Web server does not respond with 404 when requesting an invalid URL (i.e. not POST, no token)

Question

Web server does not respond with 404 when requesting an invalid URL (i.e. not POST, no token)

Closed this issue 4 months ago · 4 comments

Describe the bug
I run the adapter in server mode and have Uptime Kuma monitor the adapter's HTTP endpoint by requesting the root URL, e. g. GET http://telegram.example.com

With 3.2.1 the web server will respond HTTP/404 with 404: Resource Not Found in the body.

With 3.3.0 the request will timeout in Uptime Kuma (the timeout is enforced by Uptime Kuma).

If you use curl with 3.3.0, then the request will never timeout. I consider this a security issue since you could bind unlimited resources by issuing requests to the root URL.

To Reproduce
Steps to reproduce the behavior:

Install 3.3.0 or 3.3.1
Configure the adapter to run in server mode
curl the root URL

Expected behavior
404 as before

Versions:

Adapter version: 3.3.0
JS-Controller version: 5.0.19
Node version: 18
Operating system: docker

Answer 1 · 2024-05-26T07:07:31.000Z

@Apollon77
@foxriver76
@GermanBluefox

I guess this could be a sideeffect of the required change to @iobroker/webserver. Please check.

Answer 2 · 2024-05-26T07:44:49.000Z

Should be fixed now on master @mcm1957

Answer 3 · 2024-05-26T07:48:19.000Z

Confirmed. Thank you!

Answer 4 · 2024-05-26T07:57:04.000Z

fixed with 3.3.2

3.3.2 is available at npm and should be available at LATEST repository very soon.