diff options
author | Chris <ccbrown112@gmail.com> | 2018-02-02 07:29:11 -0600 |
---|---|---|
committer | Joram Wilander <jwawilander@gmail.com> | 2018-02-02 08:29:11 -0500 |
commit | 2256e23c9ef7295b0001b1723be491254bfe73fe (patch) | |
tree | 30d7742048383907f6837c7cf876a55af0805467 /utils/api.go | |
parent | 0cd2895456f953ef871e10421361578b6c8d4add (diff) | |
download | chat-2256e23c9ef7295b0001b1723be491254bfe73fe.tar.gz chat-2256e23c9ef7295b0001b1723be491254bfe73fe.tar.bz2 chat-2256e23c9ef7295b0001b1723be491254bfe73fe.zip |
ABC-153: don't use http redirects with 4xx/5xx status codes (#8178)
* don't use http redirects with 4xx/5xx status codes
* minor html syntax fix
Diffstat (limited to 'utils/api.go')
-rw-r--r-- | utils/api.go | 23 |
1 files changed, 14 insertions, 9 deletions
diff --git a/utils/api.go b/utils/api.go index 48382d1fe..005c3284b 100644 --- a/utils/api.go +++ b/utils/api.go @@ -4,6 +4,8 @@ package utils import ( + "fmt" + "html/template" "net/http" "net/url" "strings" @@ -31,18 +33,21 @@ func OriginChecker(allowedOrigins string) func(*http.Request) bool { } func RenderWebError(err *model.AppError, w http.ResponseWriter, r *http.Request) { - message := err.Message - details := err.DetailedError - status := http.StatusTemporaryRedirect if err.StatusCode != http.StatusInternalServerError { status = err.StatusCode } - http.Redirect( - w, - r, - "/error?message="+url.QueryEscape(message)+ - "&details="+url.QueryEscape(details), - status) + destination := strings.TrimRight(GetSiteURL(), "/") + "/error?message=" + url.QueryEscape(err.Message) + if status >= 300 && status < 400 { + http.Redirect(w, r, destination, status) + return + } + + w.WriteHeader(status) + fmt.Fprintln(w, `<!DOCTYPE html><html><head></head>`) + fmt.Fprintln(w, `<body onload="window.location = '`+template.HTMLEscapeString(template.JSEscapeString(destination))+`'">`) + fmt.Fprintln(w, `<noscript><meta http-equiv="refresh" content="0; url=`+template.HTMLEscapeString(destination)+`"></noscript>`) + fmt.Fprintln(w, `<a href="`+template.HTMLEscapeString(destination)+`" style="color: #c0c0c0;">...</a>`) + fmt.Fprintln(w, `</body></html>`) } |