Feature: Support golang initialism / allow well-known headers

[ccoVeille]

Please support Go initialisms

https://go.dev/wiki/CodeReviewComments#initialisms https://pkg.go.dev/github.com/Defacto2/releaser/initialism https://staticcheck.io/docs/configuration/options/#initialisms

Maybe you could use strcase for your tool https://github.com/ettle/strcase/blob/main/initialism.go

[ccoVeille]

I would suggest you to use strcase and add your own Initialisms, based on these table

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers https://en.wikipedia.org/wiki/List_of_HTTP_header_fields

At least to add them in your unit tests

I can see at least

• ETag
• DNT
• X-Request-ID
• X-XSS
• X-DNS-Prefetch-Control
• WWW-Authenticate
• X-Real-IP

[ccoVeille]

I now realize your code relies on net.http.CanonicalHeader …

So my problems is more at golang level maybe, but I don't think they would care about it.

What are your thoughts?

[lasiar]

Hi, @ccoVeille!

Thank you for interest to my linter!

I'm thinking of adding a config, where you can specify allow list.

I think this will be useful for your case.

[ccoVeille]

Great idea, thanks!

Wording is a pain. It's more an expected/reference/whatever list for me than an allow list.

I mean I would expect your tool to suggest me fixing etaG to ETag if I added Etag to the setting.

[lasiar]

My to do list:

• [ ] add const checks (now the linter check only string literal).
• [ ] implement this issue

I think it will be in the 2.0.0 version for backward compatibility.

[ccoVeille]

Noted, thanks for the follow up

[ccoVeille]

Here is a list of registered headers

https://www.iana.org/assignments/http-fields/http-fields.xhtml

It could help you to support some of them, even if it's only about example

[lasiar]

I fix it in version v1 without configuration, for backward compatibility

[ccoVeille]

It's worth trying yes

I identified the following patterns:

URL, URI, ETag, WWW, TE, TTL, -ID (some have entityId)

Maybe strcase lib could help as I said

[lasiar]

I am planning to create a list from:

• https://en.wikipedia.org/wiki/List_of_HTTP_header_fields
• https://www.iana.org/assignments/http-fields/http-fields.xhtml

[ccoVeille]

I could code it if you want, but I need a few days (I'm busy IRL)

[lasiar]

@ccoVeille, no, thanks :)

Today I will close for v1 (just skip, well-known headers)

[lasiar]

Done for v1!

Dependabot golangci-lint should update canonicalheader to 1.0.7 shortly

[ccoVeille]

I'm unsure I don't see the change listed here 🤔

https://github.com/lasiar/canonicalheader/releases/tag/v1.0.7

[ccoVeille]

@lasiar 1.0.7 point to 7da545705e7a345c0a78ed6e04866cc9a7683eed, so a commit that is older than a week, sounds strange

[lasiar]

@ccoVeille, Thanks a lot

Recreate release

[lasiar]

Open Issue, because this changes need push to v2

[ccoVeille]

Oh you deleted and recreated tag. I have always thought that think people who does that are going to hell or at least will face angry people 🤣😂

I mean the CI might be confused, people who already fetched your code will have to delete the old tag locally before being able to fetch again.

[lasiar]

Only Dependabot from golang-ci lint can update and it didn't do that.

This repo is not popular, this has its advantages 😊

[joshuatcasey]

Thanks for updating this - our application (https://pinniped.dev/) uses X-XSS-Protection and X-DNS-Prefetch-Control which are now on the allowlist!

[ccoVeille]

Dependabot just bumped version on golangci-lint

[lasiar]

Yes, I see :-(

[ccoVeille]

Oh you deleted and recreated tag. I have always thought that think people who does that are going to hell or at least will face angry people 🤣😂

I mean the CI might be confused, people who already fetched your code will have to delete the old tag locally before being able to fetch again.

Told you ! 😅