Ensure invalid request to static page is handled correctly

packages/next/server/base-server.ts

@@ -1145,6 +1145,23 @@ export default abstract class Server {
       res.statusCode = parseInt(pathname.substr(1), 10)
     }
 
+    // static pages can only respond to GET/HEAD
+    // requests so ensure we respond with 405 for
+    // invalid requests
+    if (
+      !is404Page &&
+      !is500Page &&
+      pathname !== '/_error' &&
+      req.method !== 'HEAD' &&
+      req.method !== 'GET' &&
+      (typeof components.Component === 'string' || isSSG)
+    ) {
+      res.statusCode = 405
+      res.setHeader('Allow', ['GET', 'HEAD'])
+      await this.renderError(null, req, res, pathname)
+      return null
+    }
+
     // handle static page
     if (typeof components.Component === 'string') {
       return {

test/e2e/getserversideprops/test/index.test.ts

@@ -290,6 +290,14 @@ const runTests = (dev = false) => {
     expect(await res.text()).toBe('hello from gssp')
   })
 
+  it('should allow POST request for getServerSideProps page', async () => {
+    const res = await fetchViaHTTP(next.url, '/', undefined, {
+      method: 'POST',
+    })
+    expect(res.status).toBe(200)
+    expect(await res.text()).toMatch(/hello.*?world/)
+  })
+
   it('should render correctly when notFound is false (non-dynamic)', async () => {
     const res = await fetchViaHTTP(next.url, '/not-found')
 

test/e2e/prerender.test.ts

@@ -422,6 +422,14 @@ describe('Prerender', () => {
   const runTests = (dev = false) => {
     navigateTest(dev)
 
+    it('should respond with 405 for POST to static page', async () => {
+      const res = await fetchViaHTTP(next.url, '/', undefined, {
+        method: 'POST',
+      })
+      expect(res.status).toBe(405)
+      expect(await res.text()).toContain('Method Not Allowed')
+    })
+
     it('should SSR normal page correctly', async () => {
       const html = await renderViaHTTP(next.url, '/')
       expect(html).toMatch(/hello.*?world/)

test/integration/api-support/pages/user.js

@@ -1,3 +1,9 @@
 export default function Page() {
   return <div>User</div>
 }
+
+export function getServerSideProps() {
+  return {
+    props: {},
+  }
+}

test/integration/production/test/index.test.js

@@ -69,6 +69,14 @@ describe('Production Usage', () => {
     )
   })
 
+  it('should respond with 405 for POST to static page', async () => {
+    const res = await fetchViaHTTP(appPort, '/', undefined, {
+      method: 'POST',
+    })
+    expect(res.status).toBe(405)
+    expect(await res.text()).toContain('Method Not Allowed')
+  })
+
   it('should contain generated page count in output', async () => {
     const pageCount = 40
     expect(output).toContain(`Generating static pages (0/${pageCount})`)
@@ -369,7 +377,7 @@ describe('Production Usage', () => {
     it('should render 200 for POST on page', async () => {
       const res = await fetchViaHTTP(
         `http://localhost:${appPort}`,
-        '/about',
+        '/fully-dynamic',
         undefined,
         {
           method: 'POST',