From 96840e2d6791e5db71337a3263e8d187848b9d84 Mon Sep 17 00:00:00 2001
From: "Aral Balkan (LabTop)" <mail+elementary-labtop@ar.al>
Date: Sun, 16 Jan 2022 21:19:34 +0000
Subject: [PATCH 1/2] fix: only handle get requests

---
 packages/sirv/index.js |  5 +++++
 tests/sirv.js          | 14 ++++++++++++++
 2 files changed, 19 insertions(+)

diff --git a/packages/sirv/index.js b/packages/sirv/index.js
index fe01068..4c31b52 100644
--- a/packages/sirv/index.js
+++ b/packages/sirv/index.js
@@ -160,6 +160,11 @@ export default function (dir, opts={}) {
 	let lookup = opts.dev ? viaLocal.bind(0, dir, isEtag) : viaCache.bind(0, FILES);
 
 	return function (req, res, next) {
+		// only handle GET requests
+		if (req.method !== 'GET') {
+			return next ? next() : isNotFound(req, res);
+		}
+
 		let extns = [''];
 		let pathname = parse(req).pathname;
 		let val = req.headers['accept-encoding'] || '';
diff --git a/tests/sirv.js b/tests/sirv.js
index 9aa4597..4570013 100644
--- a/tests/sirv.js
+++ b/tests/sirv.js
@@ -31,6 +31,20 @@ types.run();
 
 const basic = suite('basics');
 
+basic('should only handle GET requests', async () => {
+	let server = utils.http();
+
+	try {
+		let res = await server.send('POST', '/contact').catch(err => {
+			assert.is(err.statusCode, 404);
+		})
+		assert.is(res, undefined)
+	}
+	finally {
+		server.close();
+	}
+})
+
 basic('should return the file if found', async () => {
 	let server = utils.http();
 

From 4e8472e1bfc2bb03fc062f50155df1db210a51f7 Mon Sep 17 00:00:00 2001
From: "Aral Balkan (LabTop)" <mail+elementary-labtop@ar.al>
Date: Sun, 16 Jan 2022 21:49:18 +0000
Subject: [PATCH 2/2] fix: do not handle websocket requests

---
 packages/sirv/index.js |  4 ++--
 tests/sirv.js          | 16 ++++++++++++++++
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/packages/sirv/index.js b/packages/sirv/index.js
index 4c31b52..9a6c8f6 100644
--- a/packages/sirv/index.js
+++ b/packages/sirv/index.js
@@ -160,8 +160,8 @@ export default function (dir, opts={}) {
 	let lookup = opts.dev ? viaLocal.bind(0, dir, isEtag) : viaCache.bind(0, FILES);
 
 	return function (req, res, next) {
-		// only handle GET requests
-		if (req.method !== 'GET') {
+		// only handle GET requests that are not WebSocket requests
+		if (req.method !== 'GET' || req.headers.upgrade) {
 			return next ? next() : isNotFound(req, res);
 		}
 
diff --git a/tests/sirv.js b/tests/sirv.js
index 4570013..1604c67 100644
--- a/tests/sirv.js
+++ b/tests/sirv.js
@@ -45,6 +45,22 @@ basic('should only handle GET requests', async () => {
 	}
 })
 
+basic('should not handle WebSocket requests', async () => {
+	let server = utils.http();
+
+	try {
+		// mock a websocket upgrade request
+		const headers = {'Upgrade': 'websocket' }
+		let res = await server.send('GET', '/contact', { headers }).catch(err => {
+			assert.is(err.statusCode, 404);
+		})
+		assert.is(res, undefined)
+	}
+	finally {
+		server.close();
+	}
+})
+
 basic('should return the file if found', async () => {
 	let server = utils.http();