From 80874887cc78010dac35e0abb7a7cff25f37c909 Mon Sep 17 00:00:00 2001
From: Philip Sargent <philip.sargent@klebos.com>
Date: Thu, 25 Mar 2021 16:15:58 +0000
Subject: [PATCH] 404 fix attempt

---
 core/views_other.py        |  8 ++++++++
 security-warnings.txt      |  4 ++++
 templates/404.html         | 23 +++++++++++++++++++++++
 templates/pathsreport.html |  2 +-
 4 files changed, 36 insertions(+), 1 deletion(-)
 create mode 100644 templates/404.html

diff --git a/core/views_other.py b/core/views_other.py
index cc8fe3a..0944d55 100644
--- a/core/views_other.py
+++ b/core/views_other.py
@@ -23,6 +23,14 @@ Also has code to download a logbook in a choice of formats (why?!) and to
 download all QMs (not working)
 """
 
+def troggle404(request): # cannot get this to work. Handler404 in urls.py not right syntax
+    '''Custom 404 page to be used even when Debug=True
+    https://blog.juanwolf.fr/posts/programming/how-to-create-404-page-django/
+    '''
+    context = RequestContext(request)
+    #context['caves'] = Cave.objects.all()
+    return render_to_response('404.html', context.flatten())
+
 def showrequest(request):
     return HttpResponse(request.GET)
 
diff --git a/security-warnings.txt b/security-warnings.txt
index 775e519..ee3c723 100644
--- a/security-warnings.txt
+++ b/security-warnings.txt
@@ -2,9 +2,13 @@ System check identified some issues:
 
 WARNINGS:
 ?: (security.W004) You have not set a value for the SECURE_HSTS_SECONDS setting. If your entire site is served only over SSL, you may want to consider setting a value and enabling HTTP Strict Transport Security. Be sure to read the documentation first; enabling HSTS carelessly can cause serious, irreversible problems.
+
 ?: (security.W008) Your SECURE_SSL_REDIRECT setting is not set to True. Unless your site should be available over both SSL and non-SSL connections, you may want to either set this setting True or configure a load balancer or reverse-proxy server to redirect all connections to HTTPS.
+
 ?: (security.W012) SESSION_COOKIE_SECURE is not set to True. Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions.
+
 ?: (security.W018) You should not have DEBUG set to True in deployment.
+
 ?: (security.W019) You have 'django.middleware.clickjacking.XFrameOptionsMiddleware' in your MIDDLEWARE_CLASSES, but X_FRAME_OPTIONS is not set to 'DENY'. The default is 'SAMEORIGIN', but unless there is a good reason for your site to serve other parts of itself in a frame, you should change it to 'DENY'.
 
 System check identified 5 issues (0 silenced).
diff --git a/templates/404.html b/templates/404.html
new file mode 100644
index 0000000..36246de
--- /dev/null
+++ b/templates/404.html
@@ -0,0 +1,23 @@
+{% extends "base.html" %}
+{% load wiki_markup %}
+{% load link %}
+
+{% block title %}List of survex files{% endblock %}
+
+{% block content %}
+
+<h1>404 - Page not found </h1>
+
+<h3>Kataster number not found :{{cave}}</h3>
+<p>More helpful information will appear here when someone programs it.</p>
+<p>
+Custom 404 page template/404.html is only activated when DEBUG=False in Django settings.
+So this is of very limited usefulness to us as we do not do that with troggle, even in production.
+Instead we do not raise the http404 exception in our code, we call our own error-handling display page.
+We have not yet done this with all our code though..
+<p>
+
+
+<p><em>This page created 25 March 2021</em></p>
+{% endblock %}
+
diff --git a/templates/pathsreport.html b/templates/pathsreport.html
index 8ce93be..f22f1ef 100644
--- a/templates/pathsreport.html
+++ b/templates/pathsreport.html
@@ -30,7 +30,7 @@
 
 <p>
 <table style="font-family: Consolas, Lucida Console, monospace;">
-<tr><th>Path</th><th>Code</th><th>Type</th></tr>
+<tr><th>Code</th><th>Path</th><th>Type</th></tr>
 {% for c,p,t  in bypathslist %}
 <tr>
 <td>