-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: simpler https audit #1918
fix: simpler https audit #1918
Changes from 1 commit
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -17,6 +17,8 @@ | |
'use strict'; | ||
|
||
const Audit = require('./audit'); | ||
const Formatter = require('../report/formatter'); | ||
const URL = require('../lib/url-shim'); | ||
|
||
class HTTPS extends Audit { | ||
/** | ||
|
@@ -32,7 +34,7 @@ class HTTPS extends Audit { | |
'in on the communications between your app and your users, and is a prerequisite for ' + | ||
'HTTP/2 and many new web platform APIs. ' + | ||
'[Learn more](https://developers.google.com/web/tools/lighthouse/audits/https).', | ||
requiredArtifacts: ['HTTPS'] | ||
requiredArtifacts: ['networkRecords'] | ||
}; | ||
} | ||
|
||
|
@@ -41,9 +43,25 @@ class HTTPS extends Audit { | |
* @return {!AuditResult} | ||
*/ | ||
static audit(artifacts) { | ||
const networkRecords = artifacts.networkRecords[Audit.DEFAULT_PASS]; | ||
const insecureRecords = networkRecords | ||
.filter(record => record.scheme === 'http' && record.domain !== 'localhost') | ||
.map(record => ({url: URL.getDisplayName(record.url, {preserveHost: true})})); | ||
|
||
let displayValue = ''; | ||
if (insecureRecords.length > 1) { | ||
displayValue = `${insecureRecords.length} insecure requests found`; | ||
} else if (insecureRecords.length === 1) { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. looks like we're setting the same displayValue in both cases. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. What about one string to rule them all:
We should handle the pluralization though. #polish |
||
displayValue = `${insecureRecords.length} insecure requests found`; | ||
} | ||
|
||
return { | ||
rawValue: artifacts.HTTPS.value, | ||
debugString: artifacts.HTTPS.debugString | ||
rawValue: insecureRecords.length === 0, | ||
displayValue, | ||
extendedInfo: { | ||
formatter: Formatter.SUPPORTED_FORMATS.URL_LIST, | ||
value: insecureRecords | ||
} | ||
}; | ||
} | ||
} | ||
|
This file was deleted.
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -138,7 +138,6 @@ describe('Config', () => { | |
passes: [{ | ||
gatherers: [ | ||
'url', | ||
'https', | ||
'viewport' | ||
] | ||
}], | ||
|
This file was deleted.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i'd prefer to whitelist what we consider secure, rather than building up a blacklist.
check out https://www.chromium.org/Home/chromium-security/security-faq#TOC-Which-origins-are-secure-
i think we only want to do https/wss and localhost for now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done