[dancer-users] Triggering 404 error from a hook

Warren Young wyml at etr-usa.com
Fri Nov 13 15:48:04 GMT 2015


On Nov 10, 2015, at 6:31 PM, Hermann Calabria <hermann at ivouch.com> wrote:
> 
>> We use redirect() for similar purposes here on D1, and it works.  Maybe that will suffice for you.
> 
> Tried it, still got the same error.  We're also using D1.

Well, our web app’s “before” hook has a “redirect ‘/login’” line in it that gets executed frequently.  I assure you, it does work.

Maybe you should post the HTML of that “cryptic internal server error” page here.  That page’s contents are intended to be meaningful to the Dancer app’s developer, but if you can’t make any sense of it, maybe someone will be willing to analyze it for you.

> However, I think I cracked it.  This appears to work:
> 
> if (!$client) {
> request->path_info('/error/notfound');
> return;
> }

That appears to be an undocumented feature, which may not work in D2.  I do see that there are a few places in the D1 tutorial material that use this mechanism without really explaining it.  The D1 Request class reference doesn’t document it, and the corresponding D2 page describes it only as a copy of an environment variable, not as a property that, when set, causes some definite action. 

Also, the D2 tutorial material doesn’t seem to include these uses of path_info.

> "https://payroll.com/apple", etc.  We don't really want anyone knowing who the clients are, etc.

That sounds like security through obscurity.  An attacker just has to guess a bunch of plausible URLs, then start down the list of less plausible ones until he finds one that works.  It’s no different from password guessing, a technology that’s been developed to a fine art.

Meanwhile, when your clients fat-finger their URL, they get an ugly 404 error, instead of being sent back to a page that could actually help them.


More information about the dancer-users mailing list