app: add a custom default request handler

This handler provides consistent error reporting in the event that the client attempts to access an unknown endpoint. If the request is unauthorized, an 401 will be returned. Otherwise a 404 will be returned, however if CORS is available the CORS headers will be set. Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2021-03-07 06:47:28 -05:00 · 2021-03-07 06:47:28 -05:00 · 15890b9e87
parent 9563bcff11
commit 15890b9e87
1 changed files with 12 additions and 1 deletions
--- a/moonraker/app.py
+++ b/moonraker/app.py
@ -97,7 +97,9 @@ class MoonrakerApp:
            'serve_traceback': debug,
            'websocket_ping_interval': 10,
            'websocket_ping_timeout': 30,
-            'parent': self
+            'parent': self,
+            'default_handler_class': AuthorizedErrorHandler,
+            'default_handler_args': {}
        }
        if not debug:
            app_args['log_function'] = lambda hdlr: None
@ -416,3 +418,12 @@ class FileUploadHandler(AuthorizedRequestHandler):
            raise tornado.web.HTTPError(
                e.status_code, str(e))
        self.finish(result)
+
+# Default Handler for unregistered endpoints
+class AuthorizedErrorHandler(AuthorizedRequestHandler):
+    def prepare(self):
+        super(AuthorizedRequestHandler, self).prepare()
+        raise tornado.web.HTTPError(404)
+
+    def check_xsrf_cookie(self):
+        pass