Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't use NotFoundException view for resources #11334

Closed
wants to merge 4 commits into from

Conversation

denis-anisimov
Copy link
Contributor

@denis-anisimov denis-anisimov commented Jun 25, 2021

Description

Please list all relevant dependencies in this section and provide summary of the change, motivation and context.

Fixes # (issue)

Type of change

  • Bugfix
  • Feature

Checklist

  • I have read the contribution guide: https://vaadin.com/docs/latest/guide/contributing/overview/
  • I have added a description following the guideline.
  • The issue is created in the corresponding repository and I have referenced it.
  • I have added tests to ensure my change is effective and works as intended.
  • New and existing tests are passing locally with my change.
  • I have performed self-review and corrected misspellings.

Additional for Feature type of change

  • Enhancement / new feature was discussed in a corresponding GitHub issue and Acceptance Criteria were created.

@denis-anisimov denis-anisimov changed the base branch from master to 2.7 June 25, 2021 12:45
@denis-anisimov denis-anisimov changed the title 10965 avoid not found trigger 2.7 Don't use NotFoundException view for resources Jun 25, 2021
@pleku pleku self-requested a review June 28, 2021 07:20
@vaadin-bot
Copy link
Collaborator

SonarQube analysis reported 2 issues

  1. CRITICAL BootstrapHandler.java#L132: Define a constant instead of duplicating this literal "//<![CDATA[\n" 3 times. rule
  2. CRITICAL BootstrapHandler.java#L133: Define a constant instead of duplicating this literal "//]]>" 3 times. rule

Copy link
Contributor

@pleku pleku left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Like discussed in the ticket, not sure if this should be taken in or not, so blocking for now.

Personally I can't say which is better, to allow certain accept headers or to block certain accept headers. To be continued in the ticket.

@pleku pleku removed the target/6.0 label Jun 30, 2021
|| typesWithWeight.contains(TEXT_HTML_TYPE_WEIGHT)
|| typesWithWeight.contains(
ContentType.APPLICATION_XHTML_XML.getMimeType())
|| typesWithWeight.contains(XHTML_TYPE_WEIGHT);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the suggestion from @Legioth makes sense, what do you think @denis-anisimov ?

Anything with text/html in the group with highest priority should certainly cause a UI to be created.
If we want to slightly reduce the risk of regressions, then we could consider to also create a UI for requests with text/html at a lower priority, or with only / as the only value.
We should definitely not create an UI if the browser doesn't at all ask for text/html or if it has / only to supplement some more specific request.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think I understand what you mean.

Anything with text/html in the group with highest priority should certainly cause a UI to be created.

Implemented here in this PR.

If we want to slightly reduce the risk of regressions, then we could consider to also create a UI for requests with text/html at a lower priority, or with only / as the only value.
We should definitely not create an UI if the browser doesn't at all ask for text/html or if it has / only to supplement some more specific request.

It is possible to configure Accept header manually in the browser so technically it may contain anything (and unexpected things) but any meaningful request contains Accept header which accepts everything with lower weight.
E.g. image request Accept header is image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8.
*/* matches text/html.

So it doesn't add anything to clarify the PR/direction to improve it.

If you see some exact steps which may be done here please just describe them in the details.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the browser specifically asks for text/html at any priority, then that's a clear indication that the browser might intend to use the response body as HTML.

Browsers usually include */* at a low priority as a fallback (e.g. text/css,*/*;q=0.1), so it would defeat the purpose if we would interpret that to match text/html even though it does match from a strictly technical sense.

As an exception to the exception, asking for only */* could still be defined to return a Flow bootstrap page since that's a very generic request for which we cannot make any assumptions for what the browser might do.

It is possible to configure Accept header manually in the browser so technically it may contain anything

If the user has configured the browser to send an arbitrary Accept header value, then it's quite acceptable that the error handling might not work in the best possible way. The only result is that the user will see a generic 404 response instead of seeing a Flow view that says that nothing was found for the given URL. If the value doesn't match any of the patterns that we look for, then we can treat it the same way as if no Accept header was present.

@CLAassistant
Copy link

CLAassistant commented Aug 16, 2021

CLA assistant check
All committers have signed the CLA.

@pleku
Copy link
Contributor

pleku commented Nov 1, 2021

Closing this PR for now as it is not deemed important enough to make it better.

Please comment on the issue #10965 if this is important for someone.

@pleku pleku closed this Nov 1, 2021
@pleku pleku deleted the 10965-avoid-not-found-trigger-2.7 branch November 1, 2021 12:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants