From 3719fc57cc1b560cf32c3e552091852c2c138342 Mon Sep 17 00:00:00 2001
From: MrMelon54 <github@mrmelon54.com>
Date: Sat, 29 Mar 2025 23:48:22 +0000
Subject: [PATCH] Only allow GET requests in the serve handler

---
 serve/serve.go      | 5 +++++
 serve/serve_test.go | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/serve/serve.go b/serve/serve.go
index 11b3fa3..6d00559 100644
--- a/serve/serve.go
+++ b/serve/serve.go
@@ -68,6 +68,11 @@ func cacheBuster(rw http.ResponseWriter, req *http.Request) {
 }
 
 func (h *Handler) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
+	if req.Method != http.MethodGet {
+		http.Error(rw, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)
+		return
+	}
+
 	host, _, err := net.SplitHostPort(req.Host)
 	if err != nil {
 		host = req.Host
diff --git a/serve/serve_test.go b/serve/serve_test.go
index 44469a6..8a11969 100644
--- a/serve/serve_test.go
+++ b/serve/serve_test.go
@@ -53,7 +53,7 @@ func serveTest(t *testing.T, address string, branch string, name string) {
 
 		//goland:noinspection HttpUrlsUsage
 		const httpPrefix = "http://"
-		req := httptest.NewRequest(http.MethodPost, httpPrefix+address, nil)
+		req := httptest.NewRequest(http.MethodGet, httpPrefix+address, nil)
 		if branch != "" {
 			req.AddCookie(&http.Cookie{
 				Name:  "__bluebell-site-beta",