commit: option SUPPRESS_METHODS_EXCEPT_GET

lib.d/do-configure.pl

@@ -338,6 +338,7 @@ sub DoProject {
 &SetEnv("suppress_header_csp", 1); # eventually header_csp_rewrite?
 &SetEnv("suppress_header_hpkp", 1);
 &SetEnv("suppress_header_hsts", 1);
+&SetEnv("suppress_methods_except_get", 0);
 
 &SetEnv("SCRIPT_NAMES", "bounce.sh debugoff.sh debugon.sh harvest.sh maps.sh nxreload.sh start.sh status.sh stop.sh syntax.sh torreload.sh");
 &SetEnv("SCRIPT_PAUSE", 5);

templates.d/nginx.conf.txt

@@ -101,7 +101,7 @@ http {
   ;
   %%END
 
-  # fix the header-redirects; TODO: CHECK THIS DWYW
+  # fix the header-redirects
   %%BEGIN
   proxy_redirect
   ~*^(.*?)\\b%DNS_DOMAIN_RE2%\\b(.*)$
@@ -221,6 +221,8 @@ http {
     location ~*^/hello[-_]onion/?$ {
       return 200 "Hello, Onion User!";
     }
+    %%ELSE
+    # no "hello-onion" endpoint
     %%ENDIF
 
     # for traffic
@@ -242,6 +244,15 @@ http {
         return onion2dns(ngx.var.http_origin)
       }
       proxy_set_header Origin $origin2;
+
+      %%IF %SUPPRESS_METHODS_EXCEPT_GET%
+      # suppress non-GET methods (e.g.: POST)
+      limit_except GET {
+        deny all;
+      }
+      %%ELSE
+      # non-GET methods (e.g.: POST) are not suppressed
+      %%ENDIF
     }
   }