proxy: fix error page (#3020)

* fix error page

* proxy: fix error page

* share dashboard code

* fix test

authenticate/handlers.go

@@ -33,7 +33,6 @@ import (
 	"github.com/pomerium/pomerium/pkg/grpc/directory"
 	"github.com/pomerium/pomerium/pkg/grpc/session"
 	"github.com/pomerium/pomerium/pkg/grpc/user"
-	"github.com/pomerium/pomerium/ui"
 )
 
 // Handler returns the authenticate service's handler chain.
@@ -80,7 +79,7 @@ func (a *Authenticate) Mount(r *mux.Router) {
 }
 
 func (a *Authenticate) mountDashboard(r *mux.Router) {
-	sr := r.PathPrefix("/.pomerium").Subrouter()
+	sr := httputil.DashboardSubrouter(r)
 	c := cors.New(cors.Options{
 		AllowOriginRequestFunc: func(r *http.Request, _ string) bool {
 			state := a.state.Load()
@@ -108,19 +107,6 @@ func (a *Authenticate) mountDashboard(r *mux.Router) {
 		handlers.DeviceEnrolled(authenticateURL, a.state.Load().sharedKey).ServeHTTP(w, r)
 		return nil
 	}))
-	for _, fileName := range []string{
-		"apple-touch-icon.png",
-		"favicon-16x16.png",
-		"favicon-32x32.png",
-		"favicon.ico",
-		"index.css",
-		"index.js",
-	} {
-		fileName := fileName
-		sr.Path("/" + fileName).Handler(httputil.HandlerFunc(func(w http.ResponseWriter, r *http.Request) error {
-			return ui.ServeFile(w, r, fileName)
-		}))
-	}
 
 	cr := sr.PathPrefix("/callback").Subrouter()
 	cr.Use(func(h http.Handler) http.Handler {

authorize/check_response_test.go

@@ -135,6 +135,7 @@ func TestAuthorize_deniedResponse(t *testing.T) {
 							Code: envoy_type_v3.StatusCode(codes.InvalidArgument),
 						},
 						Headers: []*envoy_config_core_v3.HeaderValueOption{
+							mkHeader("Content-Type", "text/html; charset=UTF-8", false),
 							mkHeader("X-Pomerium-Intercepted-Response", "true", false),
 						},
 						Body: "Access Denied",

internal/httputil/errors.go

@@ -78,6 +78,7 @@ func (e *HTTPError) ErrorResponse(w http.ResponseWriter, r *http.Request) {
 		m["debugUrl"] = response.DebugURL.String()
 	}
 
+	w.Header().Set("Content-Type", "text/html; charset=UTF-8")
 	w.WriteHeader(response.Status)
 	if err := ui.ServePage(w, r, "Error", m); err != nil {
 		http.Error(w, err.Error(), http.StatusInternalServerError)

internal/httputil/router.go

@@ -4,8 +4,9 @@ import (
 	"net/http"
 
 	"github.com/gorilla/mux"
-
 	"github.com/pomerium/csrf"
+
+	"github.com/pomerium/pomerium/ui"
 )
 
 // NewRouter returns a new router instance.
@@ -21,3 +22,22 @@ func CSRFFailureHandler(w http.ResponseWriter, r *http.Request) error {
 	}
 	return nil
 }
+
+// DashboardSubrouter returns the .pomerium sub router.
+func DashboardSubrouter(parent *mux.Router) *mux.Router {
+	r := parent.PathPrefix("/.pomerium").Subrouter()
+	for _, fileName := range []string{
+		"apple-touch-icon.png",
+		"favicon-16x16.png",
+		"favicon-32x32.png",
+		"favicon.ico",
+		"index.css",
+		"index.js",
+	} {
+		fileName := fileName
+		r.Path("/" + fileName).Handler(HandlerFunc(func(w http.ResponseWriter, r *http.Request) error {
+			return ui.ServeFile(w, r, fileName)
+		}))
+	}
+	return r
+}

proxy/handlers.go

@@ -18,7 +18,7 @@ import (
 
 // registerDashboardHandlers returns the proxy service's ServeMux
 func (p *Proxy) registerDashboardHandlers(r *mux.Router) *mux.Router {
-	h := r.PathPrefix(dashboardPath).Subrouter()
+	h := httputil.DashboardSubrouter(r)
 	h.Use(middleware.SetHeaders(httputil.HeadersContentSecurityPolicy))
 
 	// special pomerium endpoints for users to view their session