From 8fc8626b57d99e568758dbecebffd5fa12235e22 Mon Sep 17 00:00:00 2001
From: Simon Esposito <simon@heroiclabs.com>
Date: Tue, 4 Aug 2020 10:34:28 +0100
Subject: [PATCH] Return 404 on unmatched console paths (#444)

---
 server/console.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/server/console.go b/server/console.go
index 530803d4f..41d670082 100644
--- a/server/console.go
+++ b/server/console.go
@@ -123,6 +123,11 @@ func StartConsoleServer(logger *zap.Logger, startupLogger *zap.Logger, db *sql.D
 			// Authentication endpoint doesn't require security.
 			grpcGateway.ServeHTTP(w, r)
 		default:
+			// 404 non console endpoints
+			if !strings.HasPrefix(r.URL.Path, "/v2/console") {
+				w.WriteHeader(http.StatusNotFound)
+				return
+			}
 			// All other endpoints are secured.
 			auth, ok := r.Header["Authorization"]
 			if !ok || len(auth) != 1 || !checkAuth(config, auth[0]) {
-- 
GitLab