From 0ec1f8d4bf79f9919a13d92dcb4e1a42c31a32b0 Mon Sep 17 00:00:00 2001
From: csd113 <xxcsd113xx@gmail.com>
Date: Sun, 22 Mar 2026 00:52:23 -0700
Subject: [PATCH] fixed csp causing test fail

---
 src/config/mod.rs     |  4 ++--
 src/console/mod.rs    | 23 ++---------------------
 src/server/handler.rs | 13 ++++---------
 3 files changed, 8 insertions(+), 32 deletions(-)

diff --git a/src/config/mod.rs b/src/config/mod.rs
index 5d8a84a..3861ea9 100644
--- a/src/config/mod.rs
+++ b/src/config/mod.rs
@@ -78,7 +78,6 @@ fn serialize_ip_addr<S: serde::Serializer>(addr: &IpAddr, s: S) -> Result<S::Ok,
 pub enum CspLevel {
     /// No `Content-Security-Policy` header is sent. The browser applies its
     /// own defaults. Recommended starting point — tighten once the site works.
-    #[default]
     Off,
     /// Sends `default-src * 'unsafe-inline' 'unsafe-eval' data: blob:`.
     ///
@@ -92,6 +91,7 @@ pub enum CspLevel {
     /// font-src 'self' data:`
     ///
     /// Suitable for self-contained sites that serve all assets locally.
+    #[default]
     Strict,
 }
 
@@ -229,7 +229,7 @@ impl Default for Config {
                 auto_port_fallback: true,
                 open_browser_on_start: false,
                 max_connections: 256,
-                csp_level: CspLevel::Off,
+                csp_level: CspLevel::Strict,
             },
             site: SiteConfig {
                 directory: "site".into(),
diff --git a/src/console/mod.rs b/src/console/mod.rs
index 346ca39..edf4bbe 100644
--- a/src/console/mod.rs
+++ b/src/console/mod.rs
@@ -65,27 +65,8 @@ pub fn start(
     metrics: SharedMetrics,
     mut shutdown: watch::Receiver<bool>,
 ) -> Result<tokio::sync::mpsc::UnboundedReceiver<KeyEvent>> {
-    // On Windows, the console host must have VT (Virtual Terminal) escape-
-    // sequence processing enabled before we write any ANSI colour codes.
-    // Windows Terminal and modern ConHost (Win 10 1903+) enable it
-    // automatically, but older ConHost versions (Windows Server 2016/2019 with
-    // default settings) do not.  Without this, colour escape sequences appear
-    // as literal characters (e.g. "^[[32m") rather than being interpreted.
-    //
-    // Failure is non-fatal: the terminal is still functional, just monochrome.
-    // We warn so the operator knows why colours are missing rather than
-    // silently degrading.
-    #[cfg(windows)]
-    if let Err(e) = execute!(
-        stdout(),
-        crossterm::terminal::EnableVirtualTerminalProcessing
-    ) {
-        log::warn!(
-            "Could not enable Windows VT processing: {e}. \
-             ANSI colours may not render correctly. \
-             Upgrade to Windows Terminal or Windows 10 1903+ for full colour support."
-        );
-    }
+    // crossterm 0.27+ enables Windows VT (Virtual Terminal) processing
+    // automatically — no manual call needed.
 
     // 4.1 — map crossterm io errors to AppError::Console.
     terminal::enable_raw_mode()
diff --git a/src/server/handler.rs b/src/server/handler.rs
index abe882f..01d5d22 100644
--- a/src/server/handler.rs
+++ b/src/server/handler.rs
@@ -120,7 +120,7 @@ async fn receive_request(
                 stream
                     .write_all(
                         b"HTTP/1.1 200 OK\r\n\
-                          Allow: GET, HEAD, POST, OPTIONS\r\n\
+                          Allow: GET, HEAD, OPTIONS\r\n\
                           Content-Length: 0\r\n\
                           Connection: close\r\n\
                           \r\n",
@@ -133,7 +133,7 @@ async fn receive_request(
                 stream
                     .write_all(
                         b"HTTP/1.1 405 Method Not Allowed\r\n\
-                          Allow: GET, HEAD, POST, OPTIONS\r\n\
+                          Allow: GET, HEAD, OPTIONS\r\n\
                           Content-Length: 0\r\n\
                           Connection: close\r\n\
                           \r\n",
@@ -470,18 +470,13 @@ fn parse_path(request: &str) -> ParseResult<'_> {
     let Some(method) = it.next() else {
         return ParseResult::BadRequest;
     };
-    if method != "GET" && method != "HEAD" && method != "POST" {
+    if method != "GET" && method != "HEAD" {
         return ParseResult::MethodNotAllowed { method };
     }
     let Some(path) = it.next() else {
         return ParseResult::BadRequest;
     };
-    // Treat POST as GET — this is a static file server with no POST semantics.
-    // Serving the file is the correct response; the browser gets what it navigated to.
-    ParseResult::Ok {
-        method: if method == "HEAD" { "HEAD" } else { "GET" },
-        path,
-    }
+    ParseResult::Ok { method, path }
 }
 
 // ─── Path resolution ─────────────────────────────────────────────────────────