Details

      Description

      The SES Interceptor does not check for an onInvalidHTTPMethod() before throwing the standard error. Starting at line 130 in `coldbox/system/interceptors/SES.cfc`:

      if( structKeyExists(aRoute,"action") && isStruct(aRoute.action) ){
      	// Verify HTTP method used is valid, else throw exception and 403 error
      	if( structKeyExists(aRoute.action,HTTPMethod) ){
      		aRoute.action = aRoute.action[HTTPMethod];
      		// Send for logging in debug mode
      		if( log.canDebug() ){
      			log.debug("Matched HTTP Method (#HTTPMethod#) to routed action: #aRoute.action#");
      		}
      	}
      	else{
      		
      		getUtil().throwInvalidHTTP(className="SES",
      								   detail="The HTTP method used: #HTTPMethod# is not valid for the current executing resource. Valid methods are: #aRoute.action.toString()#",
      						 		   statusText="Invalid HTTP method: #HTTPMethod#",
      						 		   statusCode="405");
      	}
      }
      
      

        Gliffy Diagrams

          Attachments

            Issue links

              Activity

                People

                • Assignee:
                  lmajano Luis Majano
                  Reporter:
                  JClausen Jon Clausen
                • Votes:
                  2 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: