rorylshanks · rorylshanks · Mar 25, 2024 · Mar 25, 2024 · Mar 25, 2024 · Mar 25, 2024
diff --git a/example-config.yaml b/example-config.yaml
@@ -9,6 +9,7 @@ ui:
   error_page_footer_text: Internal Systems - Authorized Access Only
   logo_image_src: https://upload.wikimedia.org/wikipedia/commons/thumb/2/2f/Google_2015_logo.svg/1200px-Google_2015_logo.svg.png
   error_page_show_error_code: false
+  error_page_show_host: false
 
 data_listen_port: 2080
 metrics_listen_port: 9090

diff --git a/test/e2e/tests/admin_page_test.js b/test/e2e/tests/admin_page_test.js
@@ -11,7 +11,7 @@ Scenario('I cant login to admin page as non admin', async ({ I }) => {
     I.fillField('login', '[email protected]');
     I.fillField('password', 'password');
     I.click('Login');
-    I.see("Unauthorized")
+    I.see("Forbidden")
 });
 
 
diff --git a/test/e2e/tests/basic_test.js b/test/e2e/tests/basic_test.js
@@ -60,7 +60,7 @@ Scenario('Testing Token Auth', async ({ I }) => {
 Scenario('Testing Unauthorized Flow', async ({ I }) => {
     I.amOnPage('http://test-unauthorized-login.localtest.me/');
     I.login()
-    I.see("Unauthorized")
+    I.see("Forbidden")
 });
 
 Scenario('Advanced matchers test', async ({ I }) => {

diff --git a/util/errorpage.js b/util/errorpage.js
@@ -15,6 +15,10 @@ async function renderErrorPage(status_code, error_code_override, req) {
     var footer_text = config?.ui?.error_page_footer_text || "Veriflow Access Proxy"
     var background_image_url = config?.ui?.error_page_background || false
     var additional_css = config?.ui?.error_page_additional_css || false
+    var request_host = req?.get("X-Forwarded-Host") || "{http.request.host}"
+    if (config?.ui?.error_page_show_host === false) {
+        request_host = null
+    }
     var show_error_code = true
     if (config?.ui?.error_page_show_error_code != null){
         var show_error_code = config?.ui?.error_page_show_error_code
@@ -30,9 +34,9 @@ async function renderErrorPage(status_code, error_code_override, req) {
         error_code = "ERR_NOT_FOUND"
     }
     if (status_code == 403) {
-        header = "Unauthorized"
-        description = "You are not authorized to access the requested resource."
-        error_code = "ERR_NOT_AUTHORIZED"
+        header = "Forbidden"
+        description = "You do not have permission to access the requested resource."
+        error_code = "ERR_ACCESS_DENIED"
     }
     if (status_code == 503) {
         header = "Service Unavailable"
@@ -63,7 +67,8 @@ async function renderErrorPage(status_code, error_code_override, req) {
         additional_css: additional_css,
         show_error_code: show_error_code,
         logo_image_src: logo_image_src,
-        request_id: req?.headers["X-Veriflow-Request-Id"] || "{http.request.uuid}"
+        request_id: req?.headers["X-Veriflow-Request-Id"] || "{http.request.uuid}",
+        request_host: request_host
     });
     return html
 }

diff --git a/views/error_fullpage.ejs b/views/error_fullpage.ejs
@@ -32,6 +32,9 @@
             <hr>
             <p class="error-message"><%= description %></p>
         </div>
+        <div class="footer">
+            <%= request_host %>
+        </div>
     </div>
 </body>
 <footer>