From 1af297c537c1bab7112215ac45cfddfa7ba25da5 Mon Sep 17 00:00:00 2001
From: Peter Cai <peter@typeblog.net>
Date: Wed, 24 Nov 2021 18:58:50 -0500
Subject: [PATCH] validate path first before GET and HEAD

---
 src/index.coffee | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/index.coffee b/src/index.coffee
index 99c2e7f..d5ed6da 100644
--- a/src/index.coffee
+++ b/src/index.coffee
@@ -20,6 +20,9 @@ handleRequest = ({ request }) ->
 
 handleHEAD = (request) ->
   url = new URL request.url
+  if url.pathname.endsWith "/"
+    return new Response "Invalid URL",
+      status: 404
 
   resp = await s3.getObject url.pathname[1...], {}
 
@@ -30,6 +33,9 @@ handleHEAD = (request) ->
 
 handleGET = (request) ->
   url = new URL request.url
+  if url.pathname.endsWith "/"
+    return new Response "Invalid URL",
+      status: 404
 
   return await s3.getObject url.pathname[1...], {}