Removes the validator.escape on the profileImageUrl field in core server
controller.
The escaping was causing the profileImageUrl field to be an invalid path
for the image. We don't need to worry about xss vulnerabilities on this
field because no user input is provided; the name & path are generated
by the application logic.
Fixes#1127
Emails are made unique. When user attempts to sign in through a provider in which his email is one that is already registered, user is redirected to the signin page with an error passed as a query string parameter.
- `/{api|modules|lib}/*` returns error page when path doesn’t exist
(from Express).
- `/*` always returns index (from Express), but if `$state` doesn’t
exist, Angular redirects to `/not-found` (no 404 status in that case
though!)
- If `Accept: application/json` header is present without `Accept:
text/html`, return error as json. Hence looking at non existing /api/*
paths with browser would show html error, but querying them with script
would return json.
- Slightly prettier 404 error
Test:
```bash
curl http://localhost:3000/api/notfound -4 -H "Accept: application/json"
```
=> json error.
```bash
curl http://localhost:3000/api/notfound -4 -H "Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0
.8"
```
=> html error (imitates Chrome’s Accept header).
Starting point was @dotch’s PL: https://github.com/meanjs/mean/pull/503
And `req.accepts()` idea came from http://stackoverflow.com/a/9802006
