Removes the validator.escape on the profileImageUrl field in core server
controller.
The escaping was causing the profileImageUrl field to be an invalid path
for the image. We don't need to worry about xss vulnerabilities on this
field because no user input is provided; the name & path are generated
by the application logic.
Fixes#1127
Removed the {{url}} from the Favicon path. This fixes the intermittent
issues with the path resolving to an invalid location.
Removed the url from the twitter:image & og:image tags, to be static
references to the logo.
Emails are made unique. When user attempts to sign in through a provider in which his email is one that is already registered, user is redirected to the signin page with an error passed as a query string parameter.
- `/{api|modules|lib}/*` returns error page when path doesn’t exist
(from Express).
- `/*` always returns index (from Express), but if `$state` doesn’t
exist, Angular redirects to `/not-found` (no 404 status in that case
though!)
- If `Accept: application/json` header is present without `Accept:
text/html`, return error as json. Hence looking at non existing /api/*
paths with browser would show html error, but querying them with script
would return json.
- Slightly prettier 404 error
Test:
```bash
curl http://localhost:3000/api/notfound -4 -H "Accept: application/json"
```
=> json error.
```bash
curl http://localhost:3000/api/notfound -4 -H "Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0
.8"
```
=> html error (imitates Chrome’s Accept header).
Starting point was @dotch’s PL: https://github.com/meanjs/mean/pull/503
And `req.accepts()` idea came from http://stackoverflow.com/a/9802006
Headers were a weird mixture of html5 and xhtml. Now it's pure html5.
Use this as doctype if you really want it to be xhtml, but I don't see why would you want that with Angular:
```html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
```
