From 2ccdab698767186ffb67f9c54e29e25eb7727168 Mon Sep 17 00:00:00 2001
From: Sohrab Chegini <sohrab.chegini@gmail.com>
Date: Sun, 28 Apr 2024 18:03:52 +0330
Subject: [PATCH] HSTS: throw when misspelling "includeSubDomains" option

See [#462] and [#464].

[#462]: https://github.com/helmetjs/helmet/issues/462
[#464]: https://github.com/helmetjs/helmet/pull/464
---
 middlewares/strict-transport-security/index.ts | 2 +-
 test/strict-transport-security.test.ts         | 9 +++------
 2 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/middlewares/strict-transport-security/index.ts b/middlewares/strict-transport-security/index.ts
index fa6e773..18c45cf 100644
--- a/middlewares/strict-transport-security/index.ts
+++ b/middlewares/strict-transport-security/index.ts
@@ -29,7 +29,7 @@ function getHeaderValueFromOptions(
     );
   }
   if ("includeSubdomains" in options) {
-    console.warn(
+    throw new Error(
       'Strict-Transport-Security middleware should use `includeSubDomains` instead of `includeSubdomains`. (The correct one has an uppercase "D".)',
     );
   }
diff --git a/test/strict-transport-security.test.ts b/test/strict-transport-security.test.ts
index dc1d780..73cf33f 100644
--- a/test/strict-transport-security.test.ts
+++ b/test/strict-transport-security.test.ts
@@ -87,12 +87,9 @@ describe("Strict-Transport-Security middleware", () => {
   });
 
   it("logs a warning when using the mis-capitalized `includeSubdomains` parameter", () => {
-    jest.spyOn(console, "warn").mockImplementation(() => {});
-
-    strictTransportSecurity({ includeSubdomains: false } as any);
-
-    expect(console.warn).toHaveBeenCalledTimes(1);
-    expect(console.warn).toHaveBeenCalledWith(
+    expect(() =>
+      strictTransportSecurity({ includeSubdomains: false } as any),
+    ).toThrow(
       'Strict-Transport-Security middleware should use `includeSubDomains` instead of `includeSubdomains`. (The correct one has an uppercase "D".)',
     );
   });