Handle 401, 403, and 404 errors in frontend #2249
Conversation
askvortsov1
force-pushed
the
as/frontend_error_handler
branch
from
c041882 to
68175ad
Compare
There was a problem hiding this comment.
I already expressed my doubts about this approach on the issue, but I'd like to add a few general concerns:
- Again, first and foremost, I can only recommend to avoid complexity like this on error pages - from painful experience.
- This would render the forum frontend for any 404, even on API and admin, if I am not mistaken.
- "Model not found" errors must result in 404 status codes, too, to prevent e.g. search engines indexing error pages, and be good internet citizens - if I understand correctly, you would check this in the frontend now, at which point you could not set the status code anymore.
src/Http/Middleware/HandleErrors.php
Outdated
| if (! $handled) { | ||
| throw $e; | ||
| } | ||
| } |
There was a problem hiding this comment.
This seems to re-implement logic similar to what the registry already does, and the meaning of the additional parameter doesn't seem very intuitive.
|
#1847 is a MUCH better way to get the actor, without needing to create a second error handler. Thanks Franz! |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. We do this to keep the amount of open issues to a manageable minimum. |
askvortsov1
force-pushed
the
as/frontend_error_handler
branch
2 times, most recently
from
9f25f1e to
df99992
Compare
No API errors will be handled like this, since it's not on the API middleware stack. And neither will admin 404s, as ALL requests to admin routes are sent to the admin frontend, defaulting to the dashboard page if the route isn't found.
I don't think so? At least from my testing, it returns the page with a 404 response code.
We wouldn't be doing it on proper "error" pages, only on 4xxs, where nothing has gone wrong, it's just that the client's input is in some way invalid. |
askvortsov1
force-pushed
the
as/frontend_error_handler
branch
from
b9f8ef5 to
2a79917
Compare
|
Other TODO:
|
…eware can be used on only some exceptions if wanted
Improve ErrorPage
[ci skip] [skip ci]
[ci skip] [skip ci]
askvortsov1
force-pushed
the
as/frontend_error_handler
branch
from
2b0c4ae to
7cf0df8
Compare
askvortsov1
force-pushed
the
as/frontend_error_handler
branch
from
c2e786b to
2c8cc0c
Compare
askvortsov1
force-pushed
the
as/frontend_error_handler
branch
from
c5d7146 to
d7a5bf7
Compare
[ci skip] [skip ci]
| @@ -57,6 +63,15 @@ public function register() | |||
| ]; | |||
| }); | |||
|
|
|||
| $this->container->singleton('flarum.error.contents', function () { | |||
| return [ | |||
| NotAuthenticatedException::class => NotAuthenticated::class, | |||
There was a problem hiding this comment.
Should these be codes or status strings? That might be cleaner for exceptions added by extensions.
| use Psr\Http\Server\MiddlewareInterface; | ||
| use Psr\Http\Server\RequestHandlerInterface; | ||
|
|
||
| class ExecuteErrorToFrontend implements MiddlewareInterface |
There was a problem hiding this comment.
Is this too verbose?
| use Psr\Http\Server\MiddlewareInterface; | ||
| use Psr\Http\Server\RequestHandlerInterface; | ||
|
|
||
| class ExecuteErrorToFrontend implements MiddlewareInterface |
There was a problem hiding this comment.
Is this too verbose? ExecuteError?
There was a problem hiding this comment.
Verbosity === self-documentation in my eyes! :)
| @@ -65,6 +67,11 @@ public function shouldBeReported(): bool | |||
| return $this->type === 'unknown'; | |||
| } | |||
|
|
|||
| public function contentClass() | |||
| { | |||
| return $this->frontendContentClass; | |||
There was a problem hiding this comment.
Not sure I like the naming, especially of the prop
|
|
||
| foreach ($middleware as $middlewareClass) { | ||
| if (!in_array($middlewareClass, [ | ||
| 'flarum.forum.error_handler', |
There was a problem hiding this comment.
Anything else we want to exclude?
|
|
||
| foreach ($middleware as $middlewareClass) { | ||
| if (!in_array($middlewareClass, [ | ||
| 'flarum.forum.error_handler', |
There was a problem hiding this comment.
We can't include the error handler to avoid a circular resolution dependency
| <div className="ErrorPage"> | ||
| <div className="container"> | ||
| <h2>{this.title}</h2> | ||
| <p>{app.translator.trans(`core.forum.error.${this.attrs.errorCode}_text`)}</p> |
There was a problem hiding this comment.
@frontend folks, any ideas for making this look... not horrible?
There was a problem hiding this comment.
My first idea would be bigger text. 13px is fine for forum posts and dense pages, but an error page needs to be padded out in some form, I think.
We don't want to do too much theming as that should be up to forum maintainers, though.
There was a problem hiding this comment.
If I go to a 404 page, click return to forum, then the back button in my browser, I end up with a broken error page:
We might be able to fix this by using history.replaceState() to store the info about the error as part of the browsing history state.
https://developer.mozilla.org/en-US/docs/Web/API/History/replaceState#examples
Fixes flarum/issue-archive#206
Changes proposed in this pull request:
Handle 401, 403, and 404 errors in frontend (see commits for specific granular changes)
Reviewers should focus on:
Confirmed
composer test).