Skip to content

Commit b342e26

Browse files
tvdijentvdijen
committed
Set allowed methods on routers to enhance security
1 parent 43c6242 commit b342e26

File tree

7 files changed

+50
-0
lines changed

7 files changed

+50
-0
lines changed

modules/admin/routing/routes/routes.yml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,58 +5,68 @@ admin-main:
55
defaults: {
66
_controller: 'SimpleSAML\Module\admin\Controller\Config::main'
77
}
8+
methods: [GET]
89

910
admin-diagnostics:
1011
path: /diagnostics
1112
defaults: {
1213
_controller: 'SimpleSAML\Module\admin\Controller\Config::diagnostics'
1314
}
15+
methods: [GET]
1416

1517
admin-phpinfo:
1618
path: /phpinfo
1719
defaults: {
1820
_controller: 'SimpleSAML\Module\admin\Controller\Config::phpinfo'
1921
}
22+
methods: [GET]
2023

2124
admin-sandbox:
2225
path: /sandbox
2326
defaults: {
2427
_controller: 'SimpleSAML\Module\admin\Controller\Sandbox::main'
2528
}
29+
methods: [GET]
2630

2731
admin-test:
2832
path: /test/{as}
2933
defaults: {
3034
_controller: 'SimpleSAML\Module\admin\Controller\Test::main',
3135
as: null
3236
}
37+
methods: [GET]
3338

3439
core-logout:
3540
path: /logout
3641
defaults: {
3742
_controller: 'SimpleSAML\Module\admin\Controller\Test::logout'
3843
}
44+
methods: [GET]
3945

4046
admin-fed:
4147
path: /federation
4248
defaults: {
4349
_controller: 'SimpleSAML\Module\admin\Controller\Federation::main'
4450
}
51+
methods: [GET]
4552

4653
admin-fed-cert:
4754
path: /federation/cert
4855
defaults: {
4956
_controller: 'SimpleSAML\Module\admin\Controller\Federation::downloadCert'
5057
}
58+
methods: [GET]
5159

5260
admin-fed-show:
5361
path: /federation/show
5462
defaults: {
5563
_controller: 'SimpleSAML\Module\admin\Controller\Federation::showRemoteEntity'
5664
}
65+
methods: [GET]
5766

5867
admin-fed-converter:
5968
path: /federation/metadata-converter
6069
defaults: {
6170
_controller: 'SimpleSAML\Module\admin\Controller\Federation::metadataConverter'
6271
}
72+
methods: [POST]

modules/core/routing/routes/routes.yml

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,116 +5,135 @@ core-welcome:
55
defaults: {
66
_controller: 'SimpleSAML\Module\core\Controller\Login::welcome'
77
}
8+
methods: [GET]
89

910
core-account-disco-clearchoices:
1011
path: /account/disco/clearchoices
1112
defaults: {
1213
_controller: 'SimpleSAML\Module\core\Controller\Login::cleardiscochoices'
1314
}
15+
methods: [GET]
1416

1517
core-legacy-login:
1618
path: /login/{as}
1719
defaults: {
1820
_controller: 'Symfony\Bundle\FrameworkBundle\Controller\RedirectController::urlRedirectAction',
1921
path: /module.php/saml/sp/login/, permanent: true
2022
}
23+
methods: [GET]
2124

2225
core-loginuserpass:
2326
path: /loginuserpass
2427
defaults: {
2528
_controller: 'SimpleSAML\Module\core\Controller\Login::loginuserpass'
2629
}
30+
methods: [GET, POST]
2731

2832
core-loginuserpassorg:
2933
path: /loginuserpassorg
3034
defaults: {
3135
_controller: 'SimpleSAML\Module\core\Controller\Login::loginuserpassorg'
3236
}
37+
methods: [GET, POST]
3338

3439
core-error-nocookie:
3540
path: /error/nocookie
3641
defaults: {
3742
_controller: 'SimpleSAML\Module\core\Controller\Exception::nocookie'
3843
}
44+
methods: [GET]
3945

4046
core-cardinality:
4147
path: /error/cardinality
4248
defaults: {
4349
_controller: 'SimpleSAML\Module\core\Controller\Exception::cardinality'
4450
}
51+
methods: [GET]
4552

4653
core-warning-shortssointerval:
4754
path: /warning/short_sso_interval
4855
defaults: {
4956
_controller: 'SimpleSAML\Module\core\Controller\Exception::shortSsoInterval'
5057
}
58+
methods: [GET]
5159

5260
core-post-redirect:
5361
path: /postredirect
5462
defaults: {
5563
_controller: 'SimpleSAML\Module\core\Controller\Redirection::postredirect'
5664
}
65+
methods: [GET]
5766

5867
core-legacy-welcome:
5968
path: /frontpage_welcome.php
6069
defaults: {
6170
_controller: 'Symfony\Bundle\FrameworkBundle\Controller\RedirectController::urlRedirectAction',
6271
path: /admin/, permanent: true
6372
}
73+
methods: [GET]
6474

6575
core-legacy-config:
6676
path: /frontpage_config.php
6777
defaults: {
6878
_controller: 'Symfony\Bundle\FrameworkBundle\Controller\RedirectController::urlRedirectAction',
6979
path: /admin/, permanent: true
7080
}
81+
methods: [GET]
7182

7283
core-legacy-auth:
7384
path: /frontpage_auth.php
7485
defaults: {
7586
_controller: 'Symfony\Bundle\FrameworkBundle\Controller\RedirectController::urlRedirectAction',
7687
path: /admin/test, permanent: true
7788
}
89+
methods: [GET]
7890

7991
core-legacy-federation:
8092
path: /frontpage_federation.php
8193
defaults: {
8294
_controller: 'Symfony\Bundle\FrameworkBundle\Controller\RedirectController::urlRedirectAction',
8395
path: /admin/federation, permanent: true
8496
}
97+
methods: [GET]
8598

8699
core-logout:
87100
path: /logout/{as}
88101
defaults: {
89102
_controller: 'SimpleSAML\Module\core\Controller\Logout::logout'
90103
}
104+
methods: [GET]
91105

92106
core-logout-resume:
93107
path: /logout-resume
94108
defaults: {
95109
_controller: 'SimpleSAML\Module\core\Controller\Logout::resumeLogout'
96110
}
111+
methods: [GET]
97112

98113
core-logout-iframe:
99114
path: /logout-iframe
100115
defaults: {
101116
_controller: 'SimpleSAML\Module\core\Controller\Logout::logoutIframe'
102117
}
118+
methods: [GET]
103119

104120
core-logout-iframe-done:
105121
path: /logout-iframe-done
106122
defaults: {
107123
_controller: 'SimpleSAML\Module\core\Controller\Logout::logoutIframeDone'
108124
}
125+
methods: [GET]
109126

110127
core-logout-iframe-post:
111128
path: /logout-iframe-post
112129
defaults: {
113130
_controller: 'SimpleSAML\Module\core\Controller\Logout::logoutIframePost'
114131
}
132+
methods: [GET]
115133

116134
core-error-report:
117135
path: /errorReport
118136
defaults: {
119137
_controller: '\SimpleSAML\Module\core\Controller\ErrorReport::main'
120138
}
139+
methods: [GET, POST]

modules/cron/routing/routes/routes.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,12 +5,14 @@ cron-croninfo:
55
defaults: {
66
_controller: 'SimpleSAML\Module\cron\Controller\Cron::info'
77
}
8+
methods: [GET]
89

910
cron-run:
1011
path: /run/{tag}/{key}/{output}
1112
defaults: {
1213
_controller: 'SimpleSAML\Module\cron\Controller\Cron::run',
1314
output: 'silent'
1415
}
16+
methods: [GET]
1517
# TODO: Use this instead of controller-code when Symfony 6.1 is available
1618
# condition: "params['key'] not in ['secret', 'RANDOM_KEY']"

modules/exampleauth/routing/routes/routes.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,15 +5,18 @@ exampleauth-authpage:
55
defaults: {
66
_controller: 'SimpleSAML\Module\exampleauth\Controller\ExampleAuth::authpage'
77
}
8+
methods: [POST]
89

910
exampleauth-redirecttest:
1011
path: /redirecttest
1112
defaults: {
1213
_controller: 'SimpleSAML\Module\exampleauth\Controller\ExampleAuth::redirecttest'
1314
}
15+
methods: [GET]
1416

1517
exampleauth-resume:
1618
path: /resume
1719
defaults: {
1820
_controller: 'SimpleSAML\Module\exampleauth\Controller\ExampleAuth::resume'
1921
}
22+
methods: [GET]

modules/multiauth/routing/routes/routes.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,3 +5,4 @@ multiauth-discovery:
55
defaults: {
66
_controller: 'SimpleSAML\Module\multiauth\Controller\DiscoController::discovery'
77
}
8+
methods: [GET]

modules/saml/routing/routes/routes.yml

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,82 +5,96 @@ saml-proxy-invalidSession:
55
defaults: {
66
_controller: 'SimpleSAML\Module\saml\Controller\Proxy::invalidSession'
77
}
8+
methods: [GET, POST]
89

910
saml-disco:
1011
path: /disco
1112
defaults: {
1213
_controller: 'SimpleSAML\Module\saml\Controller\Disco::disco'
1314
}
15+
methods: [GET, POST]
1416

1517
saml-sp-discoResponse:
1618
path: /sp/discoResponse
1719
defaults: {
1820
_controller: 'SimpleSAML\Module\saml\Controller\ServiceProvider::discoResponse'
1921
}
22+
methods: [GET]
2023

2124
saml-sp-login:
2225
path: /sp/login/{sourceId}
2326
defaults: {
2427
_controller: 'SimpleSAML\Module\saml\Controller\ServiceProvider::login'
2528
}
29+
methods: [GET]
2630

2731
saml-sp-wrongAuthnContextClassRef:
2832
path: /sp/wrongAuthnContextClassRef
2933
defaults: {
3034
_controller: 'SimpleSAML\Module\saml\Controller\ServiceProvider::wrongAuthnContextClassRef'
3135
}
36+
methods: [GET]
3237

3338
saml-sp-assertionConsumerService:
3439
path: /sp/saml2-acs.php/{sourceId}
3540
defaults: {
3641
_controller: 'SimpleSAML\Module\saml\Controller\ServiceProvider::assertionConsumerService'
3742
}
43+
methods: [GET, POST]
3844

3945
saml-sp-singleLogoutService:
4046
path: /sp/saml2-logout.php/{sourceId}
4147
defaults: {
4248
_controller: 'SimpleSAML\Module\saml\Controller\ServiceProvider::singleLogoutService'
4349
}
50+
methods: [GET, POST]
4451

4552
saml-sp-metadata:
4653
path: /sp/metadata/{sourceId}
4754
defaults: {
4855
_controller: 'SimpleSAML\Module\saml\Controller\ServiceProvider::metadata'
4956
}
57+
methods: [GET]
5058

5159
saml-legacy-sp-metadata:
5260
path: /sp/metadata.php/{sourceId}
5361
defaults: {
5462
_controller: 'SimpleSAML\Module\saml\Controller\ServiceProvider::metadata',
5563
path: /saml/sp/metadata, permanent: true
5664
}
65+
methods: [GET]
5766

5867
websso-single-sign-on:
5968
path: /idp/singleSignOnService
6069
defaults: {
6170
_controller: 'SimpleSAML\Module\saml\Controller\WebBrowserSingleSignOn::singleSignOnService'
6271
}
72+
methods: [GET, POST]
6373

6474
websso-artifact-resolution:
6575
path: /idp/artifactResolutionService
6676
defaults: {
6777
_controller: 'SimpleSAML\Module\saml\Controller\WebBrowserSingleSignOn::artifactResolutionService'
6878
}
79+
methods: [GET, POST]
6980

7081
websso-metadata:
7182
path: /idp/metadata
7283
defaults: {
7384
_controller: 'SimpleSAML\Module\saml\Controller\Metadata::metadata'
7485
}
86+
methods: [GET]
7587

7688
websso-single-logout:
7789
path: /idp/singleLogout
7890
defaults: {
7991
_controller: 'SimpleSAML\Module\saml\Controller\SingleLogout::singleLogout'
8092
}
93+
methods: [GET, POST]
8194

8295
websso-init-single-logout:
8396
path: /idp/initSingleLogout
8497
defaults: {
8598
_controller: 'SimpleSAML\Module\saml\Controller\SingleLogout::initSingleLogout'
8699
}
100+
methods: [GET]

routing/routes/routes.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,3 +25,4 @@ admin-shortcut:
2525
path: /admin,
2626
permanent: true
2727
}
28+
methods: [GET]

0 commit comments

Comments
 (0)