Skip to content

feat(gateway): add default landing page when RootRedirect is not set #11091

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
lidel wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

feat(gateway): add default landing page when RootRedirect is not set #11091

lidel wants to merge 1 commit into from
+400 −10

Conversation

@lidel
Copy link
Member

@lidel lidel commented Dec 4, 2025

This is quality of life improvement where the Gateway port displays a landing page at root "/" when Gateway.RootRedirect is not configured. the page indicates that kubo is working and provides links to documentation and resources.

@lidel lidel mentioned this pull request Dec 4, 2025
Open
34 tasks
github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 4, 2025
View reviewed changes
core/corehttp/landing.go
if w.suppressed404 {
return len(b), nil // Discard 404 body
}
return w.ResponseWriter.Write(b)

Check warning

Code scanning / CodeQL

Information exposure through a stack trace Medium

HTTP response depends on
stack trace information
Loading
and may be exposed to an external user.

Copilot Autofix

AI 7 days ago

To fix the issue, we must ensure that stack trace information (the contents of buf in profile/goroutines.go) is not sent to the user via an HTTP response. When writing such diagnostics, the correct action is to log the stack trace on the server (for administrator/developer analysis) and, for the client, to send a generic error message instead.

Specifically:

  • In profile/goroutines.go, if WriteAllGoroutineStacks is used as a handler to write goroutine stacks to a user-facing HTTP response, it should instead:
    • Write a simple message to the response, such as "An unexpected error occurred".
    • Log the stack trace server-side using Go's log package (or an equivalent).
  • If there are places in core/corehttp/landing.go where stack trace information flows into an HTTP response (specifically via the Write method), this must be intercepted and only a generic error or status be sent.

As the data flow is traced from profile/goroutines.go:WriteAllGoroutineStacks, the fix is to log the stack trace and only send a generic message to the writer (ideally, the HTTP response writer).

Required changes:

  • In profile/goroutines.go, update WriteAllGoroutineStacks so that instead of writing buf to the io.Writer, it logs the stack trace server-side and writes a generic message to the writer.
  • Add an import for "log" if not present.
Suggested changeset 1
profile/goroutines.go
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/profile/goroutines.go b/profile/goroutines.go
--- a/profile/goroutines.go
+++ b/profile/goroutines.go
@@ -3,6 +3,7 @@
 import (
 	"io"
 	"runtime"
+	"log"
 )
 
 // WriteAllGoroutineStacks writes a stack trace to the given writer.
@@ -22,6 +23,9 @@
 		// }
 		buf = make([]byte, 2*len(buf))
 	}
-	_, err := w.Write(buf)
+	// Log stack trace on server for diagnostics
+	log.Printf("Goroutine stack trace:\n%s", string(buf))
+	// Write a generic message to the writer instead of stack trace
+	_, err := w.Write([]byte("An unexpected internal error occurred. Please contact support."))
 	return err
 }
EOF
@@ -3,6 +3,7 @@
import (
"io"
"runtime"
"log"
)

// WriteAllGoroutineStacks writes a stack trace to the given writer.
@@ -22,6 +23,9 @@
// }
buf = make([]byte, 2*len(buf))
}
_, err := w.Write(buf)
// Log stack trace on server for diagnostics
log.Printf("Goroutine stack trace:\n%s", string(buf))
// Write a generic message to the writer instead of stack trace
_, err := w.Write([]byte("An unexpected internal error occurred. Please contact support."))
return err
}
Copilot is powered by AI and may make mistakes. Always verify output.
@lidel
feat(gateway): add default landing page when RootRedirect is not set
052e823 
display a landing page at gateway root "/" when `Gateway.RootRedirect`
is not configured. the page indicates that kubo is working and provides
links to documentation and resources.

- embed HTML at compile time using go:embed
- intercept 404 responses on known gateways (like localhost) with
  zero-buffering overhead
- hide abuse reporting section for localhost/127.0.0.1
- serve landing page on both gateway and RPC API ports
@lidel lidel force-pushed the feat/gateway-landing-page branch from 10ea4cf to 052e823 Compare December 4, 2025 22:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lidel