This line uses the parse function from the cookie module. When the cookie value cannot be decoded properly this function throws (since the decodeURIComponent function throws). My concern is that this appears as a system error (plain error object) which usually results in the server responding with a 5xx error response versus a bad request or possibly not parsing the given value.
Now, I could wrap the decode call in the cookie module and just set the value to the raw value versus the decoded one. I am thinking this would be the proper thing to do (as I don't think failing with unable to decode URI component is good behavior here) but I wanted to first get some feedback since it would technically be a change in behavior.
Issue senchalabs/connect#652 is related.
tough call, I'd +1 400 personally but most people request that it would just warn / ignore, my votes for a 400
Do you think it would be wrong to silently catch the failure to decode and just set the value to the raw value in that case?
I think so yeah, if it's an invalid uri I dont see why it shouldn't be 400
The 400 response would need to come from connect in that case and just leave this module to throw. Want me to make the patch for that?
sure! sounds good to me, if we tack a err.status = 400 on that error then connect will respond correctly
err.status = 400
#5 ignore escape error and return original value better than throw th…
fixed #5 ignore escape error and return original value better than th…
…row the error.