allow protection from invalid config values (#19460)

we have had numerous reports on some config values not having default values, causing features misbehaving and not having default values set properly. This PR tries to address all these concerns once and for all. Each new sub-system that gets added - must check for invalid keys - must have default values set - must not "return err" when being saved into a global state() instead collate as part of other subsystem errors allow other sub-systems to independently initialize.
2025-11-07 21:02:58 -05:00 · 2024-04-10 18:10:30 -07:00
parent 9b926f7dbe
commit 0c31e61343
7 changed files with 118 additions and 72 deletions
--- a/internal/config/browser/browser.go
+++ b/internal/config/browser/browser.go
@@ -97,15 +97,30 @@ func (browseCfg *Config) Update(newCfg Config) {

 // LookupConfig - lookup api config and override with valid environment settings if any.
 func LookupConfig(kvs config.KVS) (cfg Config, err error) {
-	cspPolicy := env.Get(EnvBrowserCSPPolicy, kvs.GetWithDefault(browserCSPPolicy, DefaultKVS))
-	hstsSeconds, err := strconv.Atoi(env.Get(EnvBrowserHSTSSeconds, kvs.GetWithDefault(browserHSTSSeconds, DefaultKVS)))
-	if err != nil {
+	cfg = Config{
+		CSPPolicy:             env.Get(EnvBrowserCSPPolicy, kvs.GetWithDefault(browserCSPPolicy, DefaultKVS)),
+		HSTSSeconds:           0,
+		HSTSIncludeSubdomains: true,
+		HSTSPreload:           true,
+		ReferrerPolicy:        "strict-origin-when-cross-origin",
+	}
+
+	if err = config.CheckValidKeys(config.BrowserSubSys, kvs, DefaultKVS); err != nil {
 		return cfg, err
 	}

 	hstsIncludeSubdomains := env.Get(EnvBrowserHSTSIncludeSubdomains, kvs.GetWithDefault(browserHSTSIncludeSubdomains, DefaultKVS)) == config.EnableOn
 	hstsPreload := env.Get(EnvBrowserHSTSPreload, kvs.Get(browserHSTSPreload)) == config.EnableOn

+	hstsSeconds, err := strconv.Atoi(env.Get(EnvBrowserHSTSSeconds, kvs.GetWithDefault(browserHSTSSeconds, DefaultKVS)))
+	if err != nil {
+		return cfg, err
+	}
+
+	cfg.HSTSSeconds = hstsSeconds
+	cfg.HSTSIncludeSubdomains = hstsIncludeSubdomains
+	cfg.HSTSPreload = hstsPreload
+
 	referrerPolicy := env.Get(EnvBrowserReferrerPolicy, kvs.GetWithDefault(browserReferrerPolicy, DefaultKVS))
 	switch referrerPolicy {
 	case "no-referrer", "no-referrer-when-downgrade", "origin", "origin-when-cross-origin", "same-origin", "strict-origin", "strict-origin-when-cross-origin", "unsafe-url":
@@ -114,11 +129,6 @@ func LookupConfig(kvs config.KVS) (cfg Config, err error) {
 		return cfg, fmt.Errorf("invalid value %v for %s", referrerPolicy, browserReferrerPolicy)
 	}

-	cfg.CSPPolicy = cspPolicy
-	cfg.HSTSSeconds = hstsSeconds
-	cfg.HSTSIncludeSubdomains = hstsIncludeSubdomains
-	cfg.HSTSPreload = hstsPreload
-
 	return cfg, nil
 }