Prevent access to Fauxton on node-local port (5986)1198-no-5986-fauxton

Will help stop people shooting themselves in the foot and/or using
node-local CouchDB as their "main" CouchDB port.

Closes #1198

3 files changed, 7 insertions, 54 deletions

diff --git a/src/couch/test/couchdb_csp_tests.erl b/src/chttpd/test/chttpd_csp_tests.erl
index 5eb33f909..e86436254 100644
--- a/src/couch/test/couchdb_csp_tests.erl
+++ b/src/chttpd/test/chttpd_csp_tests.erl
@@ -10,29 +10,28 @@
 % License for the specific language governing permissions and limitations under
 % the License.
 
--module(couchdb_csp_tests).
+-module(chttpd_csp_tests).
 
 -include_lib("couch/include/couch_eunit.hrl").
 
--define(TIMEOUT, 1000).
-
 
 setup() ->
     ok = config:set("csp", "enable", "true", false),
-    Addr = config:get("httpd", "bind_address", "127.0.0.1"),
-    Port = integer_to_list(mochiweb_socket_server:get(couch_httpd, port)),
+    Addr = config:get("chttpd", "bind_address", "127.0.0.1"),
+    Port = mochiweb_socket_server:get(chttpd, port),
     lists:concat(["http://", Addr, ":", Port, "/_utils/"]).
 
 teardown(_) ->
     ok.
 
 
+
 csp_test_() ->
     {
         "Content Security Policy tests",
         {
             setup,
-            fun test_util:start_couch/0, fun test_util:stop_couch/1,
+            fun chttpd_test_util:start_couch/0, fun chttpd_test_util:stop_couch/1,
             {
                 foreach,
                 fun setup/0, fun teardown/1,
diff --git a/src/couch/src/couch_httpd_misc_handlers.erl b/src/couch/src/couch_httpd_misc_handlers.erl
index ddc3d64b0..e2fc9f2fc 100644
--- a/src/couch/src/couch_httpd_misc_handlers.erl
+++ b/src/couch/src/couch_httpd_misc_handlers.erl
@@ -61,30 +61,9 @@ handle_file_req(#httpd{method='GET'}=Req, Document) ->
 handle_file_req(Req, _) ->
     send_method_not_allowed(Req, "GET,HEAD").
 
-handle_utils_dir_req(#httpd{method='GET'}=Req, DocumentRoot) ->
-    "/" ++ UrlPath = couch_httpd:path(Req),
-    case couch_httpd:partition(UrlPath) of
-    {_ActionKey, "/", RelativePath} ->
-        % GET /_utils/path or GET /_utils/
-        CachingHeaders = [{"Cache-Control", "private, must-revalidate"}],
-        EnableCsp = config:get("csp", "enable", "false"),
-        Headers = maybe_add_csp_headers(CachingHeaders, EnableCsp),
-        couch_httpd:serve_file(Req, RelativePath, DocumentRoot, Headers);
-    {_ActionKey, "", _RelativePath} ->
-        % GET /_utils
-        RedirectPath = couch_httpd:path(Req) ++ "/",
-        couch_httpd:send_redirect(Req, RedirectPath)
-    end;
 handle_utils_dir_req(Req, _) ->
-    send_method_not_allowed(Req, "GET,HEAD").
-
-maybe_add_csp_headers(Headers, "true") ->
-    DefaultValues = "default-src 'self'; img-src 'self' data:; font-src 'self'; "
-                    "script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline';",
-    Value = config:get("csp", "header_value", DefaultValues),
-    [{"Content-Security-Policy", Value} | Headers];
-maybe_add_csp_headers(Headers, _) ->
-    Headers.
+    send_error(Req, 410, <<"no_node_local_fauxton">>,
+        ?l2b("The web interface is no longer available on the node-local port.")).
 
 
 handle_all_dbs_req(#httpd{method='GET'}=Req) ->
diff --git a/src/couch/test/couchdb_vhosts_tests.erl b/src/couch/test/couchdb_vhosts_tests.erl
index dfac73cb3..2562a0653 100644
--- a/src/couch/test/couchdb_vhosts_tests.erl
+++ b/src/couch/test/couchdb_vhosts_tests.erl
@@ -46,14 +46,6 @@ setup() ->
     couch_db:ensure_full_commit(Db),
     couch_db:close(Db),
 
-    test_util:with_process_restart(couch_httpd, fun() ->
-        config:set("httpd_global_handlers", "_utils",
-            "{couch_httpd_misc_handlers, handle_utils_dir_req, <<\""
-                ++ ?TEMPDIR
-                ++ "\">>}"
-        )
-    end),
-
     Addr = config:get("httpd", "bind_address", "127.0.0.1"),
     Port = integer_to_list(mochiweb_socket_server:get(couch_httpd, port)),
     Url = "http://" ++ Addr ++ ":" ++ Port,
@@ -76,7 +68,6 @@ vhosts_test_() ->
                 [
                     fun should_return_database_info/1,
                     fun should_return_revs_info/1,
-                    fun should_serve_utils_for_vhost/1,
                     fun should_return_virtual_request_path_field_in_request/1,
                     fun should_return_real_request_path_field_in_request/1,
                     fun should_match_wildcard_vhost/1,
@@ -122,22 +113,6 @@ should_return_revs_info({Url, DbName}) ->
         end
     end).
 
-should_serve_utils_for_vhost({Url, DbName}) ->
-    ?_test(begin
-        ok = config:set("vhosts", "example.com", "/" ++ DbName, false),
-        ensure_index_file(),
-        case test_request:get(Url ++ "/_utils/index.html", [],
-                              [{host_header, "example.com"}]) of
-            {ok, _, _, Body} ->
-                ?assertMatch(<<"<!DOCTYPE html>", _/binary>>, Body);
-            Else ->
-                erlang:error({assertion_failed,
-                             [{module, ?MODULE},
-                              {line, ?LINE},
-                              {reason, ?iofmt("Request failed: ~p", [Else])}]})
-        end
-    end).
-
 should_return_virtual_request_path_field_in_request({Url, DbName}) ->
     ?_test(begin
         ok = config:set("vhosts", "example1.com",