-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(types): solidify type annotations, add tsc checks #56
Conversation
… type-safe header management
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One question: in the places you've used getFirstHttpHeader
do we know what user agents should be doing by-spec if they receive more than one header? Should they be ignoring other headers, should they be merging headers, should they be raising an error?
Otherwise a few little nits, but looks good!
"moduleResolution": "nodenext" | ||
} | ||
"moduleResolution": "nodenext", | ||
"strict": true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
with strict
true, we can remove noImplicitAny
above (as it defaults to true when strict
is true)
src/analyzer/cspParser.js
Outdated
.split(",") // NodeJS joins multiple headers with a comma | ||
.map((scpString) => scpString.replace(/[\r\n]/g, "").trim()) | ||
: [""] | ||
scpString ? scpString.replaceAll(/[\r\n]/g, "").trim() : [""] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can scpString
(typo of cspString
?) be undefined? Typescript doesn't think so. And isn't it already a flat array? Could this simply be:
const cleanCspList = cspList.map((cspString) => cspString.replaceAll(/[\r\n]/g, "").trim())`
let policy = output.data | ||
.split(",") | ||
.filter((e) => valid.includes(e.toLowerCase().trim())) | ||
.reverse()[0] | ||
?.toLowerCase() | ||
.trim(); | ||
? output.data | ||
.split(",") | ||
.filter((e) => valid.includes(e.toLowerCase().trim())) | ||
.reverse()[0] | ||
?.toLowerCase() | ||
.trim() | ||
: ""; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Might it be a bit neater to do?
let policy = output.data?.split(",").etc(...) ?? "";
Most docs I found on duplicate headers say that behaviour is undefined ("...agents MAY combine it to a comma-separated list..."), with some exceptions like cookie and CSP headers. I could not find a general answer to that, but I am ready to be proven wrong. |
Description
Set type verification to "strict" and fixes any tsc related issues, hardening the types and assorted checks.
(MP-1401)