Fix several issues from PR #16257: Poperly hide audit until docs are …

…published, some text phrasings and the smoke test assertions.
GoogleChrome · Nov 22, 2024 · 46c9aa1 · 46c9aa1
1 parent ae699f6
commit 46c9aa1
Show file tree

Hide file tree

Showing 8 changed files with 32 additions and 39 deletions.
diff --git a/cli/test/smokehouse/test-definitions/hsts-missing-directives.js b/cli/test/smokehouse/test-definitions/hsts-missing-directives.js
@@ -15,6 +15,20 @@ const expectations = {
     audits: {
       'has-hsts': {
         score: 1,
+        details: {
+          items: [
+            {
+              directive: 'includeSubDomains',
+              description: 'No includeSubDomains directive found',
+              severity: 'Medium',
+            },
+            {
+              directive: 'preload',
+              description: 'No preload directive found',
+              severity: 'Medium',
+            }
+          ]
+        }
       },
     },
   },

diff --git a/core/audits/has-hsts.js b/core/audits/has-hsts.js
@@ -25,7 +25,7 @@ const UIStrings = {
   /** Summary text for the results of a Lighthouse audit that evaluates the HSTS header. This is displayed if the max-age directive is missing. "HSTS" stands for "HTTP Strict Transport Security". */
   noMaxAge: 'No max-age directive',
   /** Summary text for the results of a Lighthouse audit that evaluates the HSTS header. This is displayed if the provided duration for the max-age directive is too low. "HSTS" stands for "HTTP Strict Transport Security". */
-  lowMaxAge: 'Max-age too low',
+  lowMaxAge: 'max-age is too low',
   /** Table item value calling out the presence of a syntax error. */
   invalidSyntax: 'Invalid syntax',
   /** Label for a column in a data table; entries will be a directive of the HSTS header. "HSTS" stands for "HTTP Strict Transport Security". */
@@ -149,11 +149,8 @@ class HasHsts extends Audit {
       }
 
       // If there is a directive that's not an official HSTS directive.
-      if (!allowedDirectives.includes(actualDirective)) {
-        // max-age=<number> would always trigger.
-        if (actualDirective.includes('max-age')) {
-          continue;
-        }
+      if (!allowedDirectives.includes(actualDirective) &&
+          !actualDirective.includes('max-age')) {
         syntax.push({
           severity: str_(i18n.UIStrings.itemSeverityLow),
           description: str_(UIStrings.invalidSyntax),
@@ -176,7 +173,7 @@ class HasHsts extends Audit {
               f.directive, f.description,
               str_(i18n.UIStrings.itemSeverityLow))),
     ];
-    return {score: violations.length || syntax.length > 1 ? 0 : 1, results};
+    return {score: violations.length || syntax.length ? 0 : 1, results};
   }
 
   /**

diff --git a/core/config/default-config.js b/core/config/default-config.js
@@ -542,7 +542,7 @@ const defaultConfig = {
         {id: 'geolocation-on-start', weight: 1, group: 'best-practices-trust-safety'},
         {id: 'notification-on-start', weight: 1, group: 'best-practices-trust-safety'},
         {id: 'csp-xss', weight: 0, group: 'best-practices-trust-safety'},
-        {id: 'has-hsts', weight: 0},
+        {id: 'has-hsts', weight: 0, group: 'hidden'},
         // User Experience
         {id: 'paste-preventing-inputs', weight: 3, group: 'best-practices-ux'},
         {id: 'image-aspect-ratio', weight: 1, group: 'best-practices-ux'},

diff --git a/core/test/audits/has-hsts-test.js b/core/test/audits/has-hsts-test.js
@@ -57,18 +57,11 @@ it('max-age missing, but other directives present', async () => {
 
   const results = await HasHsts.audit(artifacts, {computedCache: new Map()});
   expect(results.notApplicable).toBeFalsy();
+  expect(results.details.items[0].severity).toBeDisplayString('High');
+  expect(results.details.items[0].description)
+      .toBeDisplayString('No max-age directive');
   expect(results.details.items).toMatchObject([
     {
-      severity: {
-        i18nId: 'core/lib/i18n/i18n.js | itemSeverityHigh',
-        values: undefined,
-        formattedDefault: 'High',
-      },
-      description: {
-        i18nId: 'core/audits/has-hsts.js | noMaxAge',
-        values: undefined,
-        formattedDefault: 'No max-age directive',
-      },
       directive: 'max-age',
     },
   ]);
@@ -98,18 +91,11 @@ it('max-age too low, but other directives present', async () => {
 
   const results = await HasHsts.audit(artifacts, {computedCache: new Map()});
   expect(results.notApplicable).toBeFalsy();
+  expect(results.details.items[0].severity).toBeDisplayString('High');
+  expect(results.details.items[0].description)
+      .toBeDisplayString('max-age is too low');
   expect(results.details.items).toMatchObject([
     {
-      severity: {
-        i18nId: 'core/lib/i18n/i18n.js | itemSeverityHigh',
-        values: undefined,
-        formattedDefault: 'High',
-      },
-      description: {
-        i18nId: 'core/audits/has-hsts.js | lowMaxAge',
-        values: undefined,
-        formattedDefault: 'Max-age too low',
-      },
       directive: 'max-age',
     },
   ]);
@@ -391,7 +377,7 @@ describe('constructResults', () => {
   it('constructs result based on misconfigured HSTS header', () => {
     const {score, results} = HasHsts.constructResults(
         ['max-age=31536000', 'foo-directive', 'includesubdomains', 'preload']);
-    expect(score).toEqual(1);
+    expect(score).toEqual(0);
     expect(results[0].severity).toBeDisplayString('Low');
     expect(results[0].description).toBeDisplayString('Invalid syntax');
     expect(results).toMatchObject([

diff --git a/core/test/fixtures/user-flows/reports/sample-flow-result.json b/core/test/fixtures/user-flows/reports/sample-flow-result.json
@@ -4623,8 +4623,7 @@
               },
               {
                 "id": "has-hsts",
-                "weight": 0,
-                "group": "best-practices-trust-safety"
+                "weight": 0
               },
               {
                 "id": "paste-preventing-inputs",
@@ -10907,8 +10906,7 @@
               },
               {
                 "id": "has-hsts",
-                "weight": 0,
-                "group": "best-practices-trust-safety"
+                "weight": 0
               },
               {
                 "id": "image-aspect-ratio",
@@ -22596,8 +22594,7 @@
               },
               {
                 "id": "has-hsts",
-                "weight": 0,
-                "group": "best-practices-trust-safety"
+                "weight": 0
               },
               {
                 "id": "paste-preventing-inputs",

diff --git a/core/test/results/sample_v2.json b/core/test/results/sample_v2.json
@@ -6753,8 +6753,7 @@
         },
         {
           "id": "has-hsts",
-          "weight": 0,
-          "group": "best-practices-trust-safety"
+          "weight": 0
         },
         {
           "id": "paste-preventing-inputs",

diff --git a/shared/localization/locales/en-US.json b/shared/localization/locales/en-US.json
diff --git a/shared/localization/locales/en-XL.json b/shared/localization/locales/en-XL.json