-
-
Notifications
You must be signed in to change notification settings - Fork 17.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Throw on invalid status codes #4212
Conversation
I realized after opening this that Node.js does not throw on inputs like |
@jonchurch - my assertion is that |
Yea, I don't have any issues with this throwing on a float; we want to throw on whatever Node.js throws on as the minimum bar. If we can also help the users by also throwing on definitely nonsensical inputs (like status codes with fractions) that makes sense of course :) ! |
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
as per the TC discussion, this is ready to merge, who is going to do that? @dougwilson , I see your red-X on this - is that still valid, or you are going to remove it and land? |
Thinking more about this and something bothers me. I took the approach the previous PR did, since it had been reviewed, but now I'm questioning the use of If someone monkey-patches My question has two parts:
See an example of the change in the diff: https://github.com/expressjs/express/pull/4212/files#diff-d86a59ede7d999db4b7bc43cb25a1c11L137-R142 |
Yes, as stated in #4223 (comment) , but this PR is already a breaking change, right? So I'm not sure if it's super relevant. The change itself makes sense to make, just like we call
I'm not really following on what this part of the question really is. The main reason the internals use Express' own API is especially useful for AOP type of design patterns, if the user so chooses to do them. The Node.js HTTP APIs do the same patterns as well, AFAIK. |
I wasn't clear. Re: breaking, I meant that someone's v4 You've answered my second question I believe. We aren't interested in making some methods private and off limits to users. Thanks, I wanted to bring up this point (re: effects of monkey-patching res.status with these changes) just so someone else could check it. Realizing that we use a lot of these helper methods internally would indicate that this change is not out of step with what is standard. |
Just read that linked comment and saw you did directly address the concern already 👍 |
Yep! I did, though, not directly address the monkey patching messing something up; that is indeed the case, but I don't think any more so than other aspects of Node.js and Javascript. I think that it is going to be possible for users to override something and cause a breakage, but I'm not sure that the effort in order to prevent such a thing is really worth it. From support experience, I think it is extremely rare for such an issue to really show up, haha. |
eb10dba
to
340be0f
Compare
I think this PR should target branch https://github.com/expressjs/express/tree/5.0 and not master. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some of the comments are unaddressed, so didn't want to approve, but I think once those are addressed this looks good.
Co-authored-by: Chris de Almeida <[email protected]>
I am landing this despite the pending 22 test and the coverage report. I think we agree it is good and if we have to fix CI we can do it along with dropping node 18. I am getting to the point where I think we should merge all these pending ones and live with 5.0 being broken until we land the node@18 change anyway. |
Closes #3143
Will throw a
RangeError
if status code:This aligns with Node.js' behavior of throwing if given something outside that range
Will throw a
TypeError
if status code is:This is a choice we are making to limit the acceptable input.
Use
res.status
internally when setting status codesthe PR also ensures we use
res.status
internally when setting status codes, to allow us to use the validation logic internally.Test changes
I cleaned up the tests to test acceptable range, and invalid codes, and removed the
iojs
logic as its not supported in v5.TODO:
500.5
, but allows500.00
bc it is the same to JS), throws a RangeError if we get a status code outside 1xx to 9xx rangerelated: expressjs/discussions#233