Comments (6)
Hi! I cannot change it because of backward-compatibility (just think of all the people expecting the response of Cannot GET /
from Express, using it with nagios rules, etc. It's already fixed to send actual HTML for the 1.0 release, though: aa080c2 which will be part of Express 5.0.
from finalhandler.
P.S. the body Cannot GET /
is actually 100% valid HTML5 (http://www.w3.org/TR/html5/syntax.html#parsing) :) though I don't like it anyway and it doesn't take advantage of things like the <title>
tag.
from finalhandler.
Thanks for the quick reply!
I was not suggesting changing the content but changing the content-type from html to text.
I agree it could be valid HTML, but it makes more sense that it is plain text.
Not even sure it's technically valid: http://stackoverflow.com/questions/9797046/whats-a-valid-html5-document
So if we are not changing the content-type for the <1.0 release do you have a nice workaround or should i just catch the 404 and 500 in express and return my own error instead of using this middleware? I don't want to change anything but the content-type. So i'd rather not reïmplement this middleware ;-)
from finalhandler.
Not even sure it's technically valid
I provided you the HTML5 parser spec to read, which I have many times :) It's definitely valid HTML.
So if we are not changing the content-type for the <1.0 release do you have a nice workaround or should i just catch the 404 and 500 in express and return my own error instead of using this middleware?
So it's correct that we won't be chaining it, only because we actually did change it a long time ago, but it then causes XSS in older IE browsers on your site! Please realize we are HTML-escaping the URLs that are printed, so if you request the URL /some<text>/
it's going to be in the response body as Cannot GET /some<text>/
so if you set it to text/plain
, the browser is not going to un-escape that. This means that you can't exactly just alter the type. If you still want to, let me know and I can come up with a way to alter the type in your express 4 app.
from finalhandler.
That last parts convinced me ;-) The body can actually contain html entities. So you want text/html. Makes sense. Thanks! I'll now have enough arguments to convince my team that we should keep it as is and we will upgrade to Express 5.0 in the future.
from finalhandler.
Cool, no problem :) Feel free to bring up any other concerns! I actually forgot myself that it had HTML entities in the response until I re-looked at the code, otherwise I would have noted that upfront :O But yea, Express 5.0 (using 1.0 of this module) will respond with a HTML document that contains a little more than the minimally-required HTML tags :)
from finalhandler.
Related Issues (16)
- Content-Type is always text/html; charset=utf-8 ? HOT 2
- Cannot read property 'headersSent' of undefined HOT 14
- Respect `expose` on thrown errors HOT 2
- TypeError: Cannot read property 'headersSent' of undefined HOT 1
- Content-Security-Policy should use default-src 'none'. HOT 81
- Also read status from err.statusCode HOT 6
- npm audit security advisory 836 HOT 3
- npm security vulnerability HOT 7
- Any reason for awaiting complete requests before sending responses? HOT 5
- UnsupportedWarning: Status message is not supported by HTTP/2 (RFC7540 8.1.2.4) HOT 1
- req.socket.destroy is not a function HOT 2
- Print causes when outputting error stacks HOT 1
- req.socket might be null HOT 3
- allow uncaught errors to bubble HOT 7
- Remove trailing newline HOT 12
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from finalhandler.