From a154ea72c0f83eb94872b221e6c48b78df74552f Mon Sep 17 00:00:00 2001 From: Simon Michael Date: Sat, 17 Aug 2019 16:57:55 +0100 Subject: [PATCH] web: with --serve-api, also disable the header/sidebar HTML --- hledger-web/Hledger/Web/Foundation.hs | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/hledger-web/Hledger/Web/Foundation.hs b/hledger-web/Hledger/Web/Foundation.hs index 1fec198a0..5139de7e0 100644 --- a/hledger-web/Hledger/Web/Foundation.hs +++ b/hledger-web/Hledger/Web/Foundation.hs @@ -26,6 +26,7 @@ import Data.Text (Text) import qualified Data.Text as T import Data.Time.Calendar (Day) import Network.HTTP.Conduit (Manager) +import Network.HTTP.Types (status403) import Network.Wai (requestHeaders) import System.FilePath (takeFileName) import Text.Blaze (Markup) @@ -100,7 +101,14 @@ instance Yesod App where let sessionexpirysecs = 120 in Just <$> defaultClientSessionBackend sessionexpirysecs ".hledger-web_client_session_key.aes" + -- defaultLayout :: WidgetFor site () -> HandlerFor site Html defaultLayout widget = do + + -- Don't run if server-side UI is disabled. + -- This single check probably covers all the HTML-returning handlers, + -- but for now they do the check as well. + checkServerSideUiEnabled + master <- getYesod here <- fromMaybe RootR <$> getCurrentRoute VD {caps, j, m, opts, q, qopts} <- getViewData @@ -209,7 +217,10 @@ getViewData = do checkServerSideUiEnabled :: Handler () checkServerSideUiEnabled = do VD{opts=WebOpts{serve_api_}} <- getViewData - when serve_api_ $ permissionDenied "server-side UI is disabled due to --serve-api" + when serve_api_ $ + -- this one gives 500 internal server error when called from defaultLayout: + -- permissionDenied "server-side UI is disabled due to --serve-api" + sendResponseStatus status403 ("server-side UI is disabled due to --serve-api" :: Text) -- | Find out if the sidebar should be visible. Show it, unless there is a -- showsidebar cookie set to "0", or a ?sidebar=0 query parameter.