From 15890b9e878fab4076fe6e11f98c2ab092bebb82 Mon Sep 17 00:00:00 2001
From: Arksine <arksine.code@gmail.com>
Date: Sun, 7 Mar 2021 06:47:28 -0500
Subject: [PATCH] app:  add a custom default request handler

This handler provides consistent error reporting in the event that the client attempts to access an unknown endpoint.  If the request is unauthorized, an 401 will be returned.  Otherwise a 404 will be returned, however if CORS is available the CORS headers will be set.

Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
---
 moonraker/app.py | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/moonraker/app.py b/moonraker/app.py
index d36d91c..3f8ef04 100644
--- a/moonraker/app.py
+++ b/moonraker/app.py
@@ -97,7 +97,9 @@ class MoonrakerApp:
             'serve_traceback': debug,
             'websocket_ping_interval': 10,
             'websocket_ping_timeout': 30,
-            'parent': self
+            'parent': self,
+            'default_handler_class': AuthorizedErrorHandler,
+            'default_handler_args': {}
         }
         if not debug:
             app_args['log_function'] = lambda hdlr: None
@@ -416,3 +418,12 @@ class FileUploadHandler(AuthorizedRequestHandler):
             raise tornado.web.HTTPError(
                 e.status_code, str(e))
         self.finish(result)
+
+# Default Handler for unregistered endpoints
+class AuthorizedErrorHandler(AuthorizedRequestHandler):
+    def prepare(self):
+        super(AuthorizedRequestHandler, self).prepare()
+        raise tornado.web.HTTPError(404)
+
+    def check_xsrf_cookie(self):
+        pass