Expect-CT: put max-age first

[EvanHahn]

It's a little weird that max-age comes second after enforce:

helmet/middlewares/expect-ct/index.ts

Lines 24 to 28 in 936cd27

	if (options.enforce) {
	directives.push("enforce");
	}
	directives.push(`max-age=${parseMaxAge(options.maxAge)}`);

We should reorder these lines and update the tests.

[CyberZujo]

 directives.push(`max-age=${parseMaxAge(options.maxAge)}`);

  if (options.enforce) {
    directives.push("enforce");
  }

Did you mean this? Is there any constraint for the max age or just literally to reorder lines?

I would like to claim this one.

[EvanHahn]

Yup, that's it! You will probably need to update the tests, too.

[CyberZujo]

` it("can enable enforcement", async () => {
    await check(expectCt({ enforce: true }), {
      "expect-ct": "enforce, max-age=123",
    });
  });

  it("can explicitly disable enforcement", async () => {
    await check(expectCt({ enforce: false }), {
      "expect-ct": "max-age=123",
    });
  });
`

I've found these cases and the previous value of max-age was set to 0, probably now since it's reordered, I have to provide a value, so is that okay or, it is in

test/expect-ct.test.ts

You can assign this to me and I'll make a PR.

[EvanHahn]

I'd make the change and then run npm test to see what breaks, and then fix those tests. At least one of the tests you showed should change, though it's possible that there are others.

I can't assign this issue to you (GitHub doesn't allow me to) but feel free to make a pull request.

[EvanHahn]

@CyberZujo I'm planning to release the next major version of Helmet on Sunday, August 2 (a few days from now). Would you mind waiting until then? No problem if not, but I think it will be less work if we wait.

[CyberZujo]

Yes, no problem, I'll wait until then and then I'll make the PR.

[EvanHahn]

Helmet 4 (and expect-ct@1.0.0) was just released, so feel free to go ahead with your change. No rush, though!

[EvanHahn]

Closed by #264.