Skip to content

Commit

Permalink
HSTS: throw when misspelling "includeSubDomains" option
Browse files Browse the repository at this point in the history
See [#462] and [#464].

[#462]: #462
[#464]: #464
  • Loading branch information
sohrb authored and EvanHahn committed Apr 28, 2024
1 parent aeba96b commit 433e348
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 7 deletions.
2 changes: 1 addition & 1 deletion middlewares/strict-transport-security/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ function getHeaderValueFromOptions(
);
}
if ("includeSubdomains" in options) {
console.warn(
throw new Error(
'Strict-Transport-Security middleware should use `includeSubDomains` instead of `includeSubdomains`. (The correct one has an uppercase "D".)',
);
}
Expand Down
9 changes: 3 additions & 6 deletions test/strict-transport-security.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -87,12 +87,9 @@ describe("Strict-Transport-Security middleware", () => {
});

it("logs a warning when using the mis-capitalized `includeSubdomains` parameter", () => {
jest.spyOn(console, "warn").mockImplementation(() => {});

strictTransportSecurity({ includeSubdomains: false } as any);

expect(console.warn).toHaveBeenCalledTimes(1);
expect(console.warn).toHaveBeenCalledWith(
expect(() =>
strictTransportSecurity({ includeSubdomains: false } as any),
).toThrow(
'Strict-Transport-Security middleware should use `includeSubDomains` instead of `includeSubdomains`. (The correct one has an uppercase "D".)',
);
});
Expand Down

0 comments on commit 433e348

Please sign in to comment.