Method Not Allowed: XXX; use OPTIONS or GET". * Needed to pin asgiref to ==3.6.0 also for py3.8 to circumvent the same error as for pypy3.8. Signed-off-by: Andreas Maier <[email protected]>

Details: * This change removes the following CBC ciphers from the default set of ciphers in order to address CVE-2013-0169 (LUCKY13): - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 This is done by listing them in the code, i.e. without any way to configure that by the user. Signed-off-by: Andreas Maier <[email protected]>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Comparing changes

Open a pull request

Commits on Jul 29, 2024

This comparison is taking too long to generate.

Uh oh!