This repository has been archived by the owner on Apr 3, 2019. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(client): Stop passing 400 page error messages via query parameters.
Use a session cookie to pass the message instead. fixes #3649
- Loading branch information
Shane Tomlinson
committed
May 9, 2016
1 parent
585520d
commit b9d4e5b
Showing
6 changed files
with
199 additions
and
42 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
/* This Source Code Form is subject to the terms of the Mozilla Public | ||
* License, v. 2.0. If a copy of the MPL was not distributed with this | ||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | ||
|
||
module.exports = function (config) { | ||
var STATIC_RESOURCE_URL = config.get('static_resource_url'); | ||
|
||
return { | ||
method: 'get', | ||
path: '/400.html', | ||
process: function (req, res) { | ||
res.removeHeader('x-frame-options'); | ||
|
||
// The front end will set a __400_message session cookie. If | ||
// no cookie exists, default to `Unexpected error`. | ||
// Clear the cookie afterwards so the error message does | ||
// not re-appear in error. | ||
var message = req.cookies['__400_message'] || | ||
req.gettext('Unexpected error'); | ||
|
||
res.clearCookie('__400_message', { path: '/400.html' }); | ||
|
||
return res.render('400', { | ||
message: message, | ||
staticResourceUrl: STATIC_RESOURCE_URL | ||
}); | ||
} | ||
}; | ||
}; | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,118 @@ | ||
/* This Source Code Form is subject to the terms of the Mozilla Public | ||
* License, v. 2.0. If a copy of the MPL was not distributed with this | ||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | ||
|
||
define([ | ||
'intern!object', | ||
'intern/chai!assert', | ||
'intern/dojo/node!bluebird', | ||
'intern/dojo/node!path', | ||
'intern/dojo/node!sinon', | ||
'intern/dojo/node!../../../server/lib/routes/get-400', | ||
], function (registerSuite, assert, Promise, path, sinon, route) { | ||
var config, instance, request, response; | ||
|
||
registerSuite({ | ||
name: 'routes/get-400', | ||
|
||
'route interface is correct': function () { | ||
assert.isFunction(route); | ||
assert.lengthOf(route, 1); | ||
}, | ||
|
||
'initialise route': { | ||
setup: function () { | ||
config = { | ||
get: sinon.spy(function () { | ||
return 'foo'; | ||
}) | ||
}; | ||
instance = route(config); | ||
}, | ||
|
||
'instance interface is correct': function () { | ||
assert.isObject(instance); | ||
assert.lengthOf(Object.keys(instance), 3); | ||
assert.equal(instance.method, 'get'); | ||
assert.equal(instance.path, '/400.html'); | ||
assert.isFunction(instance.process); | ||
assert.lengthOf(instance.process, 2); | ||
}, | ||
|
||
'route.process with __400_message cookie set': { | ||
setup: function () { | ||
request = { | ||
cookies: { | ||
'__400_message': 'Invalid parameter: email' | ||
}, | ||
gettext: function (msg) { | ||
return msg; | ||
} | ||
}; | ||
response = { | ||
clearCookie: sinon.spy(), | ||
removeHeader: sinon.spy(), | ||
render: sinon.spy() | ||
}; | ||
instance.process(request, response); | ||
}, | ||
|
||
'x-frame-options headers are removed': function () { | ||
assert.isTrue(response.removeHeader.calledOnce); | ||
assert.isTrue(response.removeHeader.calledWith('x-frame-options')); | ||
}, | ||
|
||
'the __400_message cookie is cleared': function () { | ||
assert.isTrue(response.clearCookie.calledOnce); | ||
assert.isTrue(response.clearCookie.calledWith('__400_message', { path: '/400.html' })); | ||
}, | ||
|
||
'response.render was called correctly': function () { | ||
assert.equal(response.render.callCount, 1); | ||
|
||
var args = response.render.args[0]; | ||
assert.lengthOf(args, 2); | ||
|
||
assert.equal(args[0], '400'); | ||
|
||
assert.isObject(args[1]); | ||
assert.lengthOf(Object.keys(args[1]), 2); | ||
assert.equal(args[1].message, 'Invalid parameter: email'); | ||
assert.equal(args[1].staticResourceUrl, 'foo'); | ||
} | ||
}, | ||
|
||
'route.process without __400_message cookie set': { | ||
setup: function () { | ||
request = { | ||
cookies: { | ||
}, | ||
gettext: function (msg) { | ||
return msg; | ||
} | ||
}; | ||
response = { | ||
clearCookie: sinon.spy(), | ||
removeHeader: sinon.spy(), | ||
render: sinon.spy() | ||
}; | ||
instance.process(request, response); | ||
}, | ||
|
||
'response.render was called correctly': function () { | ||
assert.equal(response.render.callCount, 1); | ||
|
||
var args = response.render.args[0]; | ||
assert.lengthOf(args, 2); | ||
|
||
assert.equal(args[0], '400'); | ||
|
||
assert.isObject(args[1]); | ||
assert.lengthOf(Object.keys(args[1]), 2); | ||
assert.equal(args[1].message, 'Unexpected error'); | ||
assert.equal(args[1].staticResourceUrl, 'foo'); | ||
} | ||
} | ||
} | ||
}); | ||
}); |