Header validation is incorrect

Question

Header validation is incorrect

Opened this issue 4 years ago · 2 comments

Using serve with the following serve.json:

{
  "headers": [
    {
      "source": "index.html",
      "headers": [{
        "key": "Origin-Isolation",
        "value": "?1"
      }]
    }
  ]
}

gives the following:

$ serve
INFO: Discovered configuration in `serve.json`
ERROR: The configuration you provided is wrong:
should match pattern "^[a-zA-Z0-9_!#$%&'*+.;/:, =^`|~-]+$"
{"pattern":"^[a-zA-Z0-9_!#$%&'*+.;/:, =^`|~-]+$"}

I eventually figured out it was complaining about the ? in my header value.

? is a perfectly valid value to find in headers. It is in fact required if you are using structured headers.

Answer 1 · 2021-12-08T17:42:47.000Z

It is also a valid in report-uri directive of CSP headers.

Answer 2 · 2022-02-16T00:56:08.000Z

shameless self-promotion alert:
this feature is fixed in my @warren-bank/serve fork of serve

rather than updating the regex pattern to include missing characters,
the regex pattern to validate string content in header key/value pairs is simply removed.