search

mozilla / FirefoxColor

Theming demo for Firefox Quantum and beyond
https://color.firefox.com
Mozilla Public License 2.0
461 stars 95 forks source link

A few results from sonarwhal linter #337

Open pdehaan opened 6 years ago

pdehaan commented 6 years ago

Some random results, some may be bogus and ignored, others may potentially be legit (or already reported via Mozilla Observatory:

$ npm run sonarwhal

> firefoxcolor@1.0.1 sonarwhal /Users/pdehaan/dev/github/mozilla/FirefoxColor
> sonarwhal 'https://color.firefox.com/'

https://color.firefox.com/
                Error    'content-type' header should have 'charset=utf-8'                                             content-type
                Error    'public-key-pins' header is disallowed                                                        no-disallowed-headers
                Error    'x-content-type-options' header is not needed                                                 x-content-type-options
                Error    The target should not be cached, or have a small "max-age" value (180):
public, max-age=3600  http-cache
                Error    Should be served compressed with gzip when gzip compression is requested.                     http-compression
                Error    Should be served compressed with Brotli when Brotli compression is requested over HTTPS.      http-compression
                Error    Response with status code 403 had less than 256 bytes                                         no-friendly-error-pages
line 23  col 5  Warning  The “type” attribute is unnecessary for JavaScript resources.                                 html-checker
✖ Found 7 errors and 1 warning

https://color.firefox.com/index.css
line 18  col 3  Error  'content-type' header should have 'charset=utf-8'                                                                 content-type
line 18  col 3  Error  'public-key-pins' header is disallowed                                                                            no-disallowed-headers
line 18  col 3  Error  'content-security-policy', 'x-frame-options', 'x-xss-protection' headers are not needed                           no-html-only-headers
line 18  col 3  Error  Resource https://color.firefox.com/index.css requested without the "integrity" attribute                          sri
line 18  col 3  Error  Static resources should have a long cache value (31536000) and use the immutable directive:
public, max-age=3600  http-cache
line 18  col 3  Error  Should be served compressed with gzip when gzip compression is requested.                                         http-compression
line 18  col 3  Error  Should be served compressed with Brotli when Brotli compression is requested over HTTPS.                          http-compression
✖ Found 7 errors and 0 warnings

https://color.firefox.com/vendor/json-url.js
line 21  col 5  Error  'content-type' header should have media type 'text/javascript' (not 'application/javascript')                     content-type
line 21  col 5  Error  'public-key-pins' header is disallowed                                                                            no-disallowed-headers
line 21  col 5  Error  'content-security-policy', 'x-frame-options', 'x-xss-protection' headers are not needed                           no-html-only-headers
line 21  col 5  Error  Resource https://color.firefox.com/vendor/json-url.js requested without the "integrity" attribute                 sri
line 21  col 5  Error  Static resources should have a long cache value (31536000) and use the immutable directive:
public, max-age=3600  http-cache
line 21  col 5  Error  'content-type' header should have 'charset=utf-8'                                                                 content-type
line 21  col 5  Error  Should be served compressed with gzip when gzip compression is requested.                                         http-compression
line 21  col 5  Error  Should be served compressed with Brotli when Brotli compression is requested over HTTPS.                          http-compression
✖ Found 8 errors and 0 warnings

https://color.firefox.com/index.js
line 22  col 3  Error  'content-type' header should have media type 'text/javascript' (not 'application/javascript')                     content-type
line 22  col 3  Error  'public-key-pins' header is disallowed                                                                            no-disallowed-headers
line 22  col 3  Error  'content-security-policy', 'x-frame-options', 'x-xss-protection' headers are not needed                           no-html-only-headers
line 22  col 3  Error  Resource https://color.firefox.com/index.js requested without the "integrity" attribute                           sri
line 22  col 3  Error  Static resources should have a long cache value (31536000) and use the immutable directive:
public, max-age=3600  http-cache
line 22  col 3  Error  'content-type' header should have 'charset=utf-8'                                                                 content-type
line 22  col 3  Error  Should be served compressed with gzip when gzip compression is requested.                                         http-compression
line 22  col 3  Error  Should be served compressed with Brotli when Brotli compression is requested over HTTPS.                          http-compression
✖ Found 8 errors and 0 warnings

https://color.firefox.com/images/icon.svg
line 17  col 5  Error  'content-type' header should have 'charset=utf-8'                                                                 content-type
line 17  col 5  Error  'public-key-pins' header is disallowed                                                                            no-disallowed-headers
line 17  col 5  Error  'content-security-policy', 'x-frame-options', 'x-xss-protection' headers are not needed                           no-html-only-headers
line 17  col 5  Error  'x-content-type-options' header is not needed                                                                     x-content-type-options
line 17  col 5  Error  Static resources should have a long cache value (31536000) and use the immutable directive:
public, max-age=3600  http-cache
line 17  col 5  Error  Should be served compressed with gzip when gzip compression is requested.                                         http-compression
line 17  col 5  Error  Should be served compressed with Brotli when Brotli compression is requested over HTTPS.                          http-compression
✖ Found 7 errors and 0 warnings

✖ Found a total of 37 errors and 1 warning

here's my .sonarwhalrc config file:

$ cat .sonarwhalrc

{
  "extends": [
    "web-recommended"
  ],
  "formatters": "stylish",
  "rules": {
  }
}

and my package.json diff:

$ git diff package.json

diff --git a/package.json b/package.json
index c91c541..18d4c77 100644
--- a/package.json
+++ b/package.json
@@ -48,6 +48,7 @@
     "validate:themes": "node ./bin/validate-themes.js",
     "test": "npm-run-all --parallel test:*",
     "test:js": "mocha --require src/lib/test-setup.js --recursive \"src/**/*-test.js\"",
+    "sonarwhal": "sonarwhal 'https://color.firefox.com/'",
     "deploy": "gh-pages -x -d build/web -r \"https://$GH_TOKEN@github.com/mozilla/FirefoxColor.git\"",
     "release:base": "npm-run-all clean build:web sign && mv addon.xpi build/web && npm run deploy",
     "release:dev": "cross-env ADDON_URL='https://mozilla.github.io/FirefoxColor/addon.xpi' SITE_URL='https://mozilla.github.io/FirefoxColor/' SITE_ID=github npm run release:base"
@@ -64,6 +65,8 @@
     ]
   },
   "devDependencies": {
+    "@sonarwhal/configuration-web-recommended": "6.0.0",
+    "@sonarwhal/formatter-stylish": "2.0.3",
     "addons-linter": "^1.1.0",
     "babel-core": "^6.26.0",
     "babel-loader": "^7.1.2",
@@ -96,6 +99,7 @@
     "rimraf": "^2.6.2",
     "sass-loader": "^7.0.1",
     "sinon": "^5.0.7",
+    "sonarwhal": "1.10.0",
     "style-loader": "^0.21.0",
     "stylelint": "^9.1.1",
     "stylelint-config-standard": "^18.1.0",
jbuck commented 6 years ago

I've enabled gzip on cloudfront, so that error should go away atleast