patch(core/url): Throw if VERDACCIO_FORWARDED_PROTO resolves to an array #4613
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
requestOptions.headers
are of typeIncomingHttpHeaders
. This is a dictionary whose values can bestring | string[] | undefined
. Looking at all the keys we can see that only"set-cookie?"
allows a value of typestring[]
.requestOptions.headers
is used like this:requestOptions.headers[protoHeader]
. So only ifprotoHeader
has the value"set-cookie"
can the returned value ever be an array. For all other values it's either going to beundefined
or a string. So only for"set-cookie
" will this code ever potentially throw this new error that is added in this PR.So. If for some very very weird reason 馃檭 some user of Verdaccio has configured
VERDACCIO_FORWARDED_PROTO
to have the value "set-cookie" this is before and after this PR:Before:
forwardedProtocolHeaderValue
is an array of strings. This is passed togetWebProtocol
. That function will in this case returnrequestOptions.protocol
, which is the same behavior as ifforwardedProtocolHeaderValue
was undefined or an empty string. (So another option would be to just allow string arrays to be passed togetWebProtocol
. Would you prefer that?)After:
A (hopefully) helpful error is thrown, letting the user know they have most likely misconfigured their setup