From 0dae36958a686e619dd2780f9346a8cdb51cef56 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=81lvaro=20Jos=C3=A9=20Ag=C3=A1mez=20Licha?=
 <alvaroagamez@outlook.com>
Date: Fri, 23 Aug 2024 18:08:23 +0200
Subject: [PATCH] feat(response): new setting strict status codes

test: test for status in range with strictt status

refactor: default strict status codes to true

feat(status): set strict status codes to false

docs: fix History message
---
 History.md         | 10 ++++++----
 lib/application.js |  1 +
 lib/response.js    |  6 ++++++
 package.json       |  1 +
 test/res.status.js | 17 +++++++++++++++--
 5 files changed, 29 insertions(+), 6 deletions(-)

diff --git a/History.md b/History.md
index d8306a5d5b..8d851be21c 100644
--- a/History.md
+++ b/History.md
@@ -1,11 +1,13 @@
 unreleased
 =========================
-* remove: 
+* remove:
   - `path-is-absolute` dependency - use `path.isAbsolute` instead
 * breaking:
-  * `res.status()` accepts only integers, and input must be greater than 99 and less than 1000
-    * will throw a `RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000.` for inputs outside this range
-    * will throw a `TypeError: Invalid status code: ${code}. Status code must be an integer.` for non integer inputs
+  * By default `res.status()` accepts only integers, and input must be greater than 99 and less than 1000
+    * Will throw a `RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000.` for inputs outside this range.
+    * Will throw a `TypeError: Invalid status code: ${code}. Status code must be an integer.` for non integer inputs.
+  * Added a new default setting `strict status codes`, with a default value of false.
+    * When the variable `strict status codes` is set to true, `res.status()` will throw a `RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 600 in strict status codes.` for inputs outside this range.
   * deps: send@1.0.0
 * change:
   - `res.clearCookie` will ignore user provided `maxAge` and `expires` options
diff --git a/lib/application.js b/lib/application.js
index ecfe2186db..3a41815d2b 100644
--- a/lib/application.js
+++ b/lib/application.js
@@ -99,6 +99,7 @@ app.defaultConfiguration = function defaultConfiguration() {
   this.set('query parser', 'simple')
   this.set('subdomain offset', 2);
   this.set('trust proxy', false);
+  this.set('strict status codes', false);
 
   // trust proxy inherit back-compat
   Object.defineProperty(this.settings, trustProxyDefaultSymbol, {
diff --git a/lib/response.js b/lib/response.js
index 1f1b7e924a..b1ca0120e2 100644
--- a/lib/response.js
+++ b/lib/response.js
@@ -73,6 +73,12 @@ res.status = function status(code) {
   if (!Number.isInteger(code)) {
     throw new TypeError(`Invalid status code: ${JSON.stringify(code)}. Status code must be an integer.`);
   }
+
+  // Check if the status code is outside of strict status codes valid range
+  if (this.app.get('strict status codes') === true && (code < 100 || code > 599)) {
+    throw new RangeError(`Invalid status code: ${JSON.stringify(code)}. Status code must be greater than 99 and less than 600 in strict status codes.`);
+  }
+
   // Check if the status code is outside of Node's valid range
   if (code < 100 || code > 999) {
     throw new RangeError(`Invalid status code: ${JSON.stringify(code)}. Status code must be greater than 99 and less than 1000.`);
diff --git a/package.json b/package.json
index 30c9597269..b4e653fa6c 100644
--- a/package.json
+++ b/package.json
@@ -92,6 +92,7 @@
   "scripts": {
     "lint": "eslint .",
     "test": "mocha --require test/support/env --reporter spec --bail --check-leaks test/ test/acceptance/",
+    "test-watch": "npm run test -- --watch",
     "test-ci": "nyc --reporter=lcovonly --reporter=text npm test",
     "test-cov": "nyc --reporter=html --reporter=text npm test",
     "test-tap": "mocha --require test/support/env --reporter tap --check-leaks test/ test/acceptance/"
diff --git a/test/res.status.js b/test/res.status.js
index 59c8a57e70..e6ab6284bb 100644
--- a/test/res.status.js
+++ b/test/res.status.js
@@ -17,7 +17,7 @@ describe('res', function () {
         .expect(200, done);
     });
 
-    describe('accept valid ranges', function() {
+    describe('accept valid ranges', function () {
       // not testing w/ 100, because that has specific meaning and behavior in Node as Expect: 100-continue
       it('should set the response status code to 101', function (done) {
         var app = express()
@@ -129,6 +129,20 @@ describe('res', function () {
           .expect(500, /Invalid status code/, done);
       });
 
+      it('should raise error for status code above 599', function (done) {
+        var app = express();
+
+        app.set('strict status codes', true);
+
+        app.use(function (req, res) {
+          res.status(600).end();
+        });
+
+        request(app)
+          .get('/')
+          .expect(500, /Status code must be greater than 99 and less than 600./, done);
+      });
+
       it('should raise error for status code above 999', function (done) {
         var app = express();
 
@@ -203,4 +217,3 @@ describe('res', function () {
     });
   });
 });
-