allow only GET and HEAD request

config.ru

@@ -5,6 +5,7 @@ ENV['RAILS_ENV']  = ENV['RACK_ENV']
 $: << 'lib'
 require 'travis/web'
 
+use Travis::Web::Allow
 use Travis::Web::ApiRedirect do |config|
   config.api_endpoint = ENV['API_ENDPOINT'] if ENV['API_ENDPOINT']
 end

lib/travis/web.rb

@@ -1,5 +1,6 @@
 module Travis
   module Web
+    autoload :Allow,       'travis/web/allow'
     autoload :ApiRedirect, 'travis/web/api_redirect'
     autoload :App,         'travis/web/app'
   end

lib/travis/web/allow.rb

@@ -0,0 +1,29 @@
+module Travis
+  module Web
+    class Allow
+      attr_accessor :app, :allow, :response
+
+      def initialize(app, options = {})
+        @app      = app
+        @allow    = options[:allow] || ['GET', 'HEAD']
+        @response = options.fetch(:response) do
+          body    = 'request method not allowed'
+          headers = {
+            'Content-Type'   => 'text/plain',
+            'Allow'          => allow.join(', '),
+            'Content-Length' => body.bytesize.to_s
+          }
+          [405, headers, [body]]
+        end
+      end
+
+      def call(env)
+        allow?(env) ? app.call(env) : response
+      end
+
+      def allow?(env)
+        allow.include? env['REQUEST_METHOD']
+      end
+    end
+  end
+end

spec/allow_spec.rb

@@ -0,0 +1,11 @@
+require 'spec_helper'
+
+describe Travis::Web::Allow do
+  example { post('/')    .should_not be_ok }
+  example { delete('/')  .should_not be_ok }
+  example { put('/')     .should_not be_ok }
+  example { patch('/')   .should_not be_ok }
+  example { options('/') .should_not be_ok }
+  example { head('/')    .should     be_ok }
+  example { get('/')     .should     be_ok }
+end