-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Content type is html instead of text/plain #2
Comments
Hi! I cannot change it because of backward-compatibility (just think of all the people expecting the response of |
P.S. the body |
Thanks for the quick reply! I was not suggesting changing the content but changing the content-type from html to text. So if we are not changing the content-type for the <1.0 release do you have a nice workaround or should i just catch the 404 and 500 in express and return my own error instead of using this middleware? I don't want to change anything but the content-type. So i'd rather not reïmplement this middleware ;-) |
I provided you the HTML5 parser spec to read, which I have many times :) It's definitely valid HTML.
So it's correct that we won't be chaining it, only because we actually did change it a long time ago, but it then causes XSS in older IE browsers on your site! Please realize we are HTML-escaping the URLs that are printed, so if you request the URL |
That last parts convinced me ;-) The body can actually contain html entities. So you want text/html. Makes sense. Thanks! I'll now have enough arguments to convince my team that we should keep it as is and we will upgrade to Express 5.0 in the future. |
Cool, no problem :) Feel free to bring up any other concerns! I actually forgot myself that it had HTML entities in the response until I re-looked at the code, otherwise I would have noted that upfront :O But yea, Express 5.0 (using 1.0 of this module) will respond with a HTML document that contains a little more than the minimally-required HTML tags :) |
Hello,
Took me a while to track this down from express to here ;-)
When my express app has an unhandled route or a server error this middleware will respond to the request with a 404 or 500 and a very simple message. (Cannot GET /foo)
However; the content type is explicitly set to text/html but the actual content is not HTML but plain text. (text/plain).
I did not want to submit a pull request right away but wanted to check first with you if there is a reason behind this. And in the case that this middelware will not change; is it possible to overrule this or should I define my own "catch all" route to do this?
Thanks! :)
The text was updated successfully, but these errors were encountered: