From 658d4d426cb37fbacd88088a54f0d430e76233a0 Mon Sep 17 00:00:00 2001
From: andrewbrazzatti <andrew@redboxresearchdata.com.au>
Date: Mon, 24 Jun 2024 17:23:16 +1000
Subject: [PATCH] Added disallowedHeadRequestHandler policy and setup routes to
 use it when a head request is made to the begin_oidc endpoint as the OIDC
 library errors when a head request is made (#2241)

---
 api/policies/disallowedHeadRequestHandler.js | 6 ++++++
 config/routes.js                             | 3 +++
 2 files changed, 9 insertions(+)
 create mode 100644 api/policies/disallowedHeadRequestHandler.js

diff --git a/api/policies/disallowedHeadRequestHandler.js b/api/policies/disallowedHeadRequestHandler.js
new file mode 100644
index 0000000000..467530f27a
--- /dev/null
+++ b/api/policies/disallowedHeadRequestHandler.js
@@ -0,0 +1,6 @@
+module.exports = function (req, res, next) {
+    if (req.method === 'HEAD') {
+      return res.badRequest('Bad Request: HEAD method is not allowed');;
+    }
+    return next();
+  };
\ No newline at end of file
diff --git a/config/routes.js b/config/routes.js
index de9158633b..4bf5cd7a0a 100644
--- a/config/routes.js
+++ b/config/routes.js
@@ -141,6 +141,9 @@ module.exports.routes = {
     action: 'openIdConnectLogin',
     csrf: false
   },
+  'HEAD /user/begin_oidc': {
+    policy: 'disallowedHeadRequestHandler'
+  },
   'get /user/begin_oidc': {
     controller: 'UserController',
     action: 'beginOidc',