expressjs / express

Fast, unopinionated, minimalist web framework for node.

Home Page:https://expressjs.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Property `maxAge` shouldn't brutally crash on runtime when set to a very large number

SRachamim opened this issue · comments

commented

When invoking res.cookie with Number.MAX_SAFE_INTEGER, it crashes on runtime with the following error:

TypeError: option expires is invalid
    at Object.serialize (/client/node_modules/express/node_modules/cookie/index.js:161:13)
    at ServerResponse.res.cookie (/client/node_modules/express/lib/response.js:884:36)

If an error is thrown, A runtime validation should be performed on the API (which is the maxAge property). The option expires is an implementation detail.

Ideally, IMHO, an error should not be thrown (runtime errors are never acceptable). A sane default should be used as a fallback and a warning should be logged. The documentation should emphasise that maxAge expects a natural with a maximum limit.

Hello, and sorry to hear that. Throwing on invalid method / function arguments is the standard API in Node.js . You will find usage of any Node.js core API to do the same. We keep our API styles consistent with core.

You can test this with res.setHeader('\n'), which will throw and is not an Express.js API, but rather part of Node.js: https://nodejs.org/dist/latest-v18.x/docs/api/http.html#responsesetheadername-value

The documentation should emphasise that maxAge expects a natural with a maximum limit.

Additionally, I am sorry the documentation has failed you. Our documentation is largely community-contributed and I would encourage you to help improve the docs with the wording you are looking for.

Sorry, I got caught up in what seemed the main point: it should not throw. This is not something that will be changed for the above reason (unless Node.js starts changing their own APIs to no longer throw on argument validation). But there is a valid subpoint to your issue: the error message is wrong and should be regarding maxAge, not expires.