fix: ensure we aren't allowing methods other than GET for static files

tests/01_get_static_file.test.ts

@@ -34,3 +34,46 @@ Deno.test({
 		}
 	}
 });
+
+Deno.test({
+	name: 'other methods than GET should not work on static files',
+	permissions: {
+		env: true,
+		read: true,
+		write: true,
+		net: true
+	},
+	fn: async () => {
+		let test_server_info: EPHEMERAL_SERVER | null = null;
+		const cwd = Deno.cwd();
+
+		try {
+			Deno.chdir('./tests/www');
+			test_server_info = await get_ephemeral_listen_server();
+
+			for await (const method of ['POST', 'PUT', 'PATCH', 'DELETE']) {
+				const response = await fetch(`http://${test_server_info.hostname}:${test_server_info.port}/test.txt`, {
+					method,
+					body: method === 'DELETE' ? undefined : JSON.stringify({})
+				});
+
+				asserts.assert(!response.ok);
+
+				const body = await response.json();
+				asserts.assert(body);
+
+				asserts.assertEquals(body, {
+					error: {
+						cause: 'not_found',
+						message: 'Not found'
+					}
+				});
+			}
+		} finally {
+			Deno.chdir(cwd);
+			if (test_server_info) {
+				await test_server_info?.server?.stop();
+			}
+		}
+	}
+});