From 2887824529e4f55866488fc1d7ebe60486e17853 Mon Sep 17 00:00:00 2001
From: Nathan LeClaire <nathan.leclaire@gmail.com>
Date: Fri, 6 Jan 2017 15:45:44 -0800
Subject: [PATCH] Check request type in /diagnose

Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com>
---
 alpine/packages/diagnostics/http.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/alpine/packages/diagnostics/http.go b/alpine/packages/diagnostics/http.go
index d86668654..0e321ab2f 100644
--- a/alpine/packages/diagnostics/http.go
+++ b/alpine/packages/diagnostics/http.go
@@ -50,6 +50,11 @@ func (h HTTPDiagnosticListener) Listen() {
 	})
 
 	http.HandleFunc("/diagnose", func(w http.ResponseWriter, r *http.Request) {
+		if r.Method != http.MethodPost {
+			http.Error(w, "Invalid request type.  Should be POST with form value 'session' set", http.StatusBadRequest)
+			return
+		}
+
 		diagnosticsSessionID := r.FormValue(sessionIDField)
 
 		if diagnosticsSessionID == "" {