ignore invalid accept header values instead of throwing an error (#5502)

* ignore invalid accept header values instead of throwing an error * add test * fix formatting * fix test value * Apply suggestions from code review Co-authored-by: Rich Harris <hello@rich-harris.dev> * Remove whitespace from packages/kit/src/utils/http.js Co-authored-by: Rich Harris <hello@rich-harris.dev> * Create hot-planes-shout.md * gah, appease typescript Co-authored-by: Rich Harris <hello@rich-harris.dev>
sveltejs · Jul 13, 2022 · ccf038c · ccf038c
1 parent 0162163
commit ccf038c
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 23 deletions.
diff --git a/.changeset/hot-planes-shout.md b/.changeset/hot-planes-shout.md
@@ -0,0 +1,5 @@
+---
+"@sveltejs/kit": patch
+---
+
+ignore invalid accept header values instead of throwing an error
diff --git a/packages/kit/src/utils/http.js b/packages/kit/src/utils/http.js
@@ -27,32 +27,34 @@ export function to_headers(object) {
  * @param {string[]} types
  */
 export function negotiate(accept, types) {
-	const parts = accept
-		.split(',')
-		.map((str, i) => {
-			const match = /([^/]+)\/([^;]+)(?:;q=([0-9.]+))?/.exec(str);
-			if (match) {
-				const [, type, subtype, q = '1'] = match;
-				return { type, subtype, q: +q, i };
-			}
+	/** @type {Array<{ type: string, subtype: string, q: number, i: number }>} */
+	const parts = [];
 
-			throw new Error(`Invalid Accept header: ${accept}`);
-		})
-		.sort((a, b) => {
-			if (a.q !== b.q) {
-				return b.q - a.q;
-			}
+	accept.split(',').forEach((str, i) => {
+		const match = /([^/]+)\/([^;]+)(?:;q=([0-9.]+))?/.exec(str);
 
-			if ((a.subtype === '*') !== (b.subtype === '*')) {
-				return a.subtype === '*' ? 1 : -1;
-			}
+		// no match equals invalid header — ignore
+		if (match) {
+			const [, type, subtype, q = '1'] = match;
+			parts.push({ type, subtype, q: +q, i });
+		}
+	});
 
-			if ((a.type === '*') !== (b.type === '*')) {
-				return a.type === '*' ? 1 : -1;
-			}
+	parts.sort((a, b) => {
+		if (a.q !== b.q) {
+			return b.q - a.q;
+		}
+
+		if ((a.subtype === '*') !== (b.subtype === '*')) {
+			return a.subtype === '*' ? 1 : -1;
+		}
+
+		if ((a.type === '*') !== (b.type === '*')) {
+			return a.type === '*' ? 1 : -1;
+		}
 
-			return a.i - b.i;
-		});
+		return a.i - b.i;
+	});
 
 	let accepted;
 	let min_priority = Infinity;

diff --git a/packages/kit/src/utils/http.spec.js b/packages/kit/src/utils/http.spec.js
@@ -1,6 +1,6 @@
 import { test } from 'uvu';
 import * as assert from 'uvu/assert';
-import { to_headers } from './http.js';
+import { negotiate, to_headers } from './http.js';
 import { Headers } from 'undici';
 
 // @ts-ignore
@@ -26,4 +26,14 @@ test('handle header decimal value', () => {
 	assert.equal(headers.get('name'), '123.456');
 });
 
+test('handle valid accept header value', () => {
+	const accept = 'text/html';
+	assert.equal(negotiate(accept, ['text/html']), 'text/html');
+});
+
+test('handle invalid accept header value', () => {
+	const accept = 'text/html,*';
+	assert.equal(negotiate(accept, ['text/html']), 'text/html');
+});
+
 test.run();