Register the 405 error handler properly. Enforce the appropriate methods for each route (GET or POST only, with OPTIONS disabled). Add tests for invalid methods. Add a friendlier 500 internal server error handler

author: Miguel Jacq <mig@mig5.net> 2021-05-10 11:23:44 +1000
committer: Miguel Jacq <mig@mig5.net> 2021-05-10 11:23:44 +1000
commit: 2618e89eda600184fb6f640d00528d7fc642bf60 (patch)
tree: 12d098596f96b2e021bd353a3f7868f82554c0da /cli/onionshare_cli/web/web.py
parent: e067fc2963fb86afb4e51d816dea13f701cff70d (diff)
download: onionshare-2618e89eda600184fb6f640d00528d7fc642bf60.tar.gz
onionshare-2618e89eda600184fb6f640d00528d7fc642bf60.zip
1 files changed, 27 insertions, 0 deletions
diff --git a/cli/onionshare_cli/web/web.py b/cli/onionshare_cli/web/web.py
index d88a7e4e..f190d94d 100644
--- a/cli/onionshare_cli/web/web.py
+++ b/cli/onionshare_cli/web/web.py
@@ -229,6 +229,20 @@ class Web:
             mode.cur_history_id += 1
             return self.error404(history_id)
 
+        @self.app.errorhandler(405)
+        def method_not_allowed(e):
+            mode = self.get_mode()
+            history_id = mode.cur_history_id
+            mode.cur_history_id += 1
+            return self.error405(history_id)
+
+        @self.app.errorhandler(500)
+        def method_not_allowed(e):
+            mode = self.get_mode()
+            history_id = mode.cur_history_id
+            mode.cur_history_id += 1
+            return self.error500(history_id)
+
         @self.app.route("/<password_candidate>/shutdown")
         def shutdown(password_candidate):
             """
@@ -305,6 +319,19 @@ class Web:
         )
         return self.add_security_headers(r)
 
+    def error500(self, history_id):
+        self.add_request(
+            self.REQUEST_INDIVIDUAL_FILE_STARTED,
+            request.path,
+            {"id": history_id, "status_code": 500},
+        )
+
+        self.add_request(Web.REQUEST_OTHER, request.path)
+        r = make_response(
+            render_template("500.html", static_url_path=self.static_url_path), 405
+        )
+        return self.add_security_headers(r)
+
     def add_security_headers(self, r):
         """
         Add security headers to a request
author	Miguel Jacq <mig@mig5.net>	2021-05-10 11:23:44 +1000
committer	Miguel Jacq <mig@mig5.net>	2021-05-10 11:23:44 +1000
commit	2618e89eda600184fb6f640d00528d7fc642bf60 (patch)
tree	12d098596f96b2e021bd353a3f7868f82554c0da /cli/onionshare_cli/web/web.py
parent	e067fc2963fb86afb4e51d816dea13f701cff70d (diff)
download	onionshare-2618e89eda600184fb6f640d00528d7fc642bf60.tar.gz onionshare-2618e89eda600184fb6f640d00528d7fc642bf60.zip