On Nov 10, 2015, at 6:31 PM, Hermann Calabria <[email protected]> wrote:
>
>> We use redirect() for similar purposes here on D1, and it works. Maybe that
>> will suffice for you.
>
> Tried it, still got the same error. We're also using D1.
Well, our web app’s “before” hook has a “redirect ‘/login’” line in it that
gets executed frequently. I assure you, it does work.
Maybe you should post the HTML of that “cryptic internal server error” page
here. That page’s contents are intended to be meaningful to the Dancer app’s
developer, but if you can’t make any sense of it, maybe someone will be willing
to analyze it for you.
> However, I think I cracked it. This appears to work:
>
> if (!$client) {
> request->path_info('/error/notfound');
> return;
> }
That appears to be an undocumented feature, which may not work in D2. I do see
that there are a few places in the D1 tutorial material that use this mechanism
without really explaining it. The D1 Request class reference doesn’t document
it, and the corresponding D2 page describes it only as a copy of an environment
variable, not as a property that, when set, causes some definite action.
Also, the D2 tutorial material doesn’t seem to include these uses of path_info.
> "https://payroll.com/apple";, etc. We don't really want anyone knowing who
> the clients are, etc.
That sounds like security through obscurity. An attacker just has to guess a
bunch of plausible URLs, then start down the list of less plausible ones until
he finds one that works. It’s no different from password guessing, a
technology that’s been developed to a fine art.
Meanwhile, when your clients fat-finger their URL, they get an ugly 404 error,
instead of being sent back to a page that could actually help them.
_______________________________________________
dancer-users mailing list
[email protected]
http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
