"--random-route" leaks the 6-hexdigit token in 404 pages

[dsferruzza]

Hi!

I believe that the --random-route option is meant to be used as a "soft authentication method", as shown in the README example.
Unfortunately, the generated token seems to appear in 404 pages, which makes the whole feature awkwardly useless...
I am using miniserve 0.5.0 (downloaded from the releases page) on Windows 10.

Here is what I get when doing miniserve --random-route and then curl http://127.0.0.1:8080/:

<body>
    <!DOCTYPE html>
    <html>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>404 Not Found</title>
    <else>
        <title>Index of 404 Not Found</title>
    </else>
    <style>
        /* CSS code */
    </style>

    </html>
    <div class="error">
        <p>404 Not Found</p>
        <p>Route / could not be found</p>
        <div class="error-nav"><a class="error-back" href="/b0e615">Go back to file listing</a></div>
    </div>
</body>

(HTML code was reformatted to improve readability.)

1. You can see the link to /[token] at the end
2. What's up the HTML markup BTW? It makes little sense...

[ghost]

Good catch by the way