From 61ad5abc2bc45b7cb405b59d6bc095ff1e12a5cf Mon Sep 17 00:00:00 2001
From: Rainer Killinger <killinger@hrz.uni-frankfurt.de>
Date: Tue, 24 Nov 2020 17:04:30 +0100
Subject: [PATCH] fix:  deny PUT method requests

---
 fixtures/cors.template         | 2 +-
 fixtures/visibleRoute.template | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/fixtures/cors.template b/fixtures/cors.template
index f1cdf33c..7cfbec6e 100644
--- a/fixtures/cors.template
+++ b/fixtures/cors.template
@@ -1,6 +1,6 @@
 add_header 'Access-Control-Allow-Origin' '*';
 add_header 'Access-Control-Allow-Credentials' 'true';
-add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT';
+add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
 add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-StApps-Version';
 add_header 'Access-Control-Max-Age' 1728000;
 add_header 'Content-Type' 'text/plain charset=UTF-8';
diff --git a/fixtures/visibleRoute.template b/fixtures/visibleRoute.template
index cd27fc00..678eca88 100644
--- a/fixtures/visibleRoute.template
+++ b/fixtures/visibleRoute.template
@@ -33,7 +33,7 @@ location  {{{ route }}} {
         {{{ cors }}}
 	    return 503;
     }
-    limit_except GET OPTIONS POST PUT {
+    limit_except GET OPTIONS POST {
         deny all;
     }
     # backend is available