Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

helmet: Allow referrerPolicy.policy to be an array of strings #44235

Merged
merged 2 commits into from Apr 26, 2020
Merged

helmet: Allow referrerPolicy.policy to be an array of strings #44235

merged 2 commits into from Apr 26, 2020

Conversation

TDurrr1
Copy link
Contributor

@TDurrr1 TDurrr1 commented Apr 26, 2020

(Let me know if I’ve broken any rules with the way I’ve done this. I’m still pretty new to it all 😁)

Setting a referrer policy as an array of strings is permitted. This will result in a comma-separated list of policies, where the last policy understood by the browser would be the one applied. See MDN on the Referrer-Policy header as well as Helmet’s documentation (near the bottom).

This is a setup I’ve been using on monicajean.photography successfully, so I can confirm that it works in the wild as well.

  • Use a meaningful title for the pull request. Include the name of the package modified.
  • Test the change in your own code. (Compile and run.)
  • Add or edit tests to reflect the change. (Run with npm test.)
  • Follow the advice from the readme.
  • Avoid common mistakes.
    • I wasn’t sure what to do about this one. I did npm run prettier -- --write types/helmet/**/*.ts, but it changed quite a few lines of code that weren’t mine, and that didn’t seem like a good idea, so I went without. Also, it recommends using ReadonlyArray over string[] when the array’s parameters won’t be written to; I went for style consistency and used string[] so it would match the rest of the file.
  • Run npm run lint package-name (or tsc if no tslint.json is present).

Select one of these and delete the others:

If changing an existing definition:

  • Provide a URL to documentation or source code which provides context for the suggested changes:
  • If this PR brings the type definitions up to date with a new version of the JS library, update the version number in the header. (It does not.)
  • Include tests for your changes
  • If you are making substantial changes, consider adding a tslint.json containing { "extends": "dtslint/dt.json" }. If for reason the any rule need to be disabled, disable it for that line using // tslint:disable-next-line [ruleName] and not for whole package so that the need for disabling can be reviewed. (This change is pretty minor.)

TDurrr1 added 2 commits Apr 26, 2020
…ill result in a comma-separated list of policies, where the last policy understood by the browser would be the one applied. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy, "Specifying a fallback policy".
@typescript-bot
Copy link
Contributor

typescript-bot commented Apr 26, 2020

👋 Hi there! I’ve run some quick measurements against master and your PR. These metrics should help the humans reviewing this PR gauge whether it might negatively affect compile times or editor responsiveness for users who install these typings.

Let’s review the numbers, shall we?

Comparison details 📊
master #44235 diff
Batch compilation
Memory usage (MiB) 69.8 69.0 -1.1%
Type count 11219 11227 0%
Assignability cache size 3727 3730 0%
Language service
Samples taken 342 347 +1%
Identifiers in tests 342 347 +1%
getCompletionsAtPosition
    Mean duration (ms) 303.6 298.0 -1.8%
    Mean CV 10.1% 10.4%
    Worst duration (ms) 376.8 368.1 -2.3%
    Worst identifier helmet hpkp
getQuickInfoAtPosition
    Mean duration (ms) 304.4 300.3 -1.3%
    Mean CV 10.2% 11.6% +13.6%
    Worst duration (ms) 369.4 370.7 +0.3%
    Worst identifier frameguard use

It looks like nothing changed too much. I won’t post performance data again unless it gets worse.

@typescript-bot typescript-bot added the Perf: Same typescript-bot determined that this PR will not significantly impact compilation performance. label Apr 26, 2020
@typescript-bot typescript-bot added this to Waiting for Reviewers in Pull Request Status Board Apr 26, 2020
@typescript-bot typescript-bot added Popular package This PR affects a popular package (as counted by NPM download counts). Awaiting reviewer feedback labels Apr 26, 2020
@typescript-bot
Copy link
Contributor

typescript-bot commented Apr 26, 2020

@TDurrr1 Thank you for submitting this PR!

🔔 @cyrilschumacher @EvanHahn @BlueHatbRit @chdanielmueller - please review this PR in the next few days. Be sure to explicitly select Approve or Request Changes in the GitHub UI so I know what's going on.

If no reviewer appears after a week, a DefinitelyTyped maintainer will review the PR instead.

@typescript-bot typescript-bot moved this from Waiting for Reviewers to Check and Merge in Pull Request Status Board Apr 26, 2020
@typescript-bot typescript-bot added Owner Approved A listed owner of this package signed off on the pull request. Merge:Express and removed Awaiting reviewer feedback labels Apr 26, 2020
@typescript-bot
Copy link
Contributor

typescript-bot commented Apr 26, 2020

A definition owner has approved this PR ⭐️. A maintainer will merge this PR shortly. If it shouldn't be merged yet, please leave a comment saying so and we'll wait. Thank you for your contribution to DefinitelyTyped!

@elibarzilay elibarzilay merged commit 02f28e7 into DefinitelyTyped:master Apr 26, 2020
3 checks passed
Pull Request Status Board automation moved this from Check and Merge to Done Apr 26, 2020
@typescript-bot
Copy link
Contributor

typescript-bot commented Apr 26, 2020

I just published @types/helmet@0.0.46 to npm.

jjballano-qatium pushed a commit to jjballano-qatium/DefinitelyTyped that referenced this pull request Jun 16, 2020
…telyTyped#44235)

* Setting a referrer policy as an array of strings is permitted. This will result in a comma-separated list of policies, where the last policy understood by the browser would be the one applied. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy, "Specifying a fallback policy".

* Added a test for when referrerPolicy.policy is an array of strings.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Owner Approved A listed owner of this package signed off on the pull request. Perf: Same typescript-bot determined that this PR will not significantly impact compilation performance. Popular package This PR affects a popular package (as counted by NPM download counts).
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

4 participants