Content type is html instead of text/plain about finalhandler HOT 6 CLOSED

Hi! I cannot change it because of backward-compatibility (just think of all the people expecting the response of Cannot GET / from Express, using it with nagios rules, etc. It's already fixed to send actual HTML for the 1.0 release, though: aa080c2 which will be part of Express 5.0.

from finalhandler.

P.S. the body Cannot GET / is actually 100% valid HTML5 (http://www.w3.org/TR/html5/syntax.html#parsing) :) though I don't like it anyway and it doesn't take advantage of things like the <title> tag.

from finalhandler.

Thanks for the quick reply!

I was not suggesting changing the content but changing the content-type from html to text.
I agree it could be valid HTML, but it makes more sense that it is plain text.
Not even sure it's technically valid: http://stackoverflow.com/questions/9797046/whats-a-valid-html5-document

So if we are not changing the content-type for the <1.0 release do you have a nice workaround or should i just catch the 404 and 500 in express and return my own error instead of using this middleware? I don't want to change anything but the content-type. So i'd rather not reïmplement this middleware ;-)

from finalhandler.

Not even sure it's technically valid

I provided you the HTML5 parser spec to read, which I have many times :) It's definitely valid HTML.

So if we are not changing the content-type for the <1.0 release do you have a nice workaround or should i just catch the 404 and 500 in express and return my own error instead of using this middleware?

So it's correct that we won't be chaining it, only because we actually did change it a long time ago, but it then causes XSS in older IE browsers on your site! Please realize we are HTML-escaping the URLs that are printed, so if you request the URL /some<text>/ it's going to be in the response body as Cannot GET /some<text>/ so if you set it to text/plain, the browser is not going to un-escape that. This means that you can't exactly just alter the type. If you still want to, let me know and I can come up with a way to alter the type in your express 4 app.

from finalhandler.

That last parts convinced me ;-) The body can actually contain html entities. So you want text/html. Makes sense. Thanks! I'll now have enough arguments to convince my team that we should keep it as is and we will upgrade to Express 5.0 in the future.

from finalhandler.

Cool, no problem :) Feel free to bring up any other concerns! I actually forgot myself that it had HTML entities in the response until I re-looked at the code, otherwise I would have noted that upfront :O But yea, Express 5.0 (using 1.0 of this module) will respond with a HTML document that contains a little more than the minimally-required HTML tags :)

from finalhandler.