From 81d6f379a6161ad121816aaf49ec0975433b74b1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Karel=20Pi=C4=8Dman?= <karel.picman@kontron.com>
Date: Fri, 6 Oct 2023 10:34:08 +0200
Subject: [PATCH] Security enhancement

---
 config/routes.rb | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/config/routes.rb b/config/routes.rb
index 51fdf47c..2c906b69 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -186,8 +186,10 @@ if Redmine::Plugin.installed? 'redmine_dmsf'
 
     # WebDAV workaround for clients checking WebDAV availability in the root
     unless Redmine::Plugin.installed?('easy_extensions')
-      match '/', to: ->(env) { [405, {}, [env.to_s]] }, via: %i[propfind options]
+      match '/', to: ->(env) { [405, {}, ["#{env['REQUEST_METHOD']} method is not allowed"]] },
+            via: %i[propfind options]
     end
-    match '/dmsf', to: ->(env) { [405, {}, [env.to_s]] }, via: %i[propfind options]
+    match '/dmsf', to: ->(env) { [405, {}, ["#{env['REQUEST_METHOD']} method is not allowed"]] },
+          via: %i[propfind options]
   end
 end