From 0340a17722c9509f74d400a56dd64bac70dc75e8 Mon Sep 17 00:00:00 2001
From: Ben Adida <ben@adida.net>
Date: Mon, 28 Nov 2011 16:48:25 -0800
Subject: [PATCH] added custom 404 handlers for main site and verifier that do
 not echo the URL back in content

---
 bin/browserid | 7 +++++++
 bin/verifier  | 7 +++++++
 2 files changed, 14 insertions(+)

diff --git a/bin/browserid b/bin/browserid
index 1ac097f9b..11a87fdbb 100755
--- a/bin/browserid
+++ b/bin/browserid
@@ -168,6 +168,13 @@ shutdown.installUpdateHandler(app, function(readyForShutdown) {
   db.close(readyForShutdown)
 });
 
+// #11.5 - custom 404
+app.use(function(req, res,next) {
+  res.statusCode = 404;
+  res.write("Cannot find this resource");
+  res.end();
+});
+
 // #12 if the BROWSERID_FAKE_VERIFICATION env var is defined, we'll include
 // fake_verification.js.  This is used during testing only and should
 // never be included in a production deployment
diff --git a/bin/verifier b/bin/verifier
index 8b80606b5..57edb0540 100755
--- a/bin/verifier
+++ b/bin/verifier
@@ -123,6 +123,13 @@ app.post('/verify', function(req, resp, next) {
 // shutdown when /code_update is invoked
 shutdown.installUpdateHandler(app);
 
+// custom 404
+app.use(function(req, res,next) {
+  res.statusCode = 404;
+  res.write("Cannot find this resource");
+  res.end();
+});
+
 // shutdown nicely on signals
 shutdown.handleTerminationSignals(app);
 
-- 
GitLab