diff --git a/core/httpd.js b/core/httpd.js
index 39fd8077..5e372e4b 100644
--- a/core/httpd.js
+++ b/core/httpd.js
@@ -60,6 +60,7 @@ function Response(request, client) {
 	var kStatusText = {
 		200: 'OK',
 		303: 'See other',
+		403: 'Forbidden',
 		404: 'File not found',
 		500: 'Internal server error',
 	};
@@ -143,8 +144,15 @@ function handleRequest(request, response) {
 
 	if (handler) {
 		try {
-			handler.invoke(request, response);
+			var promise = handler.invoke(request, response);
+			if (promise) {
+				promise.catch(function(error) {
+					print(error);
+					response.reportError(error);
+				});
+			}
 		} catch (error) {
+			print(error);
 			response.reportError(error);
 		}
 	} else {
diff --git a/core/terminal.js b/core/terminal.js
index 82e8b34e..3e42b344 100644
--- a/core/terminal.js
+++ b/core/terminal.js
@@ -243,6 +243,24 @@ function handler(request, response, packageOwner, packageName, uri) {
 						process.terminal.print(error);
 					});
 				}
+			} else if (uri === "/post") {
+				if (isNewSession) {
+					response.writeHead(403, {"Content-Type": "text/plain; charset=utf-8"});
+					print("post too soon");
+					response.end("Too soon.");
+				} else {
+					var payload = JSON.parse(request.body);
+					return invoke(process.eventHandlers['onPost'], [payload]).then(function() {
+						response.writeHead(200, {
+							"Content-Type": "text/plain; charset=utf-8",
+							"Content-Length": "0",
+							"Cache-Control": "no-cache, no-store, must-revalidate",
+							"Pragma": "no-cache",
+							"Expires": "0",
+						});
+						response.end("");
+					});
+				}
 			} else if (uri === "/receive") {
 				if (isNewSession) {
 					var data = JSON.stringify({