From 0bfa2cf7b99850694e741d8a96ddf821fb3c8c71 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thorben=20G=C3=BCnther?= <admin@xenrox.net>
Date: Sun, 9 Oct 2022 20:03:55 +0200
Subject: [PATCH] Check content type and method

---
 main.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/main.go b/main.go
index 9bc0511..4d46241 100644
--- a/main.go
+++ b/main.go
@@ -33,6 +33,17 @@ type alert struct {
 func (rcv *receiver) handleWebhooks(w http.ResponseWriter, r *http.Request) {
 	defer r.Body.Close()
 
+	if r.Method != http.MethodPost {
+		rcv.logger.Errorf("illegal HTTP method: expected %q, got %q", "POST", r.Method)
+		return
+	}
+
+	contentType := r.Header.Get("Content-Type")
+	if contentType != "application/json" {
+		rcv.logger.Errorf("illegal content type: %s", contentType)
+		return
+	}
+
 	var event payload
 	if err := json.NewDecoder(r.Body).Decode(&event); err != nil {
 		rcv.logger.Error(err)