"Bad URL" should be clarified
Summary
The PE_BADURL error code, displayed as "Bad URL", is returned in the following cases:
- Plugins::CheckDevOps: URL does not match URIRE
- Issuer::OpenIDConnect: Redirect URI not authorized
- Issuer::CAS: logout URL not trusted
- Issuer::Get: unknown route invoked
- controlUrl: Url not in Base64 / URL contains XSS attack / URL does not match URIRE / URL is not a protected host
We can distinguish two different situations here:
- URL is malformed
- URL is well-formed but unknown/unauthorized
I think the second case should be more clearly notified to the user
Design proposition
Maybe introduce a new portal code
PE_UNAUTHORIZEDURL => "Destination URL is unauthorized"
Maybe "URL is not a protected vhost" should be a separate code too ?