prevent unsupported operation call #154
Conversation
1 similar comment
| @@ -223,7 +224,7 @@ function executeRequest (request, resolve, reject) { | |||
| var service; | |||
| try { | |||
| service = Fetcher.getService(request.resource); | |||
| if (!service[op]) { | |||
| if ([OP_CREATE,OP_READ,OP_UPDATE,OP_DELETE].indexOf(op) < 0 || !service[op]) { | |||
There was a problem hiding this comment.
@nysd Thanks for your contribution!
How about moving this check before the line above, and checking using === explictly to avoid allocating an array and doing an indexOf every time request is executed?
There was a problem hiding this comment.
@lingyan Thanks for your advice.
I agree with you and I moved this check from 'executeRequest' to 'Request' function.
There was a problem hiding this comment.
@nysd Instead of moving this check to Request constructor and adding another try/catch, which is known to de-optimze the function for v8 engine, can we just do this check after line 431 the if (!Fetcher.isRegistered(singleRequest.resource)) { block, and call next(error) directly? Thanks!
There was a problem hiding this comment.
@lingyan Thanks for your advice. I moved the operation check from Request constructor to after !Fetchr.isRegistered block. Please confirm my code.
|
CLA is valid! |
1 similar comment
|
👍 Thanks! @nysd |
|
Released in fetcher@0.5.34 |
I think fetcher.js should allow only 'read,create,update,delete' operations that fetchr.client supports.
because I could call any operation like 'constructor'. this may cause serious security problem.