From: Remi Gacogne Date: Tue, 22 Aug 2017 09:48:07 +0000 (+0200) Subject: auth: Deny cache flush, zone retrieve and notify if the API is RO X-Git-Tag: auth-4.1.0~8^2 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=136965be8e314dc83fd04f8675356a8fb36089de;p=pdns auth: Deny cache flush, zone retrieve and notify if the API is RO --- diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc index d30bd6d77..70f4ce779 100644 --- a/pdns/ws-auth.cc +++ b/pdns/ws-auth.cc @@ -1443,7 +1443,7 @@ static void apiServerZoneExport(HttpRequest* req, HttpResponse* resp) { static void apiServerZoneAxfrRetrieve(HttpRequest* req, HttpResponse* resp) { DNSName zonename = apiZoneIdToName(req->parameters["id"]); - if(req->method != "PUT") + if(req->method != "PUT" || ::arg().mustDo("api-readonly")) throw HttpMethodNotAllowedException(); UeberBackend B; @@ -1462,7 +1462,7 @@ static void apiServerZoneAxfrRetrieve(HttpRequest* req, HttpResponse* resp) { static void apiServerZoneNotify(HttpRequest* req, HttpResponse* resp) { DNSName zonename = apiZoneIdToName(req->parameters["id"]); - if(req->method != "PUT") + if(req->method != "PUT" || ::arg().mustDo("api-readonly")) throw HttpMethodNotAllowedException(); UeberBackend B; @@ -1824,7 +1824,7 @@ static void apiServerSearchData(HttpRequest* req, HttpResponse* resp) { } void apiServerCacheFlush(HttpRequest* req, HttpResponse* resp) { - if(req->method != "PUT") + if(req->method != "PUT" || ::arg().mustDo("api-readonly")) throw HttpMethodNotAllowedException(); DNSName canon = apiNameToDNSName(req->getvars["domain"]);