Skip to content

Gracefully handle unknown formats #1671

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
zachmargolis merged 1 commit into from
Sep 14, 2017
Merged

Gracefully handle unknown formats #1671

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions app/controllers/application_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ class ApplicationController < ActionController::Base
protect_from_forgery with: :exception

rescue_from ActionController::InvalidAuthenticityToken, with: :invalid_auth_token
rescue_from ActionController::UnknownFormat, with: :render_not_found

helper_method :decorated_session, :reauthn?, :user_fully_authenticated?

Expand Down Expand Up @@ -151,4 +152,8 @@ def set_locale
def sp_session
session.fetch(:sp, {})
end

def render_not_found
render template: 'pages/page_not_found', layout: false, status: 404, formats: :html
Copy link
Contributor

@jmhooper jmhooper Sep 14, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Part of me wonders if we should render a 400 here instead? Maybe not b/c we don't have a template and all that setup for a 400?

Copy link
Contributor Author

@zachmargolis zachmargolis Sep 14, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have no strong opinions, we could even render the "not found" page with a 400 status code if you think that would be better?

Copy link
Contributor

@jmhooper jmhooper Sep 14, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe? Now that I'm looking at the bug this fixes, I'm thinking a 404 makes a bit more sense.

Copy link
Contributor Author

@zachmargolis zachmargolis Sep 14, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok we'll stick with 404 for now. Thanks!

end
end
12 changes: 12 additions & 0 deletions spec/requests/headers_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,4 +12,16 @@

expect(response.code.to_i).to eq(200)
end

it 'does not blow up with bad formats in the headers' do
get root_path, headers: { 'Accept' => 'acunetix/wvs' }

expect(response.code.to_i).to eq(404)
end

it 'does not blow up with bad formats in the path' do
get '/fr/users/password/new.zip'

expect(response.code.to_i).to eq(404)
end
end