fix: allow numeric header values #48

thilohaas · 2018-04-26T14:24:56Z

No description provided.

fatso83 · 2018-06-01T08:22:53Z

lib/fake-xhr/index.js

@@ -127,7 +127,8 @@ function verifyState(xhr) {
 function normalizeHeaderValue(value) {
    // Ref: https://fetch.spec.whatwg.org/#http-whitespace-bytes
    /*eslint no-control-regex: "off"*/
-    return value.replace(/^[\x09\x0A\x0D\x20]+|[\x09\x0A\x0D\x20]+$/g, "");


All header values should be strings. I think you might as well just handle the case by wrapping the value in String(value). When getting header values you should always get a string, anyway (so update the test as well). Any conversion to numbers in your code need to happen after header extraction. XHR can't know if the value is a number or string when sent on the wire, so this is client knowledge.

Ref #37 (comment)

fatso83 · 2018-06-01T08:41:51Z

I changed my mind. Wrapping this in a string doesn't make sense, as the format is not decided. For instance, wrapping 1.0 will become "1", making the test fail with:

 `AssertionError: [assert.equals] 1 expected to be equal to 1.0`

We should throw on non-string vals

Header fields are colon-separated name-value pairs in clear-text string format, terminated by a carriage return (CR) and line feed (LF) character sequence

ref https://en.wikipedia.org/wiki/List_of_HTTP_header_fields#General_format

According to RFC7230, http fields have used to be text and new headers should continue to do so, restricting the values to consist of US-ASCII octets. This test is not so strict, but we avoid a whole range of errors by just checking if the value is a string. Ref sinonjs#51 and sinonjs#48

According to RFC7230, http fields have used to be text and new headers should continue to do so, restricting the values to consist of US-ASCII octets. This test is not so strict, but we avoid a whole range of errors by just checking if the value is a string. Ref sinonjs#51, sinonjs#48 and https://tools.ietf.org/html/rfc7230#section-3.2.4

According to RFC7230, http fields have used to be text and new headers should continue to do so, restricting the values to consist of US-ASCII octets. This test is not so strict, but we avoid a whole range of errors by just checking if the value is a string. Ref #51, #48 and https://tools.ietf.org/html/rfc7230#section-3.2.4

fix: allow numeric header values

1ca4ee2

thilohaas force-pushed the fix/numeric-header-values branch from a288ad3 to 1ca4ee2 Compare April 26, 2018 14:28

danxuliu mentioned this pull request May 28, 2018

Limit Sinon version to 5.0.7 at most nextcloud/server#9627

Merged

scottohara mentioned this pull request May 31, 2018

Regression when $.ajax() XHR includes headers #51

Closed

fatso83 mentioned this pull request Jun 1, 2018

improve correctness of .setRequestHeader #37

Merged

fatso83 requested changes Jun 1, 2018

View reviewed changes

fatso83 closed this Jun 1, 2018

fatso83 mentioned this pull request Jun 1, 2018

Throw an explicit error if the header value is not a string #53

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: allow numeric header values #48

fix: allow numeric header values #48

thilohaas commented Apr 26, 2018

fatso83 Jun 1, 2018

fatso83 Jun 1, 2018

fatso83 commented Jun 1, 2018

fix: allow numeric header values #48

fix: allow numeric header values #48

Conversation

thilohaas commented Apr 26, 2018

fatso83 Jun 1, 2018

Choose a reason for hiding this comment

fatso83 Jun 1, 2018

Choose a reason for hiding this comment

fatso83 commented Jun 1, 2018