Refactor to address code review comments

Author: rexxars

cors/cors-safelisted-request-header.any.js

@@ -77,4 +77,4 @@ function safelist(headers, expectPreflight = false) {
   ["012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678", true],
 ].forEach(([value, preflight = false]) => {
   safelist({"last-event-id": value}, preflight);
-});
+});

eventsource/eventsource-cross-origin-preflight.window.js

@@ -1,33 +1,35 @@
 // META: title=EventSource: cross-origin preflight
 // META: script=/common/utils.js
 
-const crossdomain = location.href.replace('://', '://élève.').replace(/\/[^\/]*$/, '/')
-const origin = location.origin.replace('://', '://xn--lve-6lad.')
+const crossdomain = location.href.replace('://', '://élève.').replace(/\/[^\/]*$/, '/');
+const origin = location.origin.replace('://', '://xn--lve-6lad.');
 
-;[
+[
   ['safe `last-event-id` (no preflight)', 'safe'],
   ['unsafe `last-event-id` (too long)', 'long'],
   ['unsafe `last-event-id` (unsafe characters)', 'unsafe']
 ].forEach(([name, fixture]) => {
-  async_test(document.title + ' - ' + name).step(function() {
-    const uuid = token()
-    const url = crossdomain + 'resources/cors-unsafe-last-event-id.py?fixture=' + fixture + '&token=' + uuid
+  async_test(document.title + ' - ' + name).step(function () {
+    const uuid = token();
+    const url = crossdomain + 'resources/cors-unsafe-last-event-id.py?fixture=' + fixture + '&token=' + uuid;
 
-    const source = new EventSource(url)
+    const source = new EventSource(url);
 
     // Make sure to close the EventSource after the test is done.
-    this.add_cleanup(() => source.close())
+    this.add_cleanup(() => source.close());
 
     // 1. Event will be a `message` with `id` set to a CORS-safe value, then disconnects.
-    source.addEventListener('message', this.step_func(e => assert_equals(e.data, fixture)))
+    source.addEventListener(
+      'message',
+      this.step_func((evt) => assert_equals(evt.data, fixture)),
+    );
 
     // 2. Will emit either `success` or `failure` event. We expect `success`,
     //    which is the case if `last-event-id` is set to the same value as received above,
     //    and a preflight request has been sent for the unsafe `last-event-id` headers.
-    source.addEventListener('success', this.step_func_done())
-    source.addEventListener('failure', (evt) => {
-      this.step(() => assert_unreached(evt.data))
-      this.done()
-    })
-  })
-})
+    source.addEventListener('success', this.step_func_done());
+    source.addEventListener('failure', this.step_func_done((evt) => {
+      assert_unreached(evt.data);
+    }));
+  });
+});

eventsource/resources/cors-unsafe-last-event-id.py

@@ -10,87 +10,87 @@
 unsafe_id_value = b"e5p3n<3k0k0s"
 
 def main(request, response):
-  origin = request.headers.get(b"Origin")
-  cors_request_headers = request.headers.get(b"Access-Control-Request-Headers")
-
-  # Allow any CORS origin
-  if origin is not None:
-    response.headers.set(b"Access-Control-Allow-Origin", origin)
-
-  # Allow any CORS request headers
-  if cors_request_headers is not None:
-    response.headers.set(b"Access-Control-Allow-Headers", cors_request_headers)
-
-  # Expect a `token` in the query string
-  if b"token" not in request.GET:
-    headers = [(b"Content-Type", b"text/plain")]
-    return 400, headers, b"ERROR: `token` query parameter!"
-
-  # Expect a `fixture` in the query string
-  if b"fixture" not in request.GET:
-    headers = [(b"Content-Type", b"text/plain")]
-    return 400, headers, b"ERROR: `fixture` query parameter!"
-
-  # Prepare state
-  fixture = request.GET.first(b"fixture")
-  token = request.GET.first(b"token")
-  last_event_id = request.headers.get(b"Last-Event-ID", b"")
-  expect_preflight = fixture == b"unsafe" or fixture == b"long"
-
-  # Preflight handling
-  if request.method == u"OPTIONS":
-    # The first request (without any `Last-Event-ID` header) should _never_ be a
-    # preflight request, since it should be considered a "safe" request.
-    # If we _do_ send a preflight for these requests, error early.
+    origin = request.headers.get(b"Origin")
+    cors_request_headers = request.headers.get(b"Access-Control-Request-Headers")
+
+    # Allow any CORS origin
+    if origin is not None:
+        response.headers.set(b"Access-Control-Allow-Origin", origin)
+
+    # Allow any CORS request headers
+    if cors_request_headers is not None:
+        response.headers.set(b"Access-Control-Allow-Headers", cors_request_headers)
+
+    # Expect a `token` in the query string
+    if b"token" not in request.GET:
+        headers = [(b"Content-Type", b"text/plain")]
+        return 400, headers, b"ERROR: `token` query parameter!"
+
+    # Expect a `fixture` in the query string
+    if b"fixture" not in request.GET:
+        headers = [(b"Content-Type", b"text/plain")]
+        return 400, headers, b"ERROR: `fixture` query parameter!"
+
+    # Prepare state
+    fixture = request.GET.first(b"fixture")
+    token = request.GET.first(b"token")
+    last_event_id = request.headers.get(b"Last-Event-ID", b"")
+    expect_preflight = fixture == b"unsafe" or fixture == b"long"
+
+    # Preflight handling
+    if request.method == u"OPTIONS":
+        # The first request (without any `Last-Event-ID` header) should _never_ be a
+        # preflight request, since it should be considered a "safe" request.
+        # If we _do_ send a preflight for these requests, error early.
+        if last_event_id == b"":
+            headers = [(b"Content-Type", b"text/plain")]
+            return 400, headers, b"ERROR: No Last-Event-ID header in preflight!"
+
+        # We keep track of the different "tokens" we see, in order to tell whether or not
+        # a client has done a preflight request. If the "stash" does not contain a token,
+        # no preflight request was made.
+        request.server.stash.put(token, cors_request_headers)
+
+        # We can return with an empty body on preflight requests
+        return b""
+
+    # This will be a SSE endpoint
+    response.headers.set(b"Content-Type", b"text/event-stream")
+    response.headers.set(b"Cache-Control", b"no-store")
+
+    # If we do not have a `Last-Event-ID` header, we're on the initial request
+    # Respond with the fixture corresponding to the `fixture` query parameter
     if last_event_id == b"":
-      headers = [(b"Content-Type", b"text/plain")]
-      return 400, headers, b"ERROR: No Last-Event-ID header in preflight!"
-
-    # We keep track of the different "tokens" we see, in order to tell whether or not
-    # a client has done a preflight request. If the "stash" does not contain a token,
-    # no preflight request was made.
-    request.server.stash.put(token, cors_request_headers)
-
-    # We can return with an empty body on preflight requests
-    return b""
-
-  # This will be a SSE endpoint
-  response.headers.set(b"Content-Type", b"text/event-stream")
-  response.headers.set(b"Cache-Control", b"no-store")
-
-  # If we do not have a `Last-Event-ID` header, we're on the initial request
-  # Respond with the fixture corresponding to the `fixture` query parameter
-  if last_event_id == b"":
+        if fixture == b"safe":
+            return b"id: " + safe_id_value + b"\nretry: 200\ndata: safe\n\n"
+        if fixture == b"unsafe":
+            return b"id: " + unsafe_id_value + b"\nretry: 200\ndata: unsafe\n\n"
+        if fixture == b"long":
+            return b"id: " + long_string + b"\nretry: 200\ndata: long\n\n"
+        return b"event: failure\ndata: unknown fixture\n\n"
+
+    # If we have a `Last-Event-ID` header, we're on a reconnect.
+    # If fixture is "unsafe", eg requires a preflight, check to see that we got one.
+    preflight_headers = request.server.stash.take(token)
+    saw_preflight = preflight_headers is not None
+    if saw_preflight and not expect_preflight:
+        return b"event: failure\ndata: saw preflight, did not expect one\n\n"
+    elif not saw_preflight and expect_preflight:
+        return b"event: failure\ndata: expected preflight, did not get one\n\n"
+
+    if saw_preflight and preflight_headers.lower() != b"last-event-id":
+        data = b"preflight `access-control-request-headers` was not `last-event-id`"
+        return b"event: failure\ndata: " + data + b"\n\n"
+
+    # Expect to have the same ID in the header as the one we sent.
+    expected = b"<unknown>"
     if fixture == b"safe":
-      return b"id: " + safe_id_value + b"\nretry: 200\ndata: safe\n\n"
-    if fixture == b"unsafe":
-      return b"id: " + unsafe_id_value + b"\nretry: 200\ndata: unsafe\n\n"
-    if fixture == b"long":
-      return b"id: " + long_string + b"\nretry: 200\ndata: long\n\n"
-    return b"event: failure\ndata: unknown fixture\n\n"
-
-  # If we have a `Last-Event-ID` header, we're on a reconnect.
-  # If fixture is "unsafe", eg requires a preflight, check to see that we got one.
-  preflight_headers = request.server.stash.take(token)
-  saw_preflight = preflight_headers is not None
-  if saw_preflight and not expect_preflight:
-    return b"event: failure\ndata: saw preflight, did not expect one\n\n"
-  elif not saw_preflight and expect_preflight:
-    return b"event: failure\ndata: expected preflight, did not get one\n\n"
-
-  if saw_preflight and preflight_headers.lower() != b"last-event-id":
-    data = b"preflight `access-control-request-headers` was not `last-event-id`"
-    return b"event: failure\ndata: " + data + b"\n\n"
-
-  # Expect to have the same ID in the header as the one we sent.
-  expected = b"<unknown>"
-  if fixture == b"safe":
-    expected = safe_id_value
-  elif fixture == b"unsafe":
-    expected = unsafe_id_value
-  elif fixture == b"long":
-    expected = long_string
-
-  event = last_event_id == expected and b"success" or b"failure"
-  data = b"got " + last_event_id + b", expected " + expected
-  return b"event: " + event + b"\ndata: " + data + b"\n\n"
+        expected = safe_id_value
+    elif fixture == b"unsafe":
+        expected = unsafe_id_value
+    elif fixture == b"long":
+        expected = long_string
+
+    event = last_event_id == expected and b"success" or b"failure"
+    data = b"got " + last_event_id + b", expected " + expected
+    return b"event: " + event + b"\ndata: " + data + b"\n\n"