feat(response): new setting strict status codes

test: test for status in range with strictt status refactor: default strict status codes to true feat(status): set strict status codes to false docs: fix History message
expressjs · Aug 31, 2024 · 0dae369 · 0dae369
1 parent 0983158
commit 0dae369
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 6 deletions.
diff --git a/History.md b/History.md
@@ -1,11 +1,13 @@
 unreleased
 =========================
-* remove: 
+* remove:
   - `path-is-absolute` dependency - use `path.isAbsolute` instead
 * breaking:
-  * `res.status()` accepts only integers, and input must be greater than 99 and less than 1000
-    * will throw a `RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000.` for inputs outside this range
-    * will throw a `TypeError: Invalid status code: ${code}. Status code must be an integer.` for non integer inputs
+  * By default `res.status()` accepts only integers, and input must be greater than 99 and less than 1000
+    * Will throw a `RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000.` for inputs outside this range.
+    * Will throw a `TypeError: Invalid status code: ${code}. Status code must be an integer.` for non integer inputs.
+  * Added a new default setting `strict status codes`, with a default value of false.
+    * When the variable `strict status codes` is set to true, `res.status()` will throw a `RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 600 in strict status codes.` for inputs outside this range.
   * deps: [email protected]
 * change:
   - `res.clearCookie` will ignore user provided `maxAge` and `expires` options

diff --git a/lib/application.js b/lib/application.js
@@ -99,6 +99,7 @@ app.defaultConfiguration = function defaultConfiguration() {
   this.set('query parser', 'simple')
   this.set('subdomain offset', 2);
   this.set('trust proxy', false);
+  this.set('strict status codes', false);
 
   // trust proxy inherit back-compat
   Object.defineProperty(this.settings, trustProxyDefaultSymbol, {

diff --git a/lib/response.js b/lib/response.js
@@ -73,6 +73,12 @@ res.status = function status(code) {
   if (!Number.isInteger(code)) {
     throw new TypeError(`Invalid status code: ${JSON.stringify(code)}. Status code must be an integer.`);
   }
+
+  // Check if the status code is outside of strict status codes valid range
+  if (this.app.get('strict status codes') === true && (code < 100 || code > 599)) {
+    throw new RangeError(`Invalid status code: ${JSON.stringify(code)}. Status code must be greater than 99 and less than 600 in strict status codes.`);
+  }
+
   // Check if the status code is outside of Node's valid range
   if (code < 100 || code > 999) {
     throw new RangeError(`Invalid status code: ${JSON.stringify(code)}. Status code must be greater than 99 and less than 1000.`);

diff --git a/package.json b/package.json
@@ -92,6 +92,7 @@
   "scripts": {
     "lint": "eslint .",
     "test": "mocha --require test/support/env --reporter spec --bail --check-leaks test/ test/acceptance/",
+    "test-watch": "npm run test -- --watch",
     "test-ci": "nyc --reporter=lcovonly --reporter=text npm test",
     "test-cov": "nyc --reporter=html --reporter=text npm test",
     "test-tap": "mocha --require test/support/env --reporter tap --check-leaks test/ test/acceptance/"

diff --git a/test/res.status.js b/test/res.status.js
@@ -17,7 +17,7 @@ describe('res', function () {
         .expect(200, done);
     });
 
-    describe('accept valid ranges', function() {
+    describe('accept valid ranges', function () {
       // not testing w/ 100, because that has specific meaning and behavior in Node as Expect: 100-continue
       it('should set the response status code to 101', function (done) {
         var app = express()
@@ -129,6 +129,20 @@ describe('res', function () {
           .expect(500, /Invalid status code/, done);
       });
 
+      it('should raise error for status code above 599', function (done) {
+        var app = express();
+
+        app.set('strict status codes', true);
+
+        app.use(function (req, res) {
+          res.status(600).end();
+        });
+
+        request(app)
+          .get('/')
+          .expect(500, /Status code must be greater than 99 and less than 600./, done);
+      });
+
       it('should raise error for status code above 999', function (done) {
         var app = express();
 
@@ -203,4 +217,3 @@ describe('res', function () {
     });
   });
 });
-