From 1b0c65c299ebfd6da1f841289e7e8ee867b1644e Mon Sep 17 00:00:00 2001
From: Hitoshi Mitake <mitake.hitoshi@lab.ntt.co.jp>
Date: Tue, 20 Oct 2015 17:19:42 +0900
Subject: [PATCH] etcdserver: don't allow methods other than GET in /debug/vars

Currently, /debug/vars seems to allow all types of methods e.g. PUT,
POST, etc. However, this path is a readonly stuff so it should allow
GET only.
---
 etcdserver/etcdhttp/client.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/etcdserver/etcdhttp/client.go b/etcdserver/etcdhttp/client.go
index e56f7b4e9..d8082769a 100644
--- a/etcdserver/etcdhttp/client.go
+++ b/etcdserver/etcdhttp/client.go
@@ -324,6 +324,10 @@ func (h *statsHandler) serveLeader(w http.ResponseWriter, r *http.Request) {
 }
 
 func serveVars(w http.ResponseWriter, r *http.Request) {
+	if !allowMethod(w, r.Method, "GET") {
+		return
+	}
+
 	w.Header().Set("Content-Type", "application/json; charset=utf-8")
 	fmt.Fprintf(w, "{\n")
 	first := true