Closed EdwarDDay closed 2 years ago
ben-xo
commented
2 years ago Can you give me an example?
dir2cast is only responsible for its own URL (the feed itself), so if a media item is not found, i.e. someone has gone to a URL of an mp3 or whatever, then the error returned when it is not found is configured by your web server (e.g. nginx or apache), not by dir2cast itself.
ben-xo
commented
2 years ago If you would like help diagnosing this in private, drop me a line (e.g. on twitter @benxo or some other way)
EdwarDDay
commented
2 years ago I mean, when the podcast directory can't be found. So if I enter https://example.com/dir2cast.php?dir=unknown I get an error page with the absolute directory of the searched path. For this a 404 error would be enough.
ben-xo
commented
2 years ago I see what you mean! yes I will see what I can do. Thanks for suggesting this.
ben-xo
commented
2 years ago @EdwarDDay would you be so kind as to test the version here for me? https://github.com/ben-xo/dir2cast/tree/feature/better-handling-of-untrusted-triggered-errors - it implements this feature. Hopefully this works for you?
ben-xo
commented
2 years ago @EdwarDDay did you get a chance to look? Would love your feedback
ben-xo
commented
2 years ago I've merged the change into v1.37.
EdwarDDay
commented
1 year ago Thanks for your work and sorry for the late response. I checked v1.37 and it's way better then before, so thanks for that.
So currently, when I don't pass a dir parameter, I get a 404 status code with the generated html page (because I have no podcast data in the root directory). When I pass a dir parameter, I get a 200 status code but it returns just Not found: <requested directory>.
It would be nice, if the second case would also return a 404 status code (or do I have to configure there something differently?).
ben-xo
commented
1 year ago thanks for the feedback. I feel it's unusual to use both with and without ?dir= from the same installation (although it's not forbidden), and it's also unusual to pass a ?dir= that you know doesn't exist (as you own the feed, so you know, and can link to, dirs which do exist).
Handling of dirs which don't exist has been treated as a security concern (trying not to reveal too much information about what's there).
However, It's worth noting that there's a difference between a dir which doesn't exist (or is not readable by dir2cast), and a dir which exists, but is empty. I would argue that an empty feed with 0 items, but read from a folder that is otherwise fully ready to be served from, should be a 200 with no items, not a 404.
I though that was what I had implemented, but I'll double check!
Is there the possibility to just return a 404 error, when the directory (or media item) can't be found? I think it would be nice to not return the directory path to the user and instead return a proper HTTP error code.