diff --git a/api/policies/disallowedHeadRequestHandler.js b/api/policies/disallowedHeadRequestHandler.js new file mode 100644 index 0000000000..467530f27a --- /dev/null +++ b/api/policies/disallowedHeadRequestHandler.js @@ -0,0 +1,6 @@ +module.exports = function (req, res, next) { + if (req.method === 'HEAD') { + return res.badRequest('Bad Request: HEAD method is not allowed');; + } + return next(); + }; \ No newline at end of file diff --git a/config/routes.js b/config/routes.js index de9158633b..4bf5cd7a0a 100644 --- a/config/routes.js +++ b/config/routes.js @@ -141,6 +141,9 @@ module.exports.routes = { action: 'openIdConnectLogin', csrf: false }, + 'HEAD /user/begin_oidc': { + policy: 'disallowedHeadRequestHandler' + }, 'get /user/begin_oidc': { controller: 'UserController', action: 'beginOidc', diff --git a/core/package-lock.json b/core/package-lock.json index 2b4d7b2722..96ad7ff234 100644 --- a/core/package-lock.json +++ b/core/package-lock.json @@ -27,9 +27,9 @@ "integrity": "sha512-5xxU8vVs9/FNcvm3gE07fPbn9tl6tqGGWA9tSlwsUEkBxtRnTsNmwrV8gasZ9F/EobaSv9+nu8AxUKccw77JpQ==" }, "node_modules/@types/node": { - "version": "20.14.2", - "resolved": "https://registry.npmjs.org/@types/node/-/node-20.14.2.tgz", - "integrity": "sha512-xyu6WAMVwv6AKFLB+e/7ySZVr/0zLCzOa7rSpq6jNwpqOrUbcACDWC+53d4n2QHOnDou0fbIsg8wZu/sxrnI4Q==", + "version": "20.14.8", + "resolved": "https://registry.npmjs.org/@types/node/-/node-20.14.8.tgz", + "integrity": "sha512-DO+2/jZinXfROG7j7WKFn/3C6nFwxy2lLpgLjEXJz+0XKphZlTLJ14mo8Vfg8X5BWN6XjyESXq+LcYdT7tR3bA==", "dev": true, "dependencies": { "undici-types": "~5.26.4" @@ -90,9 +90,9 @@ "dev": true }, "node_modules/typescript": { - "version": "5.4.5", - "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.4.5.tgz", - "integrity": "sha512-vcI4UpRgg81oIRUFwR0WSIHKt11nJ7SAVlYNIu+QpqeyXP+gpQJy/Z4+F0aGxSE4MqwjyXvW/TzgkLAx2AGHwQ==", + "version": "5.5.2", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.5.2.tgz", + "integrity": "sha512-NcRtPEOsPFFWjobJEtfihkLCZCXZt/os3zf8nTxjVH3RvTSxjrCamJpbExGvYOF+tFHc3pA65qpdwPbzjohhew==", "dev": true, "bin": { "tsc": "bin/tsc", @@ -116,9 +116,9 @@ "integrity": "sha512-5xxU8vVs9/FNcvm3gE07fPbn9tl6tqGGWA9tSlwsUEkBxtRnTsNmwrV8gasZ9F/EobaSv9+nu8AxUKccw77JpQ==" }, "@types/node": { - "version": "20.14.2", - "resolved": "https://registry.npmjs.org/@types/node/-/node-20.14.2.tgz", - "integrity": "sha512-xyu6WAMVwv6AKFLB+e/7ySZVr/0zLCzOa7rSpq6jNwpqOrUbcACDWC+53d4n2QHOnDou0fbIsg8wZu/sxrnI4Q==", + "version": "20.14.8", + "resolved": "https://registry.npmjs.org/@types/node/-/node-20.14.8.tgz", + "integrity": "sha512-DO+2/jZinXfROG7j7WKFn/3C6nFwxy2lLpgLjEXJz+0XKphZlTLJ14mo8Vfg8X5BWN6XjyESXq+LcYdT7tR3bA==", "dev": true, "requires": { "undici-types": "~5.26.4" @@ -173,9 +173,9 @@ "dev": true }, "typescript": { - "version": "5.4.5", - "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.4.5.tgz", - "integrity": "sha512-vcI4UpRgg81oIRUFwR0WSIHKt11nJ7SAVlYNIu+QpqeyXP+gpQJy/Z4+F0aGxSE4MqwjyXvW/TzgkLAx2AGHwQ==", + "version": "5.5.2", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.5.2.tgz", + "integrity": "sha512-NcRtPEOsPFFWjobJEtfihkLCZCXZt/os3zf8nTxjVH3RvTSxjrCamJpbExGvYOF+tFHc3pA65qpdwPbzjohhew==", "dev": true }, "undici-types": { diff --git a/package-lock.json b/package-lock.json index 1c3a12c3ee..e54350043d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -82,7 +82,7 @@ "typescript-json-schema": "^0.64.0", "typescript-require": "~0.3.0", "url-pattern": "^1.0.3", - "webpack": "^5.92.0", + "webpack": "^5.92.1", "zone.js": "^0.14.7" }, "devDependencies": { @@ -93,7 +93,7 @@ "chai": "^5.1.1", "ejs-cli": "^2.2.3", "istanbul": "^0.4.5", - "mocha": "^10.4.0", + "mocha": "^10.5.0", "mocha-junit-reporter": "^2.2.1", "supertest": "^7.0.0", "uglify-es": "^3.3.10" @@ -5208,13 +5208,14 @@ } }, "node_modules/mocha": { - "version": "10.4.0", + "version": "10.5.0", + "resolved": "https://registry.npmjs.org/mocha/-/mocha-10.5.0.tgz", + "integrity": "sha512-KoCXMKfW2OMsvCbaJJFPdzg36lI9+tMH7yyXCoKh6PpFo7BAC/xqG7Ct/aitJDrGbIGcN2IT3cx3bZ6PDGaXmA==", "dev": true, - "license": "MIT", "dependencies": { "ansi-colors": "4.1.1", "browser-stdout": "1.3.1", - "chokidar": "3.5.3", + "chokidar": "^3.5.3", "debug": "4.3.4", "diff": "5.0.0", "escape-string-regexp": "4.0.0", @@ -5302,32 +5303,6 @@ "dev": true, "license": "Python-2.0" }, - "node_modules/mocha/node_modules/chokidar": { - "version": "3.5.3", - "dev": true, - "funding": [ - { - "type": "individual", - "url": "https://paulmillr.com/funding/" - } - ], - "license": "MIT", - "dependencies": { - "anymatch": "~3.1.2", - "braces": "~3.0.2", - "glob-parent": "~5.1.2", - "is-binary-path": "~2.1.0", - "is-glob": "~4.0.1", - "normalize-path": "~3.0.0", - "readdirp": "~3.6.0" - }, - "engines": { - "node": ">= 8.10.0" - }, - "optionalDependencies": { - "fsevents": "~2.3.2" - } - }, "node_modules/mocha/node_modules/cliui": { "version": "7.0.4", "dev": true, @@ -9097,9 +9072,9 @@ } }, "node_modules/webpack": { - "version": "5.92.0", - "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.92.0.tgz", - "integrity": "sha512-Bsw2X39MYIgxouNATyVpCNVWBCuUwDgWtN78g6lSdPJRLaQ/PUVm/oXcaRAyY/sMFoKFQrsPeqvTizWtq7QPCA==", + "version": "5.92.1", + "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.92.1.tgz", + "integrity": "sha512-JECQ7IwJb+7fgUFBlrJzbyu3GEuNBcdqr1LD7IbSzwkSmIevTm8PF+wej3Oxuz/JFBUZ6O1o43zsPkwm1C4TmA==", "dependencies": { "@types/eslint-scope": "^3.7.3", "@types/estree": "^1.0.5", diff --git a/package.json b/package.json index 3f9a33d0c6..4cde7cd451 100644 --- a/package.json +++ b/package.json @@ -77,7 +77,7 @@ "typescript-json-schema": "^0.64.0", "typescript-require": "~0.3.0", "url-pattern": "^1.0.3", - "webpack": "^5.92.0", + "webpack": "^5.92.1", "zone.js": "^0.14.7" }, "scripts": { @@ -114,7 +114,7 @@ "chai": "^5.1.1", "ejs-cli": "^2.2.3", "istanbul": "^0.4.5", - "mocha": "^10.4.0", + "mocha": "^10.5.0", "mocha-junit-reporter": "^2.2.1", "supertest": "^7.0.0", "uglify-es": "^3.3.10"