I was playing around with explicitly calling listen to set up a health check port and wanted to see what effect providing different paths was. First I tried / and I was kind of flummoxed when an accidental curl to /act still worked.
Turns out the path checking only searches for the path being at the beginning, it is thus possible under the default options to access the act routes via, e.g.:
I was playing around with explicitly calling
listen
to set up a health check port and wanted to see what effect providing different paths was. First I tried/
and I was kind of flummoxed when an accidental curl to/act
still worked.Turns out the path checking only searches for the path being at the beginning, it is thus possible under the default options to access the act routes via, e.g.:
/act-some-extra-text-who-cares-lol?cmd=test
The code here: https://github.com/senecajs/seneca-transport/blob/v2.1.1/lib/http.js#L210-L212 should probably be run through
url.parse
and use the pathname to compare against provided path.... e.g,:And on that note, if that condition is true, the request is never responded to and will time out. This should probably return
404
and end the request.