Prevent the /* OPTIONS handler to turn every 404 error into 405.

Fixes: #14572
Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

diff --git a/ext/yahttp/yahttp/router.cpp b/ext/yahttp/yahttp/router.cpp
index 5f6885a887b444dc0b3ad720a292350966663719..312cb5aa0f90cab8b813182c55db2ba0ade369bd 100644 (file)
--- a/ext/yahttp/yahttp/router.cpp
+++ b/ext/yahttp/yahttp/router.cpp
@@ -101,7 +101,13 @@ namespace YaHTTP {
       if (matched && !method.empty() && req->method != method) {
          // method did not match, record it though so we can return correct result
          matched = false;
-         seen = true;
+         // The OPTIONS handler registered in pdns/webserver.cc matches every
+         // url, and would cause "not found" errors to always be superseded
+         // with "found, but wrong method" errors, so don't pretend there has
+         // been a match in this case.
+         if (method != "OPTIONS") {
+           seen = true;
+         }
          continue;
       }
       if (matched) {

diff --git a/regression-tests.api/test_Basics.py b/regression-tests.api/test_Basics.py
index 6acf9a803283801bc9d8daa3700420c8f90ef7f7..329fbd959afd9b55647ca91bd5ed749566a1f4bb 100644 (file)
--- a/regression-tests.api/test_Basics.py
+++ b/regression-tests.api/test_Basics.py
@@ -61,4 +61,13 @@ class TestBasics(ApiTestCase):
         r = self.session.options(self.url("/api/v1/servers/localhost/invalid"))
         self.assertEqual(r.status_code, requests.codes.not_found)
 
+        r = self.session.options(self.url("/api/v1/servers/remotehost"))
+        self.assertEqual(r.status_code, requests.codes.not_found)
+
+        r = self.session.get(self.url("/api/v1/servers/remotehost"))
+        if is_auth():
+            self.assertEqual(r.status_code, requests.codes.not_found)
+        else:
+            self.assertEqual(r.status_code, requests.codes.unauthorized)
+
         print("response", repr(r.headers))