Added disallowedHeadRequestHandler policy and setup routes to use it …

…when a head request is made to the begin_oidc endpoint as the OIDC library errors when a head request is made (#2241)
redbox-mint · Jun 24, 2024 · 658d4d4 · 658d4d4
1 parent b82dfaf
commit 658d4d4
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 0 deletions.
diff --git a/api/policies/disallowedHeadRequestHandler.js b/api/policies/disallowedHeadRequestHandler.js
@@ -0,0 +1,6 @@
+module.exports = function (req, res, next) {
+    if (req.method === 'HEAD') {
+      return res.badRequest('Bad Request: HEAD method is not allowed');;
+    }
+    return next();
+  };
diff --git a/config/routes.js b/config/routes.js
@@ -141,6 +141,9 @@ module.exports.routes = {
     action: 'openIdConnectLogin',
     csrf: false
   },
+  'HEAD /user/begin_oidc': {
+    policy: 'disallowedHeadRequestHandler'
+  },
   'get /user/begin_oidc': {
     controller: 'UserController',
     action: 'beginOidc',