Comments (5)
@patrickkettner thanks for the reply & the link to the implementation. This behavior is definitely not made clear by the docs, nor are there any examples from which this behavior could be inferred.
As you might have guessed from the naming of my config fields, I was trying to put together a list of domains to use with CORS (Cross-Origin-Resource-Sharing). The unexpected combination of array items was unexpected, and might have introduced a security bug in my project.
Might you consider an update to the docs, to be more clear about how arrays are merged in this scenario, perhaps in the vicinity of here?
from confidence.
hey @dpmott!
That is actually the intended logic. The point is to not have to build repetitive arrays.
from confidence.
hey @dpmott
Terribly sorry for the poor documentation on the matter. I am actually curious as to why you were using the $base value at all, as opposed to $default
. Want to make sure I understand the misunderstanding before I go about trying to properly document it
from confidence.
Well, I'm using both $base and $default.
$base provides the base set of values. $default provides (fields in addition to, and/or overriding existing, fields in $base) values when no other configuration matches the filter criteria.
So, I expected that if I specified a field in $default, it would override the field in $base. That merging behavior doesn't happen for strings or objects - just arrays - which makes it unexpected and perhaps difficult to reason about.
Here's a real-world example:
crossOriginResourceSharing: {
$filter: 'env',
$base: {
origins: {
$value: (process.env.CORS || '').split(/\s*,\s*/),
},
},
$default: {
origins: {
$value: (process.env.CORS || '*').split(/\s*,\s*/),
},
},
dev: {},
stage: {},
prod: {},
},
In this example: dev, stage, and prod configurations should (with CORS environment variable unset) configure crossOriginResourceSharing.origins to have [ '' ], and if the 'env' filter is unset (as it often is on a local dev machine), crossOriginResourceSharing.origins should be configured to have [ '*' ].
However, this code actually results in crossOriginResourceSharing.origins being configured as [ '', '*' ], which is (thankfully) an error for Hapi server, when used in its connection configuration:
{ routes: { cors: { origin: Config.get('/crossOriginResourceSharing/origins') } }, }
(See https://hapijs.com/api#route-options for docs on Hapi server's route options.)
When deployed, CORS would be defined in the environment to yield a valid string array of origins, while developers could run with no environment variable and have things "just work" on their local dev machines.
from confidence.
with #94 merged, guess we can close this issue now
from confidence.
Related Issues (20)
- Publish on npm as @hapipal scoped package
- Replace ALCE file format usage in CLI
- Reorganize documentation for org-wide consistency
- Move from yargs to bossy
- Should we remove $env? HOT 6
- Should we remove Confidence.id.generate() and Confidence.id.criteria()? HOT 8
- How to perform logical operations? HOT 6
- Interest in CLI documentation? HOT 2
- Using 0 as default for coerce number returns undefined HOT 4
- Allow pulling values from criteria into store HOT 5
- New maintainer? HOT 6
- Manifest TLS options never work HOT 1
- Either allow matching "$undefined" or any non-falsy criteria value HOT 1
- Add support for environment variables in filters and values
- Remove module from hapi.js organization HOT 5
- Update hapi core modules to namespaced versions.
- Update deps
- Null values when filtering array items HOT 1
- $coerce array HOT 2
- Drop support for node v10 and below HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from confidence.