I was playing around with explicitly calling listen to set up a health check port and wanted to see what effect providing different paths was. First I tried / and I was kind of flummoxed when an accidental curl to /act still worked.
Turns out the path checking only searches for the path being at the beginning, it is thus possible under the default options to access the act routes via, e.g.:
I was playing around with explicitly calling
listento set up a health check port and wanted to see what effect providing different paths was. First I tried/and I was kind of flummoxed when an accidental curl to/actstill worked.Turns out the path checking only searches for the path being at the beginning, it is thus possible under the default options to access the act routes via, e.g.:
/act-some-extra-text-who-cares-lol?cmd=testThe code here: https://github.com/senecajs/seneca-transport/blob/v2.1.1/lib/http.js#L210-L212 should probably be run through
url.parseand use the pathname to compare against provided path.... e.g,:And on that note, if that condition is true, the request is never responded to and will time out. This should probably return
404and end the request.