Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Creating a new Response with a Status Code of 404 leads to an infinite loop when the /404.astro page is absent. #8100

Closed
1 task
gitcaduff opened this issue Aug 16, 2023 · 9 comments · Fixed by #8136
Closed
1 task

Creating a new Response with a Status Code of 404 leads to an infinite loop when the /404.astro page is absent. #8100

gitcaduff opened this issue Aug 16, 2023 · 9 comments · Fixed by #8136
Labels
- P4: important Violate documented behavior or significantly impacts performance (priority) feat: dev Related to `astro dev` CLI command (scope) feat: error pages Related to 404 and 500 handling (scope)

Comments

@gitcaduff
Copy link

gitcaduff commented Aug 16, 2023
edited
Loading

What version of astro are you using?

2.10.9

Are you using an SSR adapter? If so, which one?

Node

What package manager are you using?

npm

What operating system are you using?

Mac

What browser are you using?

Chrome

Describe the Bug

In the past, with an older version of Astro (until 2.8.4), it was feasible to generate Responses bearing the 404 status code. However, in the current setup (version 2.9.0 and above), this process triggers an infinite loop due to Astro's subsequent search for the missing /404.astro page. To circumvent this loop, I opt not to furnish a /404.astro page. This choice stems from my desire to refrain from redirecting users to a dedicated 404 page. Instead, I intend to furnish a 404 Code directly while retaining the requested URL's context.

return new Response("custom 404 html content", {
   status: 404
});

What's the expected result?

I would expect to be able to return any page with a 404 code.

Link to Minimal Reproducible Example

https://stackblitz.com/edit/stackblitz-starters-6pmtt6?file=response-with-404-code%2Fsrc%2Fpages%2F[...path].astro

Participation

  • I am willing to submit a pull request for this issue.
@github-actions github-actions bot added the needs triage Issue needs to be triaged label Aug 16, 2023
@gitcaduff gitcaduff changed the title Returning a new Response with the Status Code 404 causes an Redirect to the (missing) /404.astro Page Creating a fresh Response with a Status Code of 404 leads to an infinite loop when the /404.astro page is absent. Aug 16, 2023
@gitcaduff gitcaduff changed the title Creating a fresh Response with a Status Code of 404 leads to an infinite loop when the /404.astro page is absent. Creating a new Response with a Status Code of 404 leads to an infinite loop when the /404.astro page is absent. Aug 16, 2023
@lilnasy
Copy link
Contributor

lilnasy commented Aug 16, 2023

@gitcaduff Could not reproduce the issue. The custom 404 response gets served.

Could you check?

screenshot

@lilnasy lilnasy added needs response Issue needs response from OP and removed needs triage Issue needs to be triaged labels Aug 16, 2023
@gitcaduff
Copy link
Author

Hi @lilnasy, thanks for your ultrafast reply!
I did just check it. It works as expected with "astro preview" but fails with "astro dev".

@lilnasy lilnasy added - P4: important Violate documented behavior or significantly impacts performance (priority) feat: dev Related to `astro dev` CLI command (scope) and removed needs response Issue needs response from OP labels Aug 16, 2023
@natemoo-re natemoo-re added the feat: error pages Related to 404 and 500 handling (scope) label Aug 16, 2023
@andremralves andremralves mentioned this issue Aug 18, 2023
Merged
@gitcaduff
Copy link
Author

@lilnasy it seems that the problem got back with Astro 4.5.x
if we run "astro dev" Astro tries to find the 404.astro, that does not exist. The result: an infinite loop.
thx

@lilnasy
Copy link
Contributor

lilnasy commented Mar 27, 2024

Could you open a new issue with a small reproduction project that runs into the loop?

@gitcaduff gitcaduff mentioned this issue Mar 27, 2024
Closed
1 task
@gitcaduff
Copy link
Author

Could you open a new issue with a small reproduction project that runs into the loop?

Done: #10581

@kyr0
Copy link

kyr0 commented Apr 9, 2024

This almost killed my whole Firebase budget, as a verifyToken call is done for the JWT token in my middleware. It still seems to happen in 4.5.17 or is a regression? Definitely not fixed. I have no static 404 page route. My middleware simply is doing this now, after I removed every of my code, step-by-step, and after countless of debugging hours, believing that the issue is caused somewhere by my code, test code etc., it's still happening with the most simple setup:

export const onRequest: MiddlewareHandler = async (
  { request },
  next,
): Promise<Response> => {
  // pre-flight request
  if (request.method === "OPTIONS") {
    console.log("Middleware allowed pre-flight request, 200 OK");
    return new Response(null, { status: 200 });
  }

  try {

    console.log("Middleware blocked request with no valid auth");
    return new Response("Not found", { status: 404 });
  } catch (error) {
    console.log("Middleware error", error.message, error.stack);
    logException(error);
    return new Response("Internal Server Error", { status: 500 });
  }
};

Once I access http://localhost:4321/, it's over:

Middleware blocked request with no valid auth 2
01:29:10 [404] / 0ms
Middleware blocked request with no valid auth 2
01:29:10 [404] / 0ms
Middleware blocked request with no valid auth 2
01:29:10 [404] / 0ms
Middleware blocked request with no valid auth 2
01:29:10 [404] / 1ms
Middleware blocked request with no valid auth 2
01:29:10 [404] / 0ms
Middleware blocked request with no valid auth 2
01:29:10 [404] / 0ms
Middleware blocked request with no valid auth 2
01:29:10 [404] / 0ms
Middleware blocked request with no valid auth 2
01:29:10 [404] / 0ms
Middleware blocked request with no valid auth 2
01:29:10 [404] / 0ms
^C

@kyr0
Copy link

kyr0 commented Apr 9, 2024
edited
Loading

Btw there is no way now to return any 404 in the middleware, it always ends up in an infinite loop, even if I create a static 404 page. I'm now forced to diverge from security best practices and return a 403 instead. This way there is no endless loop.

@lilnasy
Copy link
Contributor

lilnasy commented Apr 9, 2024
edited
Loading

@kyr0 The issue is a systematic one, explained in-depth here: withastro/roadmap#681.

There are likely multiple manifestations of it still in the codebase. It seems like middleware returning 404 responses is still problematic.

Could you open a new issue for it?

@lilnasy lilnasy mentioned this issue Apr 10, 2024
Closed
1 task
@kyr0
Copy link

kyr0 commented Apr 13, 2024

@lilnasy Ah, now I found your comment here - sry; pls. ignore my extra text in the other issue about this being the case still #10735

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
- P4: important Violate documented behavior or significantly impacts performance (priority) feat: dev Related to `astro dev` CLI command (scope) feat: error pages Related to 404 and 500 handling (scope)
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix 404 response leading to an infinite loop when there is no 404 page andremralves/astro
4 participants
@kyr0 @natemoo-re @lilnasy @gitcaduff