Skip to content

Commit

Permalink
Don't panic for invalid payloads
Browse files Browse the repository at this point in the history
Initially I was using the `panic` as a means of debugging however now
this has an adequate test suite and a far bit of production usage, this
can now just render a HTTP 422 instead.
  • Loading branch information
jacobbednarz committed Oct 3, 2017
1 parent 3cdf624 commit ffd1c19
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 3 deletions.
5 changes: 3 additions & 2 deletions csp_collector.go
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,8 @@ func handleViolationReport(w http.ResponseWriter, r *http.Request) {

err := decoder.Decode(&report)
if err != nil {
panic(err)
w.WriteHeader(http.StatusUnprocessableEntity)
return
}
defer r.Body.Close()

Expand Down Expand Up @@ -107,7 +108,7 @@ func validateViolation(r CSPReport) error {

for _, value := range ignoredBlockedURIs {
if strings.HasPrefix(r.Body.BlockedURI, value) == true {
err := fmt.Errorf("Blocked URI ('%s') is an invalid resource.", value)
err := fmt.Errorf("blocked URI ('%s') is an invalid resource", value)
return err
}
}
Expand Down
2 changes: 1 addition & 1 deletion csp_collector_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,7 @@ func TestValidateViolationWithInvalidBlockedURIs(t *testing.T) {
t.Errorf("expected error to be raised but it didn't")
}

if validateErr.Error() != fmt.Sprintf("Blocked URI ('%s') is an invalid resource.", blockedURI) {
if validateErr.Error() != fmt.Sprintf("blocked URI ('%s') is an invalid resource", blockedURI) {
t.Errorf("expected error to include correct message string but it didn't")
}
})
Expand Down

0 comments on commit ffd1c19

Please sign in to comment.