Change from a redirection to a custom error message

2024-08-20 21:08:15 -07:00 · 2021-12-18 21:51:32 +01:00 · 2021-12-18 21:51:32 +01:00 · ec5daeab9e
commit ec5daeab9e
parent 3c7a3bffde
3 changed files with 57 additions and 10 deletions
--- a/app/views/errors/blocked_host.html.haml
+++ b/app/views/errors/blocked_host.html.haml
@ -0,0 +1,20 @@
+- content_for :page_title do
+  Blocked host:
+  = host
+
+- content_for :content do
+  :plain
+    <h1>Blocked host: <code>#{host}</code></h1>
+
+    <p>
+      It appears you have tried accessing your Mastodon server using a different name (<code>#{host}</code>) than defined in the <code>LOCAL_DOMAIN</code>
+      and <code>WEB_DOMAIN</code> environment variables.
+    </p>
+
+    <p>
+      If that's not the case, check your reverse-proxy configuration to ensure it properly sets the <code>Host</code> header.
+    </p>
+
+    <p>
+      If you want to allow requests to <code>#{host}</code> without making it the primary domain name for your Mastodon instance, add it to the <code>ALTERNATE_DOMAINS</code> environment variable.
+    </p>
--- a/app/views/layouts/anonymous_error.html.haml
+++ b/app/views/layouts/anonymous_error.html.haml
@ -0,0 +1,34 @@
+!!!
+%html{ lang: I18n.locale }
+  %head
+    %meta{ content: 'text/html; charset=UTF-8', 'http-equiv' => 'Content-Type' }/
+    %meta{ charset: 'utf-8' }/
+    %title= yield(:page_title)
+    %meta{ content: 'width=device-width,initial-scale=1', name: 'viewport' }/
+
+    :css
+      body.error {
+        position: absolute;
+        color: #9baec8;
+        background: #282c37;
+        width: 100%;
+        height: 100%;
+        padding: 0;
+        display: flex;
+        justify-content: center;
+        align-items: center;
+        margin: 0;
+        font-family: sans-serif;
+        font-size: 14px;
+      }
+
+      body.error .dialog h1 {
+        text-align: center;
+        font-size: 20px;
+        line-height: 28px;
+        font-weight: 400;
+      }
+
+  %body.error
+    .dialog
+      .dialog__message= yield :content
--- a/config/initializers/1_hosts.rb
+++ b/config/initializers/1_hosts.rb
@ -31,22 +31,15 @@ Rails.application.configure do
    response_app = ->(env) do
      request = ActionDispatch::Request.new(env)

-      body = "Blocked host: #{request.host}. To allow requests to #{request.host}, add it to config.hosts.\n"
+      body = ApplicationController.renderer.render 'errors/blocked_host', layout: 'anonymous_error', locals: { host: request.host }, formats: [:html]

      status  = 403
      headers = {
-        'Content-Type' => "text/plain; charset=#{ActionDispatch::Response.default_charset}",
+        'Content-Type' => "text/html; charset=#{ActionDispatch::Response.default_charset}",
        'Content-Length' => body.bytesize.to_s,
      }

-      if request.request_method == 'GET'
-        status = 307
-        headers['Location'] = "#{request.scheme}://#{web_host}#{request.fullpath}"
-      end
-
-      Rails.logger.warn("[HostAuthorization] Invalid host: #{request.host}.")
-
-      [status, headers, [body]]
+      [403, headers, [body]]
    end

    config.hosts << host if host.present?