diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/lib.rs | 12 |
1 files changed, 12 insertions, 0 deletions
@@ -143,6 +143,18 @@ pub async fn filter_request( | (&Method::OPTIONS, [index, ""]) => { filter_read_request(index, path_chunks[1], ¶ms, config)? } + (&Method::GET, [index]) + | (&Method::HEAD, [index]) + | (&Method::OPTIONS, [index]) => { + // only allow operations on index name (no trailing slash) if not "unsafe_all_indices" + // (aka, only if indexes are explicitly enumerated) + // otherwise all top-level API endpoints would be allowed + if config.unsafe_all_indices != Some(true) { + filter_read_request(index, "", ¶ms, config)? + } else { + Err(ProxyError::NotSupported("unknown elasticsearch API endpoint".to_string()))? + } + } (&Method::GET, [index, "_mapping"]) | (&Method::HEAD, [index, "_mapping"]) | (&Method::OPTIONS, [index, "_mapping"]) => { |