The latest articles on DEV Community by Valentino Gagliardi (@valentinogagliardi). https://dev.to/valentinogagliardi https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F21714%2F6bc6c5cc-b120-4ec2-aedf-b62ca8fb6311.jpg https://dev.to/valentinogagliardi en Valentino Gagliardi Tue, 29 Sep 2020 10:11:39 +0000 https://dev.to/valentinogagliardi/understanding-oauth-2-with-pkce-in-single-page-applications-2020-411d https://dev.to/valentinogagliardi/understanding-oauth-2-with-pkce-in-single-page-applications-2020-411d <p><strong>Token-based authentication on the web</strong> is one of those things you know exists, but sometimes you're too scared to implement in your projects.</p> <p><strong>Authentication for SPA</strong> (single page applications) is even more <strong>scary</strong>, but willing or not you should know a bit of theory to work proficiently with any SDK when the time comes.</p> <p>In this post I hope to clarify for you the current recommended <strong>OAuth 2 flow</strong> for single-page applications: <strong>authorization code grant with PKCE</strong>.</p> <h2> Who should read this post </h2> <p>Frontend developers who already worked with OAuth 2 in the past, and want to learn more about what's behind <strong>authorization code grant with PKCE</strong>. </p> <p>Requirements: you know that OAuth 2 is a security protocol for authorization delegation, and you know what an OAuth application is.</p> <p>If you need a refresh on the basics instead, check out <a href="https://www.oauth.com/">OAuth 2.0 Simplified by Aaron Parecki</a>.</p> <h2> A word of warning </h2> <p><strong>Security on the web is a minefield</strong>. First of all, <strong>do not use my examples for production code</strong>. They serve <strong>just as a pointer for helping you understand OAuth 2. I'm not suggesting you write your own OAuth client</strong>. Also:</p> <ul> <li>Don't roll out your own crypto.</li> <li>Don't roll out your own authorization servers by hand. Use solid libraries instead.</li> <li>Don't use <a href="https://www.rdegges.com/2018/please-stop-using-local-storage/">localStorage</a> for saving authorization codes, or worst, tokens.</li> </ul> <p>Enjoy!</p> <h2> Terminology </h2> <p>Albeit boring, to start off we need to outline <strong>OAuth 2.0 terminology</strong>.</p> <ul> <li> <strong>Resource owner</strong>: (simply <strong>user</strong> from now on) the user who owns permissions on a third-party service. <strong>Example</strong>: any user who has an account on Github, or Twitter, or on a generic service exposing an API.</li> <li> <strong>Authorization server</strong>: also called <strong>AS</strong>, is the service which grants access to a <strong>client</strong> on a resource server <strong>on behalf of the user</strong>.</li> <li> <strong>Resource server</strong>: the <strong>third-party service</strong> that the user want to delegate access on. <strong>Example</strong>: Github, Twitter, Google Drive, or any protected API. Sometimes the resource server and the <strong>authorization server</strong> run on the same server.</li> <li> <strong>Client</strong>: a single-page application or some leaner JS frontend which needs access to the resource server. <strong>Example</strong>: a single-page app to display your Github repos.</li> <li> <strong>Scope</strong>: it answers the question "<strong>what the client can access on the resource server</strong>"?</li> </ul> <p>For simplicity, in the following example <strong>we condense resource server and authorization server in a single place</strong>.</p> <p>Let these terms <strong>sink in</strong>, and once confident head over the next section.</p> <h2> The flow </h2> <p>We are developing a <strong>single-page application</strong> that eventually will be distributed, but for now should only <strong>access a resource on a third-party service</strong> on which we have an account.</p> <p>Here are the steps we need to take to abide to the <strong>OAuth 2.0 flow</strong> for single-page applications:</p> <p>0: <strong>User</strong> registers and logins on the third-party service, creates a new OAuth application. <strong>Users</strong> obtains <code>client_id</code>.<br> 1: <strong>User</strong> visits the <strong>client</strong>, and clicks a link which <strong>takes</strong> it to the <strong>authorization server</strong>.<br> 2: The <strong>authorization server</strong> asks the <strong>user</strong> which permissions (<strong>scope</strong>) should delegate to the <strong>client</strong>.<br> 3: Once the <strong>user</strong> accepts, the <strong>authorization server</strong> redirects the <strong>user</strong> back to the <strong>client</strong>, with an authorized code attached in the URL.<br> 4: <strong>Client</strong> uses the authorization code to request an <strong>access token</strong> from the authorization server.<br> 5: <strong>Client</strong> sends back the token on each subsequent request to a protected resource on the resource server, until the access token expires.<br> 6: Eventually, <strong>client</strong> uses a refresh token to request a new access token.</p> <p>Not covered in this post: scopes, the logout phase, handling of the refresh token.</p> <p>Let's now see the flow in more detail.</p> <h3> 0: User registers and logins to the service </h3> <p>As a prerequisite for the OAuth2.0 flow, the <strong>user</strong> has to have a <strong>registered account</strong> on the authorization server. She must also create an <strong>OAuth application</strong> on the authorization server.</p> <p>Suppose <strong>users</strong> want to <strong>delegate</strong> access to Github to a single-page application she's building. She first registers with Github, maybe she creates a couple of repos, and then she creates a new <strong>OAuth application</strong> in Settings -&gt; Developer settings -&gt; OAuth apps.</p> <p>If the user/developer controls also an API, say a Django REST API, with a package like <a href="https://github.com/jazzband/django-oauth-toolkit">django-auth-toolkit</a> she can configure an OAuth 2.0 provider in a few minutes. Here's for example the admin interface for adding a new OAuth application in Django:</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--udElTxt2--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/0l8vp1ootvzmeqc2hffr.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--udElTxt2--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/0l8vp1ootvzmeqc2hffr.png" alt="django-auth-toolkit add application" width="880" height="575"></a></p> <p>In this phase she also provides one or more <code>redirect_uri</code>, where the authorization server will redirect the user. Once done, the service gives back a <code>client_id</code> code, and optionally a <code>client_secret</code>.</p> <p>Single-page applications can't safely store a <code>client_secret</code>, so they rely only on <code>client_id</code> and <strong>PKCE</strong> (more on this later).</p> <p><strong>Next step</strong>: user visits the client, and clicks a link which takes it to the authorization server.</p> <h3> 1: User -&gt; Client -&gt; Authorization server </h3> <p>This is the one most important part of the flow.</p> <p>In this part of the flow, the <strong>user</strong> visits the <strong>client</strong>, normally a webpage or a single-page application. There she finds a link to follow, which takes her to the <strong>authorization server</strong>.</p> <p>Alongside with the request, the <strong>client</strong> should pass a bunch of <strong>query parameters</strong> in the URL. Those are at least:</p> <ul> <li> <code>client_id</code>: the id obtained during the OAuth application registration.</li> <li> <code>response_type</code>: the grant type. In our case it's <strong>authorization code grant type</strong> so we use <code>response_type=code</code>.</li> <li> <code>state</code>: a random string used for CSRF protection.</li> <li> <code>code_challenge</code>: part of PKCE, <strong>Proof Key for Code Exchange</strong>. More on this later.</li> <li> <code>code_challenge_method</code>: part of PKCE, the hashing algorithm.</li> <li><code>redirect_uri</code></li> </ul> <p>We could also use a <code>scope</code> parameter to narrow down the permissions for the client, not used in this example.</p> <p>Now assuming:</p> <ul> <li> <code>https://client.example/</code> is the client</li> <li> <code>https://client.example/auth</code> is the client redirect URI</li> <li> <code>https://auth.example/oauth/authorize</code> is the authorization server</li> </ul> <p>The developer can craft the following link in the page:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>https://auth.example/oauth/authorize ?client_id=ERPn7zeLvPCnZ1OtF7jxlTiZz0uQjpiWQEdeAUva &amp;response_type=code &amp;state=nMdR7oTxgXYr0INLytRi9XH7InnbrNbg &amp;code_challenge=M5oPBP6RmJPh5QsGtx6ptVH7S2yjqt8sum96jBCyhZg &amp;code_challenge_method=S256 &amp;redirect_uri=https://client.example/auth </code></pre> </div> <p>(Note: the client id here has nothing to do with the previous image).</p> <p><code>state</code> is a random string, you can generate it with any JavaScript library:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="nx">randomstring</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">randomstring</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">state</span> <span class="o">=</span> <span class="nx">randomstring</span><span class="p">.</span><span class="nx">generate</span><span class="p">();</span> </code></pre> </div> <p>For Node.js there is <a href="https://www.npmjs.com/package/randomstring">randomstring</a>, but on the frontend you need to find something lighter or tree-shakeable.</p> <p>Next up, where do we get <code>code_challenge</code>? To generate <code>code_challenge</code> we:</p> <ol> <li>Generate first a <code>code_verifier</code>. This should be a high entropy string. The longer the string, the better (maximum 128 characters as per spec): </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="nx">randomstring</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">randomstring</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">state</span> <span class="o">=</span> <span class="nx">randomstring</span><span class="p">.</span><span class="nx">generate</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">code_verifier</span> <span class="o">=</span> <span class="nx">randomstring</span><span class="p">.</span><span class="nx">generate</span><span class="p">(</span><span class="mi">128</span><span class="p">);</span> </code></pre> </div> <p>It's important to remember that <code>code_verifier</code> and <code>state</code> need to <strong>persist somewhere in the browser</strong> because we need them in the next steps. Persisting these two values is <strong>harmless</strong>.</p> <p>You can put them in <code>sessionStorage</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="nx">randomstring</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">randomstring</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">state</span> <span class="o">=</span> <span class="nx">randomstring</span><span class="p">.</span><span class="nx">generate</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">code_verifier</span> <span class="o">=</span> <span class="nx">randomstring</span><span class="p">.</span><span class="nx">generate</span><span class="p">(</span><span class="mi">128</span><span class="p">);</span> <span class="kd">function</span> <span class="nx">saveStateAndVerifier</span><span class="p">()</span> <span class="p">{</span> <span class="cm">/* Don't overwrite our saved state if location has the state parameter. This means we got authorization from the AS, and we need to compare them later. */</span> <span class="k">if</span> <span class="p">(</span><span class="nb">window</span><span class="p">.</span><span class="nx">location</span><span class="p">.</span><span class="nx">search</span><span class="p">.</span><span class="nx">includes</span><span class="p">(</span><span class="dl">"</span><span class="s2">state</span><span class="dl">"</span><span class="p">))</span> <span class="k">return</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">storage</span> <span class="o">=</span> <span class="nb">window</span><span class="p">.</span><span class="nx">sessionStorage</span><span class="p">;</span> <span class="nx">storage</span><span class="p">.</span><span class="nx">clear</span><span class="p">();</span> <span class="nx">storage</span><span class="p">.</span><span class="nx">setItem</span><span class="p">(</span><span class="dl">"</span><span class="s2">state</span><span class="dl">"</span><span class="p">,</span> <span class="nx">state</span><span class="p">);</span> <span class="nx">storage</span><span class="p">.</span><span class="nx">setItem</span><span class="p">(</span><span class="dl">"</span><span class="s2">code_verifier</span><span class="dl">"</span><span class="p">,</span> <span class="nx">code_verifier</span><span class="p">);</span> <span class="p">}</span> <span class="nx">saveStateAndVerifier</span><span class="p">();</span> </code></pre> </div> <ol> <li>Then we compute <code>code_challenge</code> starting from <code>code_verifier</code>: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="nx">randomstring</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">randomstring</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">encode</span> <span class="k">as</span> <span class="nx">base64encode</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">base64-arraybuffer</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">state</span> <span class="o">=</span> <span class="nx">randomstring</span><span class="p">.</span><span class="nx">generate</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">code_verifier</span> <span class="o">=</span> <span class="nx">randomstring</span><span class="p">.</span><span class="nx">generate</span><span class="p">(</span><span class="mi">128</span><span class="p">);</span> <span class="kd">function</span> <span class="nx">saveStateAndVerifier</span><span class="p">()</span> <span class="p">{</span> <span class="cm">/* Don't overwrite our saved state if location has the state parameter. This means we got authorization from the AS, and we need to compare them later. */</span> <span class="k">if</span> <span class="p">(</span><span class="nb">window</span><span class="p">.</span><span class="nx">location</span><span class="p">.</span><span class="nx">search</span><span class="p">.</span><span class="nx">includes</span><span class="p">(</span><span class="dl">"</span><span class="s2">state</span><span class="dl">"</span><span class="p">))</span> <span class="k">return</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">storage</span> <span class="o">=</span> <span class="nb">window</span><span class="p">.</span><span class="nx">sessionStorage</span><span class="p">;</span> <span class="nx">storage</span><span class="p">.</span><span class="nx">clear</span><span class="p">();</span> <span class="nx">storage</span><span class="p">.</span><span class="nx">setItem</span><span class="p">(</span><span class="dl">"</span><span class="s2">state</span><span class="dl">"</span><span class="p">,</span> <span class="nx">state</span><span class="p">);</span> <span class="nx">storage</span><span class="p">.</span><span class="nx">setItem</span><span class="p">(</span><span class="dl">"</span><span class="s2">code_verifier</span><span class="dl">"</span><span class="p">,</span> <span class="nx">code_verifier</span><span class="p">);</span> <span class="p">}</span> <span class="nx">saveStateAndVerifier</span><span class="p">();</span> <span class="k">async</span> <span class="kd">function</span> <span class="nx">generateCodeChallenge</span><span class="p">(</span><span class="nx">codeVerifier</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">encoder</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">TextEncoder</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="nx">encoder</span><span class="p">.</span><span class="nx">encode</span><span class="p">(</span><span class="nx">codeVerifier</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">digest</span> <span class="o">=</span> <span class="k">await</span> <span class="nb">window</span><span class="p">.</span><span class="nx">crypto</span><span class="p">.</span><span class="nx">subtle</span><span class="p">.</span><span class="nx">digest</span><span class="p">(</span><span class="dl">"</span><span class="s2">SHA-256</span><span class="dl">"</span><span class="p">,</span> <span class="nx">data</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">toBase64</span> <span class="o">=</span> <span class="nx">base64encode</span><span class="p">(</span><span class="nx">digest</span><span class="p">);</span> <span class="c1">// you can extract this replacing code to a function</span> <span class="k">return</span> <span class="nx">base64Digest</span> <span class="p">.</span><span class="nx">replace</span><span class="p">(</span><span class="sr">/</span><span class="se">\+</span><span class="sr">/g</span><span class="p">,</span> <span class="dl">"</span><span class="s2">-</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nx">replace</span><span class="p">(</span><span class="sr">/</span><span class="se">\/</span><span class="sr">/g</span><span class="p">,</span> <span class="dl">"</span><span class="s2">_</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nx">replace</span><span class="p">(</span><span class="sr">/=/g</span><span class="p">,</span> <span class="dl">""</span><span class="p">);</span> <span class="p">}</span> <span class="nx">generateCodeChallenge</span><span class="p">(</span><span class="nx">code_verifier</span><span class="p">).</span><span class="nx">then</span><span class="p">((</span><span class="nx">challenge</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">challenge</span><span class="p">);</span> <span class="c1">// whatever you generated, example:</span> <span class="c1">// M5oPBP6RmJPh5QsGtx6ptVH7S2yjqt8sum96jBCyhZg</span> <span class="p">});</span> </code></pre> </div> <p>This is probably the most difficult part. For a complete explanation see <a href="https://www.valentinog.com/blog/challenge/">"Generating the code challenge for PKCE in OAuth 2"</a>.</p> <p>What matters here is that you're left with a <code>code_challenge</code>, a string like <code>M5oPBP6RmJPh5QsGtx6ptVH7S2yjqt8sum96jBCyhZg</code>. This will be sent later to the authorization server.</p> <p>Once you have everything you can <a href="https://www.valentinog.com/blog/url/">build the URL</a>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// These should go in environment variables injected at build time</span> <span class="c1">// I put it here to keep things simple</span> <span class="kd">const</span> <span class="nx">client_id</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">ERPn7zeLvPCnZ1OtF7jxlTiZz0uQjpiWQEdeAUva</span><span class="dl">"</span> <span class="kd">const</span> <span class="nx">redirect_uri</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">https://client.example/auth</span><span class="dl">"</span><span class="p">;</span> <span class="c1">// omitted the rest for brevity</span> <span class="nx">generateCodeChallenge</span><span class="p">(</span><span class="nx">code_verifier</span><span class="p">).</span><span class="nx">then</span><span class="p">((</span><span class="nx">challenge</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">buildLoginUrl</span><span class="p">(</span><span class="nx">challenge</span><span class="p">);</span> <span class="p">});</span> <span class="c1">// Proto-code. Don't use for production</span> <span class="kd">function</span> <span class="nx">buildLoginUrl</span><span class="p">(</span><span class="nx">challenge</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">link</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nx">querySelector</span><span class="p">(</span><span class="dl">"</span><span class="s2">a</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">linkValue</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">URL</span><span class="p">(</span><span class="dl">"</span><span class="s2">https://auth.example/oauth/authorize</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">queryParams</span> <span class="o">=</span> <span class="p">{</span> <span class="nx">client_id</span><span class="p">,</span> <span class="na">response_type</span><span class="p">:</span> <span class="dl">"</span><span class="s2">code</span><span class="dl">"</span><span class="p">,</span> <span class="na">state</span><span class="p">:</span> <span class="nx">state</span><span class="p">,</span> <span class="na">code_challenge</span><span class="p">:</span> <span class="nx">challenge</span><span class="p">,</span> <span class="na">code_challenge_method</span><span class="p">:</span> <span class="dl">"</span><span class="s2">S256</span><span class="dl">"</span><span class="p">,</span> <span class="nx">redirect_uri</span> <span class="p">};</span> <span class="k">for</span> <span class="p">(</span><span class="kd">const</span> <span class="nx">param</span> <span class="k">in</span> <span class="nx">queryParams</span><span class="p">)</span> <span class="p">{</span> <span class="nx">linkValue</span><span class="p">.</span><span class="nx">searchParams</span><span class="p">.</span><span class="nx">append</span><span class="p">(</span><span class="nx">param</span><span class="p">,</span> <span class="nx">queryParams</span><span class="p">[</span><span class="nx">param</span><span class="p">]);</span> <span class="p">}</span> <span class="nx">link</span><span class="p">.</span><span class="nx">setAttribute</span><span class="p">(</span><span class="dl">"</span><span class="s2">href</span><span class="dl">"</span><span class="p">,</span> <span class="nx">linkValue</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>At the end it should translate to something along these lines:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="cp">&lt;!DOCTYPE html&gt;</span> <span class="nt">&lt;html</span> <span class="na">lang=</span><span class="s">"en"</span><span class="nt">&gt;</span> <span class="nt">&lt;head&gt;</span> <span class="nt">&lt;meta</span> <span class="na">charset=</span><span class="s">"UTF-8"</span><span class="nt">&gt;</span> <span class="nt">&lt;title&gt;</span>OAuth 2.0 in Single-Page Applications for Mere Mortals<span class="nt">&lt;/title&gt;</span> <span class="nt">&lt;/head&gt;</span> <span class="nt">&lt;body&gt;</span> <span class="nt">&lt;a</span> <span class="na">href=</span><span class="s">"https://auth.example/oauth/authorize ?client_id=ERPn7zeLvPCnZ1OtF7jxlTiZz0uQjpiWQEdeAUva &amp;response_type=code &amp;state=nMdR7oTxgXYr0INLytRi9XH7InnbrNbg &amp;code_challenge=M5oPBP6RmJPh5QsGtx6ptVH7S2yjqt8sum96jBCyhZg &amp;code_challenge_method=S256 &amp;redirect_uri=https://client.example/auth"</span><span class="nt">&gt;</span>LOGIN<span class="nt">&lt;/a&gt;</span> <span class="nt">&lt;/body&gt;</span> <span class="nt">&lt;/html&gt;</span> </code></pre> </div> <p>You can see an example of this first step any time you're about to log in on a service with "Login with GitHub" or "Login with Google". In most frameworks this is called social authentication.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--VG8ZycxW--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/10jxnc1biyzlwsrewwln.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--VG8ZycxW--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/10jxnc1biyzlwsrewwln.png" alt="Continue with Github" width="880" height="536"></a></p> <p><strong>Who codes this part</strong>? This part of the flow is a responsibility for the frontend developer. In most cases, it is recommended to use the SDK provided by your authentication provider.</p> <p><strong>Next step</strong>: authorization server asks the user for permissions.</p> <h3> 2. Authorization server asks the user for permissions </h3> <p>As a prerequisite for this step, the <strong>user</strong> must be logged in the third-party service. If that's the case, the user is presented with a screen which asks for <strong>permissions</strong> on the <strong>resource server</strong>:</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--D3FTyIv2--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/k1609mp4kw6p8b7sgfhy.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--D3FTyIv2--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/k1609mp4kw6p8b7sgfhy.png" alt="Authorization server asks the user for permissions" width="880" height="516"></a></p> <p>This is again an example with django-oauth-toolkit.</p> <p>Remember: here <strong>we condense resource server and authorization server in a single place</strong>, but in the real world this is not always the case.</p> <p>If the user gives consent, the <strong>authorization server</strong> redirects the user to the <code>redirect_uri</code> specified in step 0. </p> <p><strong>Who codes this part</strong>? This part of the flow is a responsibility for the backend developer who should prepare an OAuth 2.0 capable server using proven and tested packages.</p> <p><strong>Next step</strong>: authorization server redirects the user back to the client.</p> <h3> 3. Authorization server -&gt; Client -&gt; User </h3> <p>Once the <strong>user</strong> authorizes the <strong>client</strong>, the authorization server redirects the <strong>user</strong> to the <code>redirect_uri</code> provided in step 0 during the OAuth application registration, in our example <code>https://client.example/auth</code>.</p> <p>The redirect URL will carry in addition an <strong>authorization code</strong> as a query parameter, as well as <code>state</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>https://client.example/auth ?code=l2Z1DNMaiJWZEa3iZJsChdUeKraG3k &amp;state=nMdR7oTxgXYr0INLytRi9XH7InnbrNbg </code></pre> </div> <p>A couple of important points:</p> <ul> <li>Don't save the <strong>authorization code</strong> in <code>localStorage</code>, there's no need.</li> <li>You can notice how <code>state</code> from this request is the same <code>state</code> we computed in step 1.</li> </ul> <p>In this step we need to compare the <code>state</code> we get from the authorization server, and the <code>state</code> we saved in <code>sessionStorage</code> in step 1.</p> <p>If they are not the same, we must alt the flow:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">currentLocation</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">URL</span><span class="p">(</span><span class="nb">window</span><span class="p">.</span><span class="nx">location</span><span class="p">.</span><span class="nx">href</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">stateFromLocation</span> <span class="o">=</span> <span class="nx">currentLocation</span><span class="p">.</span><span class="nx">searchParams</span><span class="p">.</span><span class="kd">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">state</span><span class="dl">"</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="nb">window</span><span class="p">.</span><span class="nx">sessionStorage</span><span class="p">.</span><span class="nx">getItem</span><span class="p">(</span><span class="dl">"</span><span class="s2">state</span><span class="dl">"</span><span class="p">)</span> <span class="o">!==</span> <span class="nx">stateFromLocation</span><span class="p">){</span> <span class="k">throw</span> <span class="nb">Error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Probable session hijacking attack!</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p><strong>Who codes this part</strong>? This part of the flow is a responsibility for the frontend developer who ensures that the redirect URI is accessible.</p> <p><strong>Next step</strong>: client uses the authorization code to request an access token from the authorization server.</p> <h3> 4. Client uses the authorization code to request access token </h3> <p>At this point the JavaScript client has everything in place for <strong>requesting an access token</strong>. </p> <p>This request should reach the authorization server at <code>https://auth.example/oauth/token</code> by the means of a <code>application/x-www-form-urlencoded</code> <code>POST</code> request.</p> <p>There are a lot of things that need to go in the request body. Namely:</p> <ul> <li> <code>client_id</code>: we have this from the beginning.</li> <li> <code>grant_type</code>: this should be <code>authorization_code</code>.</li> <li> <code>state</code>: we saved this in <code>sessionStorage</code>, step 1.</li> <li> <code>code</code>: we get this from the current location.</li> <li> <code>code_verifier</code>: : we saved this in <code>sessionStorage</code>, step 1.</li> <li> <code>redirect_uri</code>: we have this from the beginning.</li> </ul> <p>To get the access token, the developer crafts a function which runs right after the redirect flow. The following code is a loose idea of how it should look like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Proto-code. Don't use for production</span> <span class="kd">function</span> <span class="nx">getToken</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">tokenEndpoint</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">URL</span><span class="p">(</span> <span class="dl">"</span><span class="s2">https://auth.example/oauth/token</span><span class="dl">"</span> <span class="p">);</span> <span class="kd">const</span> <span class="nx">currentLocation</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">URL</span><span class="p">(</span><span class="nb">window</span><span class="p">.</span><span class="nx">location</span><span class="p">.</span><span class="nx">href</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">authorizationCode</span> <span class="o">=</span> <span class="nx">currentLocation</span><span class="p">.</span><span class="nx">searchParams</span><span class="p">.</span><span class="kd">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">code</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">stateFromLocation</span> <span class="o">=</span> <span class="nx">currentLocation</span><span class="p">.</span><span class="nx">searchParams</span><span class="p">.</span><span class="kd">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">state</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">initialCodeVerifier</span> <span class="o">=</span> <span class="nb">window</span><span class="p">.</span><span class="nx">sessionStorage</span><span class="p">.</span><span class="nx">getItem</span><span class="p">(</span><span class="dl">"</span><span class="s2">code_verifier</span><span class="dl">"</span><span class="p">);</span> <span class="c1">// This is a good place for checking the state too </span> <span class="k">if</span> <span class="p">(</span><span class="nb">window</span><span class="p">.</span><span class="nx">sessionStorage</span><span class="p">.</span><span class="nx">getItem</span><span class="p">(</span><span class="dl">"</span><span class="s2">state</span><span class="dl">"</span><span class="p">)</span> <span class="o">!==</span> <span class="nx">stateFromLocation</span><span class="p">){</span> <span class="k">throw</span> <span class="nb">Error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Probable session hijacking attack!</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">queryParams</span> <span class="o">=</span> <span class="p">{</span> <span class="nx">client_id</span><span class="p">,</span> <span class="na">grant_type</span><span class="p">:</span> <span class="dl">"</span><span class="s2">authorization_code</span><span class="dl">"</span><span class="p">,</span> <span class="na">state</span><span class="p">:</span> <span class="nx">stateFromLocation</span><span class="p">,</span> <span class="na">code</span><span class="p">:</span> <span class="nx">authorizationCode</span><span class="p">,</span> <span class="na">code_verifier</span><span class="p">:</span> <span class="nx">initialCodeVerifier</span><span class="p">,</span> <span class="nx">redirect_uri</span> <span class="p">};</span> <span class="k">for</span> <span class="p">(</span><span class="kd">const</span> <span class="nx">param</span> <span class="k">in</span> <span class="nx">queryParams</span><span class="p">)</span> <span class="p">{</span> <span class="nx">tokenEndpoint</span><span class="p">.</span><span class="nx">searchParams</span><span class="p">.</span><span class="nx">append</span><span class="p">(</span><span class="nx">param</span><span class="p">,</span> <span class="nx">queryParams</span><span class="p">[</span><span class="nx">param</span><span class="p">]);</span> <span class="p">}</span> <span class="nx">fetch</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">tokenEndpoint</span><span class="p">.</span><span class="nx">origin</span><span class="p">}${</span><span class="nx">tokenEndpoint</span><span class="p">.</span><span class="nx">pathname</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">"</span><span class="s2">POST</span><span class="dl">"</span><span class="p">,</span> <span class="na">body</span><span class="p">:</span> <span class="nx">tokenEndpoint</span><span class="p">.</span><span class="nx">searchParams</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/x-www-form-urlencoded</span><span class="dl">"</span><span class="p">,</span> <span class="na">Accept</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span> <span class="p">}</span> <span class="p">}).</span><span class="nx">then</span><span class="p">(</span><span class="cm">/* more later */</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>Here we get <code>state</code> and <code>code</code> from the current location, we check that the previous <code>state</code> and the <code>state</code> from the authorization server match.</p> <p>Next up, we build the query parameters, and we send the <code>POST</code> request. The <strong>authorization server must allow CORS</strong> for this to work.</p> <p>If everything goes well, the <strong>authorization server responds with a Bearer access token</strong>, and a refresh token. Here's an example of response:</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--irZVnDmW--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/u7vc1284t1iy076upohl.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--irZVnDmW--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/u7vc1284t1iy076upohl.png" alt="Oauth 2.0 Bearer access token" width="880" height="575"></a></p> <p><strong>Who codes this part</strong>? The frontend developer puts together the logic for building the <code>POST</code> request. In most cases, it is recommended to use the SDK provided by your authentication provider. The backend developer ensures that the authorization server exposes the appropriate <strong>CORS headers</strong>.</p> <p><strong>Next step</strong>: Client uses the access token to access a protected resource.</p> <h3> 5. Client sends the token to access a protected resource </h3> <p>This is probably the "easiest" part. In the <code>getToken()</code> function we add a minimal logic for saving the JSON response, which now holds access and refresh token, as well as the expiration. Here's only the relevant snippet:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">let</span> <span class="nx">tokens</span> <span class="o">=</span> <span class="kc">null</span><span class="p">;</span> <span class="kd">function</span> <span class="nx">getToken</span><span class="p">()</span> <span class="p">{</span> <span class="c1">// omit</span> <span class="nx">fetch</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">tokenEndpoint</span><span class="p">.</span><span class="nx">origin</span><span class="p">}${</span><span class="nx">tokenEndpoint</span><span class="p">.</span><span class="nx">pathname</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">"</span><span class="s2">POST</span><span class="dl">"</span><span class="p">,</span> <span class="na">body</span><span class="p">:</span> <span class="nx">tokenEndpoint</span><span class="p">.</span><span class="nx">searchParams</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/x-www-form-urlencoded</span><span class="dl">"</span><span class="p">,</span> <span class="na">Accept</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span> <span class="p">}</span> <span class="p">})</span> <span class="p">.</span><span class="nx">then</span><span class="p">(</span><span class="nx">response</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="nx">response</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="k">throw</span> <span class="nb">Error</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">statusText</span><span class="p">);</span> <span class="k">return</span> <span class="nx">response</span><span class="p">.</span><span class="nx">json</span><span class="p">();</span> <span class="p">})</span> <span class="p">.</span><span class="nx">then</span><span class="p">(</span><span class="nx">json</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// save the tokens</span> <span class="nx">tokens</span> <span class="o">=</span> <span class="nx">json</span><span class="p">;</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <p>In $insertYourFrameworkHere you will save these tokens in the ephemeral state of the application.</p> <p>Next up, we <strong>send the access token on each subsequent request to the resource server</strong> (a REST API for example), until the token expires. </p> <p>To do so, we pass an <code>Authorization</code> header with the bearer token. For example, we might want to fetch a list of resources on a button click:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">button</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nx">querySelector</span><span class="p">(</span><span class="dl">"</span><span class="s2">button</span><span class="dl">"</span><span class="p">);</span> <span class="nx">button</span><span class="p">.</span><span class="nx">addEventListener</span><span class="p">(</span><span class="dl">"</span><span class="s2">click</span><span class="dl">"</span><span class="p">,</span> <span class="nx">fetchData</span><span class="p">);</span> <span class="kd">function</span> <span class="nx">fetchData</span><span class="p">()</span> <span class="p">{</span> <span class="nx">fetch</span><span class="p">(</span><span class="dl">"</span><span class="s2">https://auth.example/api/customers/</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="na">Authorization</span><span class="p">:</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="nx">tokens</span><span class="p">.</span><span class="nx">access_token</span><span class="p">}</span><span class="s2">`</span> <span class="p">}</span> <span class="p">}).</span><span class="nx">then</span><span class="p">(</span><span class="cm">/* do stuff with the response */</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>We imagined from the beginning that in our example the <strong>resource server</strong>, and the OAuth 2 <strong>authorization server</strong> live on the same machine. Hence, we call the API at <code>https://auth.example/api/customers/</code>.</p> <p><strong>Who codes this part</strong>? The frontend developer puts together the logic for handling the access token. The backend developer ensures that the REST API (resource server in our case) exposes the appropriate <strong>CORS headers</strong>.</p> <h2> What's next? </h2> <p>At this point we have a minimal working implementation of a rudimentary Auth 2 client. But we lack <strong>logout, scope handling, and the logic for using the refresh token</strong>.</p> <p>Authorization providers like AWS or Okta have already solved this problem for us, and that's what most companies use in the real world.</p> <p>If anything, hopefully you learned something new, and the theory behind <strong>authorization code grant with PKCE</strong>.</p> <h2> Wrapping up </h2> <p>OAuth 2 is hard, there are <strong>a lot of ways you can shoot yourself in the foot</strong>. In the frontend, always program defensively. In particular:</p> <ul> <li>Use the <strong>OAuth SDK</strong> from your authorization provider.</li> <li>Don't roll out your own crypto.</li> <li>Don't use <a href="https://www.rdegges.com/2018/please-stop-using-local-storage/">localStorage</a> for saving the authorization code, even if it's temporary.</li> <li>Don't save the access token, or the refresh token in <code>localStorage</code>!</li> <li>Again, use the <strong>OAuth SDK</strong> from your authorization provider.</li> <li>Again, don't roll out your own crypto.</li> </ul> <p>On the backend, <strong>don't venture in reinventing the wheel</strong>. There are solid, battle-tested libraries for building OAuth 2 authorization servers.</p> <p>Have fun!</p> <h2> Further resources </h2> <ul> <li> <a href="https://www.oauth.com/">OAuth 2.0 Simplified by Aaron Parecki</a> covers ins and outs of OAuth 2.0 in clear, simple steps.</li> </ul> <p>My book <strong>Decoupled Django</strong>, (Apress, May 2021) covers OAuth 2 for Django APIs with Single-page applications. Stay tuned on my <a href="https://t.me/valentinoga">Telegram channel</a> for previews and excerpts from the book!</p> security oauth2 javascript webdev Valentino Gagliardi Wed, 16 Sep 2020 06:41:35 +0000 https://dev.to/valentinogagliardi/a-practical-complete-tutorial-on-http-cookies-1ofd https://dev.to/valentinogagliardi/a-practical-complete-tutorial-on-http-cookies-1ofd <h2> What are cookies in web development? </h2> <p><strong>Cookies are tiny pieces of data that the backend can store in the user's browsers</strong>. User tracking, personalization, and most important, <strong>authentication</strong>, are the most common use cases for cookies.</p> <p>Cookies have a lot of privacy concerns, and have been subject to strict regulation over the years. </p> <p><strong>In this post I'll focus mainly on the technical side: you'll learn how to create, use, and work with HTTP cookies</strong>, on the frontend, and on the backend.</p> <h2> What you will learn </h2> <p>In the following guide you'll learn:</p> <ul> <li>how to work with cookies, backend and frontend</li> <li>cookie <strong>security and permissions</strong> </li> <li>interaction between <strong>cookies, AJAX, and CORS</strong> </li> </ul> <h2> Setting up the backend </h2> <p>The examples for the <strong>backend</strong> are in <strong>Python with Flask</strong>. If you want to follow along, create a new Python virtual environment, move into it, and install Flask:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir </span>cookies <span class="o">&amp;&amp;</span> <span class="nb">cd</span> <span class="nv">$_</span> python3 <span class="nt">-m</span> venv venv <span class="nb">source </span>venv/bin/activate pip <span class="nb">install </span>Flask </code></pre> </div> <p>In the project folder create a new file named <code>flask_app.py</code>, and use my examples to experiment locally.</p> <h2> Who creates cookies? </h2> <p>First things first, <strong>where does cookies come from? Who creates cookies?</strong></p> <p>While it's possible to create cookies in the browser with <code>document.cookie</code>, most of the times it's responsibility of the <strong>backend to set cookies in the response before sending it to the client</strong>. </p> <p>By <strong>backend here we mean</strong> that cookies can be created by:</p> <ul> <li>the actual application's code on the backend (Python, JavaScript, PHP, Java)</li> <li>a webserver responding to requests (Nginx, Apache)</li> </ul> <p>For doing so the backend sets in the response an HTTP header named <code>Set-Cookie</code> with a corresponding string made of a key/value pair, plus optional attributes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Set-Cookie: myfirstcookie=somecookievalue </code></pre> </div> <p>When and where to create these cookies depends on the requirements.</p> <p>So, <strong>cookies</strong> are simple strings. Consider this example in Python with Flask. Create a Python file named <code>flask_app.py</code> in the project folder with the following code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">flask</span> <span class="kn">import</span> <span class="n">Flask</span><span class="p">,</span> <span class="n">make_response</span> <span class="n">app</span> <span class="o">=</span> <span class="nc">Flask</span><span class="p">(</span><span class="n">__name__</span><span class="p">)</span> <span class="nd">@app.route</span><span class="p">(</span><span class="sh">"</span><span class="s">/index/</span><span class="sh">"</span><span class="p">,</span> <span class="n">methods</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">GET</span><span class="sh">"</span><span class="p">])</span> <span class="k">def</span> <span class="nf">index</span><span class="p">():</span> <span class="n">response</span> <span class="o">=</span> <span class="nf">make_response</span><span class="p">(</span><span class="sh">"</span><span class="s">Here, take some cookie!</span><span class="sh">"</span><span class="p">)</span> <span class="n">response</span><span class="p">.</span><span class="n">headers</span><span class="p">[</span><span class="sh">"</span><span class="s">Set-Cookie</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="sh">"</span><span class="s">myfirstcookie=somecookievalue</span><span class="sh">"</span> <span class="k">return</span> <span class="n">response</span> </code></pre> </div> <p>Then run the app:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">FLASK_ENV</span><span class="o">=</span>development <span class="nv">FLASK_APP</span><span class="o">=</span>flask_app.py flask run </code></pre> </div> <p>When this application is running, and the user visits <a href="http://127.0.0.1:5000/index/" rel="noopener noreferrer">http://127.0.0.1:5000/index/</a> the backend sets a <strong>response header</strong> named <code>Set-Cookie</code> with a key/value pair. </p> <p>(127.0.0.1:5000 is the default listening address/port for Flask applications in development).</p> <p>The <code>Set-Cookie</code> header is the key to understand how to create cookies:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">response</span><span class="p">.</span><span class="n">headers</span><span class="p">[</span><span class="sh">"</span><span class="s">Set-Cookie</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="sh">"</span><span class="s">myfirstcookie=somecookievalue</span><span class="sh">"</span> </code></pre> </div> <p>On the right side you can see the actual cookie <code>"myfirstcookie=somecookievalue"</code>. </p> <p>Most frameworks have their own utility functions for setting cookies programmatically, like <a href="https://flask.palletsprojects.com/en/1.1.x/api/?highlight=set_cookie#flask.Response.set_cookie" rel="noopener noreferrer">Flask's</a> <code>set_cookie()</code>. </p> <p>Under the hood they simply set a header in the response with <code>Set-Cookie</code>.</p> <h2> How to see cookies? </h2> <p>Consider again the previous example with Flask. Once you visit <a href="http://127.0.0.1:5000/index/" rel="noopener noreferrer">http://127.0.0.1:5000/index/</a>, the backend sets a cookie in the browser. To see this cookie you can either call <code>document.cookie</code> from the browser's console:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Ftfm0p7ep7o6ozing3ajc.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Ftfm0p7ep7o6ozing3ajc.png" alt="document.cookie"></a></p> <p>Or you can check the <strong>Storage</strong> tab in the developer tools. Click on <strong>Cookies</strong>, and you should see the cookie there:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F0ndg6hai82vpxf8mubjs.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F0ndg6hai82vpxf8mubjs.png" alt="Cookie storage"></a></p> <p>On a command line you can use also <strong>curl</strong> to see what cookies the backend sets:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-I</span> http://127.0.0.1:5000/index/ </code></pre> </div> <p>To save cookies to a file for later use:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-I</span> http://127.0.0.1:5000/index/ <span class="nt">--cookie-jar</span> mycookies </code></pre> </div> <p>To display cookies on stdout:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-I</span> http://127.0.0.1:5000/index/ <span class="nt">--cookie-jar</span> - </code></pre> </div> <p>Note that cookies without the <code>HttpOnly</code> attribute are accessible on <code>document.cookie</code> from JavaScript in the browser. On the other hand a cookie marked as <code>HttpOnly</code> cannot be accessed from JavaScript.</p> <p>To mark a cookie as <code>HttpOnly</code> pass the attribute in the cookie:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Set-Cookie: myfirstcookie=somecookievalue; HttpOnly </code></pre> </div> <p>Now the cookie will still appear in the Cookie Storage tab, but <code>document.cookie</code> will return an empty string.</p> <p>From <strong>this point on for convenience I'll use Flask's</strong> <code>response.set_cookie()</code> <strong>to create cookies on the backend</strong>.</p> <p>To inspect cookies along the way in this guide we'll use alternatively:</p> <ul> <li>curl</li> <li>Firefox developer tools</li> <li>Chrome developer tools</li> </ul> <h2> I've got a cookie, what now? </h2> <p>Your browser gets a cookie. Now what? Once you have a cookie, the browser <strong>can send back the cookie to the backend</strong>.</p> <p>This could have a number of applications: user tracking, personalization, and most important, <strong>authentication</strong>.</p> <p>For example, once you log in in a website the backend can give you a cookie:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Set-Cookie: userid=sup3r4n0m-us3r-1d3nt1f13r </code></pre> </div> <p>To <strong>properly identify you on each subsequent request, the backend checks the cookie coming from the browser in the request</strong>.</p> <p>To send the cookie, the browser appends a <code>Cookie</code> header in the request:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Cookie: userid=sup3r4n0m-us3r-1d3nt1f13r </code></pre> </div> <p><strong>How, when, and why the browser sends back cookies</strong> is the topic for the next sections.</p> <h2> Cookies can expire: Max-Age and expires </h2> <p>By default, <strong>cookies expire when the user closes the session, that is, when she closes the browser</strong>. To persist a cookie we can pass <code>expires</code> or <code>Max-Age</code> attributes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Set-Cookie: myfirstcookie=somecookievalue; expires=Tue, 09 Jun 2020 15:46:52 GMT; Max-Age=1209600 </code></pre> </div> <p>When bot attributes are present, <code>Max-Age</code> has precedence over <code>expires</code>.</p> <h2> Cookies are scoped by path: the Path attribute </h2> <p>Consider this backend which sets a new cookie for its frontend when visiting <a href="http://127.0.0.1:5000/" rel="noopener noreferrer">http://127.0.0.1:5000/</a>. On the other two routes instead we print the request's cookies:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">flask</span> <span class="kn">import</span> <span class="n">Flask</span><span class="p">,</span> <span class="n">make_response</span><span class="p">,</span> <span class="n">request</span> <span class="n">app</span> <span class="o">=</span> <span class="nc">Flask</span><span class="p">(</span><span class="n">__name__</span><span class="p">)</span> <span class="nd">@app.route</span><span class="p">(</span><span class="sh">"</span><span class="s">/</span><span class="sh">"</span><span class="p">,</span> <span class="n">methods</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">GET</span><span class="sh">"</span><span class="p">])</span> <span class="k">def</span> <span class="nf">index</span><span class="p">():</span> <span class="n">response</span> <span class="o">=</span> <span class="nf">make_response</span><span class="p">(</span><span class="sh">"</span><span class="s">Here, take some cookie!</span><span class="sh">"</span><span class="p">)</span> <span class="n">response</span><span class="p">.</span><span class="nf">set_cookie</span><span class="p">(</span><span class="n">key</span><span class="o">=</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">,</span> <span class="n">value</span><span class="o">=</span><span class="sh">"</span><span class="s">3db4adj3d</span><span class="sh">"</span><span class="p">,</span> <span class="n">path</span><span class="o">=</span><span class="sh">"</span><span class="s">/about/</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="n">response</span> <span class="nd">@app.route</span><span class="p">(</span><span class="sh">"</span><span class="s">/about/</span><span class="sh">"</span><span class="p">,</span> <span class="n">methods</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">GET</span><span class="sh">"</span><span class="p">])</span> <span class="k">def</span> <span class="nf">about</span><span class="p">():</span> <span class="nf">print</span><span class="p">(</span><span class="n">request</span><span class="p">.</span><span class="n">cookies</span><span class="p">)</span> <span class="k">return</span> <span class="sh">"</span><span class="s">Hello world!</span><span class="sh">"</span> <span class="nd">@app.route</span><span class="p">(</span><span class="sh">"</span><span class="s">/contact/</span><span class="sh">"</span><span class="p">,</span> <span class="n">methods</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">GET</span><span class="sh">"</span><span class="p">])</span> <span class="k">def</span> <span class="nf">contact</span><span class="p">():</span> <span class="nf">print</span><span class="p">(</span><span class="n">request</span><span class="p">.</span><span class="n">cookies</span><span class="p">)</span> <span class="k">return</span> <span class="sh">"</span><span class="s">Hello world!</span><span class="sh">"</span> </code></pre> </div> <p>To run the app:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">FLASK_ENV</span><span class="o">=</span>development <span class="nv">FLASK_APP</span><span class="o">=</span>flask_app.py flask run </code></pre> </div> <p>In another terminal, if we make connection with the root route we can see the cookie in <code>Set-Cookie</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-I</span> http://127.0.0.1:5000/ <span class="nt">--cookie-jar</span> cookies HTTP/1.0 200 OK Content-Type: text/html<span class="p">;</span> <span class="nv">charset</span><span class="o">=</span>utf-8 Content-Length: 23 Set-Cookie: <span class="nb">id</span><span class="o">=</span>3db4adj3d<span class="p">;</span> <span class="nv">Path</span><span class="o">=</span>/about/ Server: Werkzeug/1.0.1 Python/3.8.3 Date: Wed, 27 May 2020 09:21:37 GMT </code></pre> </div> <p>Notice how the cookies has a <code>Path</code> attribute:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Set-Cookie: id=3db4adj3d; Path=/about/ </code></pre> </div> <p>Let's now visit the /about/ route by sending the cookie we saved in the first visit:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-I</span> http://127.0.0.1:5000/about/ <span class="nt">--cookie</span> cookies </code></pre> </div> <p>In the terminal where the Flask app is running you should see:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>ImmutableMultiDict([('id', '3db4adj3d')]) 127.0.0.1 - - [27/May/2020 11:27:55] "HEAD /about/ HTTP/1.1" 200 - </code></pre> </div> <p>As expected the cookie goes back to the backend. Now try to visit the /contact/ route:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-I</span> http://127.0.0.1:5000/contact/ <span class="nt">--cookie</span> cookies </code></pre> </div> <p>This time in the terminal where the Flask app is running you should see:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>ImmutableMultiDict([]) 127.0.0.1 - - [27/May/2020 11:29:00] "HEAD /contact/ HTTP/1.1" 200 - </code></pre> </div> <p>What that means? Cookies are scoped by path. <strong>A cookie with a given</strong> <code>Path</code> <strong>attribute cannot be sent to another, unrelated path, even if both path live on the same domain</strong>.</p> <p>This is the first layer of <strong>permissions</strong> for cookies.</p> <p>When <code>Path</code> is omitted during cookie creation, the browsers defaults to <strong>/</strong>.</p> <h2> Cookies are scoped by domain: the Domain attribute </h2> <p>The value for the <code>Domain</code> attribute of a cookie controls <strong>whether the browser should accept it or not</strong> and <strong>where the cookie goes back</strong>.</p> <p>Let's see some examples.</p> <p><strong>NOTE</strong>: the following URL are on free Heroku instances. Give it a second to spin up. Open up a browser's console before opening the links to see the result in the network tab.</p> <h3> Non matching host (wrong host) </h3> <p>Consider the following cookie set by <a href="https://serene-bastion-01422.herokuapp.com/get-wrong-domain-cookie/:" rel="noopener noreferrer">https://serene-bastion-01422.herokuapp.com/get-wrong-domain-cookie/:</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Set-Cookie: coookiename=wr0ng-d0m41n-c00k13; Domain=api.valentinog.com </code></pre> </div> <p>Here the cookie originates from <strong>serene-bastion-01422.herokuapp.com</strong>, but the <code>Domain</code> attribute has <strong>api.valentinog.com</strong>.</p> <p>There's no other choice for the browser to <strong>reject this cookie</strong>. Chrome for example gives a warning (Firefox does not):</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fqxvx09xzrnia4ddpf0im.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fqxvx09xzrnia4ddpf0im.png" alt="Browser blocks wrong domain in cookie"></a></p> <h3> Non matching host (subdomain) </h3> <p>Consider the following cookie set by <a href="https://serene-bastion-01422.herokuapp.com/get-wrong-subdomain-cookie/:" rel="noopener noreferrer">https://serene-bastion-01422.herokuapp.com/get-wrong-subdomain-cookie/:</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Set-Cookie: coookiename=wr0ng-subd0m41n-c00k13; Domain=secure-brushlands-44802.herokuapp.com </code></pre> </div> <p>Here the cookie originates from <strong>serene-bastion-01422.herokuapp.com</strong>, but the <code>Domain</code> attribute is <strong>secure-brushlands-44802.herokuapp.com</strong>.</p> <p>They are on the same domain, but the subdomain is different. Again, the browser rejects this cookie as well:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fem10zttg322jd87njltm.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fem10zttg322jd87njltm.png" alt="Browser blocks wrong domain in cookie"></a></p> <h3> Matching host (whole domain) </h3> <p>Consider now the following cookie set by visiting <a href="https://www.valentinog.com/get-domain-cookie.html:" rel="noopener noreferrer">https://www.valentinog.com/get-domain-cookie.html:</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>set-cookie: cookiename=d0m41n-c00k13; Domain=valentinog.com </code></pre> </div> <p>This cookie is set at the web server level with <a href="http://nginx.org/en/docs/http/ngx_http_headers_module.html" rel="noopener noreferrer">Nginx add_header</a>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>add_header Set-Cookie <span class="s2">"cookiename=d0m41n-c00k13; Domain=valentinog.com"</span><span class="p">;</span> </code></pre> </div> <p>I <strong>used Nginx here to show you there are various ways to set a cookie</strong>. The fact that a cookie is set by a web server or by the application's code <strong>doesn't matter much for the browser</strong>.</p> <p>What matters is the domain the cookie is coming from.</p> <p>Here the browser will <strong>happily accept the cookie</strong> because the host in <code>Domain</code> <strong>includes the host from which the cookie came</strong>.</p> <p>In other words, valentinog.com includes the subdomain <a href="http://www.valentinog.com" rel="noopener noreferrer">www.valentinog.com</a>.</p> <p>Also, the <strong>cookie travels back with any new request against valentinog.com</strong>, as well as <strong>any request to subdomains on valentinog.com</strong>.</p> <p>Here's a request to the www subdomain with the cookie attached:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fw2k2lq0ei087jzyuo9e7.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fw2k2lq0ei087jzyuo9e7.png" alt="Cookie sent back matching domain"></a></p> <p>Here's a request to another subdomain with the cookie automatically attached:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fz7j15ck1dm8c9yvbq38d.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fz7j15ck1dm8c9yvbq38d.png" alt="Cookie subdomain sent back matching domain"></a></p> <h3> Cookies and the Public Suffix List </h3> <p>Now consider the following cookie set by <a href="https://serene-bastion-01422.herokuapp.com/get-domain-cookie/:" rel="noopener noreferrer">https://serene-bastion-01422.herokuapp.com/get-domain-cookie/:</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Set-Cookie: coookiename=d0m41n-c00k13; Domain=herokuapp.com </code></pre> </div> <p>Here the cookie comes from <strong>serene-bastion-01422.herokuapp.com</strong>, and the <code>Domain</code> attribute is <strong>herokuapp.com</strong>. What should the browser do here?</p> <p>You might think that serene-bastion-01422.herokuapp.com is included in the domain herokuapp.com, so the browser should accept the cookie.</p> <p>Instead, <strong>it rejects the cookie</strong> because it comes from a domain included in the <strong>Public Suffix List</strong>. </p> <p>The <strong>Public Suffix List</strong> is a list maintained by Mozilla, used by all browsers to restrict who can set cookies on behalf of other domains.</p> <p>Resources:</p> <ul> <li><a href="https://publicsuffix.org/" rel="noopener noreferrer">Public suffix list</a></li> <li><a href="https://devcenter.heroku.com/articles/cookies-and-herokuapp-com" rel="noopener noreferrer">Cookies and the Public Suffix List</a></li> </ul> <h3> Matching host (subdomain) </h3> <p>Consider now the following cookie set by <a href="https://serene-bastion-01422.herokuapp.com/get-subdomain-cookie/:" rel="noopener noreferrer">https://serene-bastion-01422.herokuapp.com/get-subdomain-cookie/:</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Set-Cookie: coookiename=subd0m41n-c00k13 </code></pre> </div> <p>When <code>Domain</code> is omitted during cookie creation, the browsers defaults to the originating host in the address bar, in this case my code does:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">response</span><span class="p">.</span><span class="nf">set_cookie</span><span class="p">(</span><span class="n">key</span><span class="o">=</span><span class="sh">"</span><span class="s">coookiename</span><span class="sh">"</span><span class="p">,</span> <span class="n">value</span><span class="o">=</span><span class="sh">"</span><span class="s">subd0m41n-c00k13</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p>When the cookie lands in the browser's cookie storage we see the <code>Domain</code> applied:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Foe4t554xikygqraq2nuj.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Foe4t554xikygqraq2nuj.png" alt="Default domain attribute"></a></p> <p>So we have this cookie from serene-bastion-01422.herokuapp.com. <strong>Where this cookie should be sent now?</strong>.</p> <p>If you visit <a href="https://serene-bastion-01422.herokuapp.com/" rel="noopener noreferrer">https://serene-bastion-01422.herokuapp.com/</a> the cookie goes with the request:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fj1ipy6v9igegb95ib4w1.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fj1ipy6v9igegb95ib4w1.png" alt="Cookie subdomain sent"></a></p> <p>But, if you visit herokuapp.com <strong>the cookie does not leave the browser at all</strong>:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fcml6d6ija9cw0if8jvn9.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fcml6d6ija9cw0if8jvn9.png" alt="Cookie from subdomain to domain not sent"></a></p> <p>(It doesn't matter that herokuapp.com later redirects to heroku.com).</p> <p>To recap, the browser uses the following heuristics to decide what to do with cookies (by sender host here I mean the actual URL you visit):</p> <ul> <li> <strong>Reject the cookie</strong> altogether if either the domain or the subdomain in <code>Domain</code> don't match the sender host</li> <li> <strong>Reject the cookie</strong> if the value of <code>Domain</code> is included in the Public suffix list</li> <li> <strong>Accept the cookie</strong> if the domain or the subdomain in <code>Domain</code> matches the sender host</li> </ul> <p>Once the browsers accepts the cookie, and it's about to <strong>make a request</strong> it says:</p> <ul> <li> <strong>Send it back the cookie</strong> if the request host matches exactly the value I saw in <code>Domain</code> </li> <li> <strong>Send it back the cookie</strong> if the request host is a subdomain matching exactly the value I saw in <code>Domain</code> </li> <li> <strong>Send it back the cookie</strong> if the request host is a subdomain like sub.example.dev included in a <code>Domain</code> like example.dev</li> <li> <strong>Don't send it back the cookie</strong> if the request host is a main domain like example.dev and <code>Domain</code> was sub.example.dev</li> </ul> <p><strong>Takeaway</strong>: <code>Domain</code> is the second layer of <strong>permissions</strong> for cookies, alongside with the <code>Path</code> attribute.</p> <h2> Cookies can travel over AJAX requests </h2> <p>Cookies can travel over AJAX requests. <strong>AJAX requests</strong> are asynchronous HTTP requests made with JavaScript (XMLHttpRequest or Fetch) to get and send back data to a backend.</p> <p>Consider another example with Flask where we have a template, which in turn loads a JavaScript file. Here's the Flask app:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">flask</span> <span class="kn">import</span> <span class="n">Flask</span><span class="p">,</span> <span class="n">make_response</span><span class="p">,</span> <span class="n">render_template</span> <span class="n">app</span> <span class="o">=</span> <span class="nc">Flask</span><span class="p">(</span><span class="n">__name__</span><span class="p">)</span> <span class="nd">@app.route</span><span class="p">(</span><span class="sh">"</span><span class="s">/</span><span class="sh">"</span><span class="p">,</span> <span class="n">methods</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">GET</span><span class="sh">"</span><span class="p">])</span> <span class="k">def</span> <span class="nf">index</span><span class="p">():</span> <span class="k">return</span> <span class="nf">render_template</span><span class="p">(</span><span class="sh">"</span><span class="s">index.html</span><span class="sh">"</span><span class="p">)</span> <span class="nd">@app.route</span><span class="p">(</span><span class="sh">"</span><span class="s">/get-cookie/</span><span class="sh">"</span><span class="p">,</span> <span class="n">methods</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">GET</span><span class="sh">"</span><span class="p">])</span> <span class="k">def</span> <span class="nf">get_cookie</span><span class="p">():</span> <span class="n">response</span> <span class="o">=</span> <span class="nf">make_response</span><span class="p">(</span><span class="sh">"</span><span class="s">Here, take some cookie!</span><span class="sh">"</span><span class="p">)</span> <span class="n">response</span><span class="p">.</span><span class="nf">set_cookie</span><span class="p">(</span><span class="n">key</span><span class="o">=</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">,</span> <span class="n">value</span><span class="o">=</span><span class="sh">"</span><span class="s">3db4adj3d</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="n">response</span> </code></pre> </div> <p>Here's the template in <code>templates/index.html</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="cp">&lt;!DOCTYPE html&gt;</span> <span class="nt">&lt;html</span> <span class="na">lang=</span><span class="s">"en"</span><span class="nt">&gt;</span> <span class="nt">&lt;head&gt;</span> <span class="nt">&lt;meta</span> <span class="na">charset=</span><span class="s">"UTF-8"</span><span class="nt">&gt;</span> <span class="nt">&lt;title&gt;</span>Title<span class="nt">&lt;/title&gt;</span> <span class="nt">&lt;/head&gt;</span> <span class="nt">&lt;body&gt;</span> <span class="nt">&lt;button&gt;</span>FETCH<span class="nt">&lt;/button&gt;</span> <span class="nt">&lt;/body&gt;</span> <span class="nt">&lt;script </span><span class="na">src=</span><span class="s">"{{ url_for('static', filename='index.js') }}"</span><span class="nt">&gt;&lt;/script&gt;</span> <span class="nt">&lt;/html&gt;</span> </code></pre> </div> <p>Here's the JavaScript code in <code>static/index.js</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">button</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nf">getElementsByTagName</span><span class="p">(</span><span class="dl">"</span><span class="s2">button</span><span class="dl">"</span><span class="p">)[</span><span class="mi">0</span><span class="p">];</span> <span class="nx">button</span><span class="p">.</span><span class="nf">addEventListener</span><span class="p">(</span><span class="dl">"</span><span class="s2">click</span><span class="dl">"</span><span class="p">,</span> <span class="kd">function</span><span class="p">()</span> <span class="p">{</span> <span class="nf">getACookie</span><span class="p">();</span> <span class="p">});</span> <span class="kd">function</span> <span class="nf">getACookie</span><span class="p">()</span> <span class="p">{</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">"</span><span class="s2">/get-cookie/</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">response</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// make sure to check response.ok in the real world!</span> <span class="k">return</span> <span class="nx">response</span><span class="p">.</span><span class="nf">text</span><span class="p">();</span> <span class="p">})</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">text</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">text</span><span class="p">));</span> <span class="p">}</span> </code></pre> </div> <p>When visiting <a href="http://127.0.0.1:5000/" rel="noopener noreferrer">http://127.0.0.1:5000/</a> we see a button. By clicking the button we make a Fetch request to /get-cookie/ to obtain a cookie back. As expected the cookie lands in the browser's Cookie storage.</p> <p>Now let's change a bit our Flask app to expose another endpoint:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">flask</span> <span class="kn">import</span> <span class="n">Flask</span><span class="p">,</span> <span class="n">make_response</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="n">render_template</span><span class="p">,</span> <span class="n">jsonify</span> <span class="n">app</span> <span class="o">=</span> <span class="nc">Flask</span><span class="p">(</span><span class="n">__name__</span><span class="p">)</span> <span class="nd">@app.route</span><span class="p">(</span><span class="sh">"</span><span class="s">/</span><span class="sh">"</span><span class="p">,</span> <span class="n">methods</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">GET</span><span class="sh">"</span><span class="p">])</span> <span class="k">def</span> <span class="nf">index</span><span class="p">():</span> <span class="k">return</span> <span class="nf">render_template</span><span class="p">(</span><span class="sh">"</span><span class="s">index.html</span><span class="sh">"</span><span class="p">)</span> <span class="nd">@app.route</span><span class="p">(</span><span class="sh">"</span><span class="s">/get-cookie/</span><span class="sh">"</span><span class="p">,</span> <span class="n">methods</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">GET</span><span class="sh">"</span><span class="p">])</span> <span class="k">def</span> <span class="nf">get_cookie</span><span class="p">():</span> <span class="n">response</span> <span class="o">=</span> <span class="nf">make_response</span><span class="p">(</span><span class="sh">"</span><span class="s">Here, take some cookie!</span><span class="sh">"</span><span class="p">)</span> <span class="n">response</span><span class="p">.</span><span class="nf">set_cookie</span><span class="p">(</span><span class="n">key</span><span class="o">=</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">,</span> <span class="n">value</span><span class="o">=</span><span class="sh">"</span><span class="s">3db4adj3d</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="n">response</span> <span class="nd">@app.route</span><span class="p">(</span><span class="sh">"</span><span class="s">/api/cities/</span><span class="sh">"</span><span class="p">,</span> <span class="n">methods</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">GET</span><span class="sh">"</span><span class="p">])</span> <span class="k">def</span> <span class="nf">cities</span><span class="p">():</span> <span class="k">if</span> <span class="n">request</span><span class="p">.</span><span class="n">cookies</span><span class="p">[</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">]</span> <span class="o">==</span> <span class="sh">"</span><span class="s">3db4adj3d</span><span class="sh">"</span><span class="p">:</span> <span class="n">cities</span> <span class="o">=</span> <span class="p">[{</span><span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Rome</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">:</span> <span class="mi">1</span><span class="p">},</span> <span class="p">{</span><span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Siena</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">:</span> <span class="mi">2</span><span class="p">}]</span> <span class="k">return</span> <span class="nf">jsonify</span><span class="p">(</span><span class="n">cities</span><span class="p">)</span> <span class="k">return</span> <span class="nf">jsonify</span><span class="p">(</span><span class="n">msg</span><span class="o">=</span><span class="sh">"</span><span class="s">Ops!</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p>Also, let's tweak our JavaScript code so that we make another Fetch request after getting the cookie:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">button</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nf">getElementsByTagName</span><span class="p">(</span><span class="dl">"</span><span class="s2">button</span><span class="dl">"</span><span class="p">)[</span><span class="mi">0</span><span class="p">];</span> <span class="nx">button</span><span class="p">.</span><span class="nf">addEventListener</span><span class="p">(</span><span class="dl">"</span><span class="s2">click</span><span class="dl">"</span><span class="p">,</span> <span class="kd">function</span><span class="p">()</span> <span class="p">{</span> <span class="nf">getACookie</span><span class="p">().</span><span class="nf">then</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="nf">getData</span><span class="p">());</span> <span class="p">});</span> <span class="kd">function</span> <span class="nf">getACookie</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">"</span><span class="s2">/get-cookie/</span><span class="dl">"</span><span class="p">).</span><span class="nf">then</span><span class="p">(</span><span class="nx">response</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// make sure to check response.ok in the real world!</span> <span class="k">return</span> <span class="nb">Promise</span><span class="p">.</span><span class="nf">resolve</span><span class="p">(</span><span class="dl">"</span><span class="s2">All good, fetch the data</span><span class="dl">"</span><span class="p">);</span> <span class="p">});</span> <span class="p">}</span> <span class="kd">function</span> <span class="nf">getData</span><span class="p">()</span> <span class="p">{</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">"</span><span class="s2">/api/cities/</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">response</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// make sure to check response.ok in the real world!</span> <span class="k">return</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="p">})</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">json</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">json</span><span class="p">));</span> <span class="p">}</span> </code></pre> </div> <p>When visiting <a href="http://127.0.0.1:5000/" rel="noopener noreferrer">http://127.0.0.1:5000/</a> we see a button. By clicking the button we make a Fetch request to /get-cookie/ to obtain a cookie back. As soon as the cookie comes, we make another Fetch request to /api/cities/.</p> <p>In the browser's console you should see an array of cities. Also, in the Network tab of the developer tool you should see a header named <code>Cookie</code>, transmitted to the backend over the AJAX request:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fcbnspnys2rnrvg08p993.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fcbnspnys2rnrvg08p993.png" alt="Fetch API cookie header"></a></p> <p>This <strong>cookie exchange back and forth between frontend and backend works fine as long as the frontend is in the same context of the backend</strong>: we say that they're on the same origin.</p> <p>That's because by default, Fetch sends <strong>credentials, i.e. cookies</strong> only when the request hits the same origin from which the request fires.</p> <p>Here, JavaScript is served by a Flask template on <a href="http://127.0.0.1:5000/" rel="noopener noreferrer">http://127.0.0.1:5000/</a>.</p> <p>Let's see instead what happens for different origins.</p> <h2> Cookies cannot always travel over AJAX requests </h2> <p>Consider a different situation where the backend runs stand-alone, so you have this Flask app running:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">FLASK_ENV</span><span class="o">=</span>development <span class="nv">FLASK_APP</span><span class="o">=</span>flask_app.py flask run </code></pre> </div> <p>Now in a different folder, outside of the Flask app, create an <code>index.html</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="cp">&lt;!DOCTYPE html&gt;</span> <span class="nt">&lt;html</span> <span class="na">lang=</span><span class="s">"en"</span><span class="nt">&gt;</span> <span class="nt">&lt;head&gt;</span> <span class="nt">&lt;meta</span> <span class="na">charset=</span><span class="s">"UTF-8"</span><span class="nt">&gt;</span> <span class="nt">&lt;title&gt;</span>Title<span class="nt">&lt;/title&gt;</span> <span class="nt">&lt;/head&gt;</span> <span class="nt">&lt;body&gt;</span> <span class="nt">&lt;button&gt;</span>FETCH<span class="nt">&lt;/button&gt;</span> <span class="nt">&lt;/body&gt;</span> <span class="nt">&lt;script </span><span class="na">src=</span><span class="s">"index.js"</span><span class="nt">&gt;&lt;/script&gt;</span> <span class="nt">&lt;/html&gt;</span> </code></pre> </div> <p>Create in the same folder a JavaScript file named <code>index.js</code> with the following code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">button</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nf">getElementsByTagName</span><span class="p">(</span><span class="dl">"</span><span class="s2">button</span><span class="dl">"</span><span class="p">)[</span><span class="mi">0</span><span class="p">];</span> <span class="nx">button</span><span class="p">.</span><span class="nf">addEventListener</span><span class="p">(</span><span class="dl">"</span><span class="s2">click</span><span class="dl">"</span><span class="p">,</span> <span class="kd">function</span><span class="p">()</span> <span class="p">{</span> <span class="nf">getACookie</span><span class="p">().</span><span class="nf">then</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="nf">getData</span><span class="p">());</span> <span class="p">});</span> <span class="kd">function</span> <span class="nf">getACookie</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">"</span><span class="s2">http://localhost:5000/get-cookie/</span><span class="dl">"</span><span class="p">).</span><span class="nf">then</span><span class="p">(</span><span class="nx">response</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// make sure to check response.ok in the real world!</span> <span class="k">return</span> <span class="nb">Promise</span><span class="p">.</span><span class="nf">resolve</span><span class="p">(</span><span class="dl">"</span><span class="s2">All good, fetch the data</span><span class="dl">"</span><span class="p">);</span> <span class="p">});</span> <span class="p">}</span> <span class="kd">function</span> <span class="nf">getData</span><span class="p">()</span> <span class="p">{</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">"</span><span class="s2">http://localhost:5000/api/cities/</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">response</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// make sure to check response.ok in the real world!</span> <span class="k">return</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="p">})</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">json</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">json</span><span class="p">));</span> <span class="p">}</span> </code></pre> </div> <p>In the same folder, from the terminal run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npx serve </code></pre> </div> <p>This command gives you a local address/port to connect to, like <code>http://localhost:42091/</code>. Visit the page and try to click the button with the browser's console open. In the console you should see:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:5000/get-cookie/. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing) </code></pre> </div> <p>Now, <code>http://localhost:5000/</code> is not the same as <code>http://localhost:42091/</code>. They're different <strong>origins</strong>, hence <strong>CORS</strong> kick ins.</p> <p>An <strong>origin consists of a scheme, domain, and port number</strong>. That means <code>http://localhost:5000/</code> is a different origin from <code>http://localhost:42091/</code>.</p> <h2> Dealing with CORS </h2> <p>CORS, acronym for Cross-Origin Resource Sharing, is a way for servers to control access to resources on a given origin, when JavaScript code running on a different origin requests these resources. </p> <p>By default, browsers block AJAX requests to remote resources which are not on the same origin, unless a specific HTTP header named <code>Access-Control-Allow-Origin</code> is exposed by the server.</p> <p>To fix this first error we need to configure CORS for Flask:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>flask-cors </code></pre> </div> <p>Then apply CORS to Flask:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">flask</span> <span class="kn">import</span> <span class="n">Flask</span><span class="p">,</span> <span class="n">make_response</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="n">render_template</span><span class="p">,</span> <span class="n">jsonify</span> <span class="kn">from</span> <span class="n">flask_cors</span> <span class="kn">import</span> <span class="n">CORS</span> <span class="n">app</span> <span class="o">=</span> <span class="nc">Flask</span><span class="p">(</span><span class="n">__name__</span><span class="p">)</span> <span class="nc">CORS</span><span class="p">(</span><span class="n">app</span><span class="o">=</span><span class="n">app</span><span class="p">)</span> <span class="nd">@app.route</span><span class="p">(</span><span class="sh">"</span><span class="s">/</span><span class="sh">"</span><span class="p">,</span> <span class="n">methods</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">GET</span><span class="sh">"</span><span class="p">])</span> <span class="k">def</span> <span class="nf">index</span><span class="p">():</span> <span class="k">return</span> <span class="nf">render_template</span><span class="p">(</span><span class="sh">"</span><span class="s">index.html</span><span class="sh">"</span><span class="p">)</span> <span class="nd">@app.route</span><span class="p">(</span><span class="sh">"</span><span class="s">/get-cookie/</span><span class="sh">"</span><span class="p">,</span> <span class="n">methods</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">GET</span><span class="sh">"</span><span class="p">])</span> <span class="k">def</span> <span class="nf">get_cookie</span><span class="p">():</span> <span class="n">response</span> <span class="o">=</span> <span class="nf">make_response</span><span class="p">(</span><span class="sh">"</span><span class="s">Here, take some cookie!</span><span class="sh">"</span><span class="p">)</span> <span class="n">response</span><span class="p">.</span><span class="nf">set_cookie</span><span class="p">(</span><span class="n">key</span><span class="o">=</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">,</span> <span class="n">value</span><span class="o">=</span><span class="sh">"</span><span class="s">3db4adj3d</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="n">response</span> <span class="nd">@app.route</span><span class="p">(</span><span class="sh">"</span><span class="s">/api/cities/</span><span class="sh">"</span><span class="p">,</span> <span class="n">methods</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">GET</span><span class="sh">"</span><span class="p">])</span> <span class="k">def</span> <span class="nf">cities</span><span class="p">():</span> <span class="k">if</span> <span class="n">request</span><span class="p">.</span><span class="n">cookies</span><span class="p">[</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">]</span> <span class="o">==</span> <span class="sh">"</span><span class="s">3db4adj3d</span><span class="sh">"</span><span class="p">:</span> <span class="n">cities</span> <span class="o">=</span> <span class="p">[{</span><span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Rome</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">:</span> <span class="mi">1</span><span class="p">},</span> <span class="p">{</span><span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Siena</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">:</span> <span class="mi">2</span><span class="p">}]</span> <span class="k">return</span> <span class="nf">jsonify</span><span class="p">(</span><span class="n">cities</span><span class="p">)</span> <span class="k">return</span> <span class="nf">jsonify</span><span class="p">(</span><span class="n">msg</span><span class="o">=</span><span class="sh">"</span><span class="s">Ops!</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p>Now try to click again the button with the browser's console open. In the console you should see:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:5000/api/cities/. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing) </code></pre> </div> <p>Despite we got the same error, this time the culprit lies in the second route.</p> <p><strong>There's no such cookie named "id" attached to the request</strong>, so Flask crashes and no <code>Access-Control-Allow-Origin</code> gets set.</p> <p>You can confirm this by looking at the request in the Network tab. No such <code>Cookie</code> is sent:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F100ivrq1r1byjcfy812r.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F100ivrq1r1byjcfy812r.png" alt="Fetch no cookies attached"></a></p> <p><strong>To include cookies in a Fetch requests across different origins we must provide the</strong> <code>credentials</code> <strong>flag (by default it's same origin).</strong> </p> <p><strong>Without this flag Fetch simply ignores cookies</strong>. To fix our example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">button</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nf">getElementsByTagName</span><span class="p">(</span><span class="dl">"</span><span class="s2">button</span><span class="dl">"</span><span class="p">)[</span><span class="mi">0</span><span class="p">];</span> <span class="nx">button</span><span class="p">.</span><span class="nf">addEventListener</span><span class="p">(</span><span class="dl">"</span><span class="s2">click</span><span class="dl">"</span><span class="p">,</span> <span class="kd">function</span><span class="p">()</span> <span class="p">{</span> <span class="nf">getACookie</span><span class="p">().</span><span class="nf">then</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="nf">getData</span><span class="p">());</span> <span class="p">});</span> <span class="kd">function</span> <span class="nf">getACookie</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">"</span><span class="s2">http://localhost:5000/get-cookie/</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">credentials</span><span class="p">:</span> <span class="dl">"</span><span class="s2">include</span><span class="dl">"</span> <span class="p">}).</span><span class="nf">then</span><span class="p">(</span><span class="nx">response</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// make sure to check response.ok in the real world!</span> <span class="k">return</span> <span class="nb">Promise</span><span class="p">.</span><span class="nf">resolve</span><span class="p">(</span><span class="dl">"</span><span class="s2">All good, fetch the data</span><span class="dl">"</span><span class="p">);</span> <span class="p">});</span> <span class="p">}</span> <span class="kd">function</span> <span class="nf">getData</span><span class="p">()</span> <span class="p">{</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">"</span><span class="s2">http://localhost:5000/api/cities/</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">credentials</span><span class="p">:</span> <span class="dl">"</span><span class="s2">include</span><span class="dl">"</span> <span class="p">})</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">response</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// make sure to check response.ok in the real world!</span> <span class="k">return</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="p">})</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">json</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">json</span><span class="p">));</span> <span class="p">}</span> </code></pre> </div> <p><code>credentials: "include"</code> has to be present on the first Fetch request, to save the cookie in the browser's Cookie storage:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nf">fetch</span><span class="p">(</span><span class="dl">"</span><span class="s2">http://localhost:5000/get-cookie/</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">credentials</span><span class="p">:</span> <span class="dl">"</span><span class="s2">include</span><span class="dl">"</span> <span class="p">})</span> </code></pre> </div> <p>It has also to be present on the second request to allow transmitting cookies back to the backend:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="nf">fetch</span><span class="p">(</span><span class="dl">"</span><span class="s2">http://localhost:5000/api/cities/</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">credentials</span><span class="p">:</span> <span class="dl">"</span><span class="s2">include</span><span class="dl">"</span> <span class="p">})</span> </code></pre> </div> <p>Try again, and you'll see we need to fix another error on the backend:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:5000/get-cookie/. (Reason: expected ‘true’ in CORS header ‘Access-Control-Allow-Credentials’). </code></pre> </div> <p>To <strong>allow cookie transmission</strong> in CORS requests, the backend needs to expose the <code>Access-Control-Allow-Credentials</code> header as well. Easy fix:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nc">CORS</span><span class="p">(</span><span class="n">app</span><span class="o">=</span><span class="n">app</span><span class="p">,</span> <span class="n">supports_credentials</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> </code></pre> </div> <p>Now you should see the expected array of cities in the browser's console.</p> <p><strong>Takeaways</strong>: to make cookies travel over AJAX requests between different origins provide:</p> <ul> <li> <code>credentials: "include"</code> on the frontend for Fetch </li> <li> <code>Access-Control-Allow-Credentials</code> and <code>Access-Control-Allow-Origin</code> on the backend.</li> </ul> <p><strong>Cookies can travel over AJAX requests, but they have to respect the domain rules we described earlier</strong>.</p> <p>Resources:</p> <ul> <li><a href="https://developer.mozilla.org/en-US/docs/Web/API/Request/credentials" rel="noopener noreferrer">Fetch request credentials</a></li> <li><a href="https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/withCredentials" rel="noopener noreferrer">XMLHttpRequest.withCredentials</a></li> <li><a href="https://www.youtube.com/watch?v=vfAHa5GBLio" rel="noopener noreferrer">Cross-origin fetches</a></li> </ul> <h2> A concrete example </h2> <p>Our previous example uses localhost to keep things simple and replicable on your local machine.</p> <p>To <strong>imagine cookie exchange over AJAX requests in the real world</strong> you can think of the following scenario:</p> <ol> <li>a user visits <a href="https://www.a-example.dev" rel="noopener noreferrer">https://www.a-example.dev</a> </li> <li>she clicks a button or makes some action which triggers a Fetch request to <a href="https://api.b-example.dev" rel="noopener noreferrer">https://api.b-example.dev</a> </li> <li> <a href="https://api.b-example.dev" rel="noopener noreferrer">https://api.b-example.dev</a> sets a cookie with <code>Domain=api.b-example.dev</code> </li> <li>on subsequent Fetch requests to <a href="https://api.b-example.dev" rel="noopener noreferrer">https://api.b-example.dev</a> the cookie is sent back</li> </ol> <h2> Cookies can be kind of secret: the Secure attribute </h2> <p><strong>But not so secret after all.</strong></p> <p>The <code>Secure</code> attribute for a cookie ensures that the cookie <strong>is never accepted over HTTP</strong>, that is, <strong>the browser rejects secure cookies unless the connection happens over HTTPS</strong>.</p> <p>To mark a cookie as <code>Secure</code> pass the attribute in the cookie:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Set-Cookie: "id=3db4adj3d; Secure" </code></pre> </div> <p>In Flask:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">response</span><span class="p">.</span><span class="nf">set_cookie</span><span class="p">(</span><span class="n">key</span><span class="o">=</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">,</span> <span class="n">value</span><span class="o">=</span><span class="sh">"</span><span class="s">3db4adj3d</span><span class="sh">"</span><span class="p">,</span> <span class="n">secure</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> </code></pre> </div> <p>If you want to try against a live environment, run the following command on the console and note how curl here <strong>does not save the cookie over HTTP</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-I</span> http://serene-bastion-01422.herokuapp.com/get-secure-cookie/ <span class="nt">--cookie-jar</span> - </code></pre> </div> <p><strong>Note</strong>: this will work only in curl 7.64.0 &gt;= which implements rfc6265bis. Older versions of curl implement RCF6265. <a href="https://github.com/curl/curl/issues/5473" rel="noopener noreferrer">See</a></p> <p>Over HTTPS instead, the cookie appears in the cookie jar:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-I</span> https://serene-bastion-01422.herokuapp.com/get-secure-cookie/ <span class="nt">--cookie-jar</span> - </code></pre> </div> <p>Here's the jar:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>serene-bastion-01422.herokuapp.com FALSE / TRUE 0 id 3db4adj3d </code></pre> </div> <p>To try the cookie in a browser visit both versions of the url above and check out the Cookie storage in the developer tool.</p> <p>Don't get fooled by <code>Secure</code>: browsers accept the cookie over <strong>HTTPS</strong>, but there's no protection for the cookie once it lands in the browser.</p> <p>For this reason a <code>Secure</code> <strong>cookie, like any cookie, is not intended for transmission of sensitive data</strong>, even if the name would suggest the opposite. </p> <h2> Don't touch my cookie: the HttpOnly attribute </h2> <p>The <code>HttpOnly</code> attribute for a cookie ensures that the cookie <strong>is not accessible by JavaScript code</strong>. This is the most <strong>important form of protection against XSS attacks</strong></p> <p>However, it is <strong>sent on each subsequent HTTP request</strong>, with respect of any permission enforced by <code>Domain</code> and <code>Path</code>.</p> <p>To mark a cookie as <code>HttpOnly</code> pass the attribute in the cookie:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Set-Cookie: "id=3db4adj3d; HttpOnly" </code></pre> </div> <p>In Flask:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">response</span><span class="p">.</span><span class="nf">set_cookie</span><span class="p">(</span><span class="n">key</span><span class="o">=</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">,</span> <span class="n">value</span><span class="o">=</span><span class="sh">"</span><span class="s">3db4adj3d</span><span class="sh">"</span><span class="p">,</span> <span class="n">httponly</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> </code></pre> </div> <p>A cookie marked as <code>HttpOnly</code> cannot be accessed from JavaScript: if inspected in the console, <code>document.cookie</code> returns an empty string. </p> <p>However, <strong>Fetch can get, and send back</strong> <code>HttpOnly</code> cookies when <code>credentials</code> is set to <code>include</code>, again, with respect of any permission enforced by <code>Domain</code> and <code>Path</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nf">fetch</span><span class="p">(</span><span class="cm">/* url */</span><span class="p">,</span> <span class="p">{</span> <span class="na">credentials</span><span class="p">:</span> <span class="dl">"</span><span class="s2">include</span><span class="dl">"</span> <span class="p">})</span> </code></pre> </div> <p>When to use <code>HttpOnly</code>? <strong>Whenever you can</strong>. Cookies should always be <code>HttpOnly</code>, unless there's a specific requirement for exposing them to runtime JavaScript.</p> <p>Resources:</p> <ul> <li><a href="https://owasp.org/www-community/attacks/xss/" rel="noopener noreferrer">What is XSS</a></li> <li><a href="https://blog.codinghorror.com/protecting-your-cookies-httponly/" rel="noopener noreferrer">Protecting Your Cookies: HttpOnly</a></li> </ul> <h2> The dreaded SameSite attribute </h2> <h3> First and third-party cookie </h3> <p>Consider a cookie acquired by visiting <a href="https://serene-bastion-01422.herokuapp.com/get-cookie/:" rel="noopener noreferrer">https://serene-bastion-01422.herokuapp.com/get-cookie/:</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Set-Cookie: simplecookiename=c00l-c00k13; Path=/ </code></pre> </div> <p>We refer to this kind of cookies as <strong>first-party</strong>. That is, I visit that URL in the browser, and if I visit the same URL, or another path of that site (provided that <code>Path</code> is <strong>/</strong>) the browser sends the cookie back to the website. Normal cookie stuff.</p> <p>Now consider another web page at <a href="https://serene-bastion-01422.herokuapp.com/get-frog/" rel="noopener noreferrer">https://serene-bastion-01422.herokuapp.com/get-frog/</a>. This page sets a cookie as well, and in addition it <strong>loads an image from a remote resource</strong> hosted at <a href="https://www.valentinog.com/cookie-frog.jpg" rel="noopener noreferrer">https://www.valentinog.com/cookie-frog.jpg</a>. </p> <p>This <strong>remote resource in turns sets a cookie on its own</strong>. You can see the actual scenario in this picture:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F5bujf8chhir8n49e52pw.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F5bujf8chhir8n49e52pw.png" alt="Third-party-cookie"></a></p> <p><strong>Note</strong>: If you're on Chrome 85 you won't see this cookie. Starting from this version Chrome rejects it.</p> <p>We refer to this kind of cookies as <strong>third-party</strong>. Another example of third-party cookie:</p> <ol> <li>a user visits <a href="https://www.a-example.dev" rel="noopener noreferrer">https://www.a-example.dev</a> </li> <li>she clicks a button or makes some action which triggers a Fetch request to <a href="https://api.b-example.dev" rel="noopener noreferrer">https://api.b-example.dev</a> </li> <li> <a href="https://api.b-example.dev" rel="noopener noreferrer">https://api.b-example.dev</a> sets a cookie with <code>Domain=api.b-example.dev</code> </li> <li>now the page at <a href="https://www.a-example.dev" rel="noopener noreferrer">https://www.a-example.dev</a> holds a <strong>third-party</strong> cookie from <a href="https://api.b-example.dev" rel="noopener noreferrer">https://api.b-example.dev</a> </li> </ol> <h3> Working with SameSite </h3> <p>At the time of writing, third-party cookies causes a warning to pop up in the <strong>Chrome</strong> console:</p> <blockquote> <p>"A cookie associated with a cross-site resource at <a href="http://www.valentinog.com/" rel="noopener noreferrer">http://www.valentinog.com/</a> was set without the SameSite attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure.</p> </blockquote> <p>What the browser is trying to say is that <strong>third-party cookies</strong> must have the new <code>SameSite</code> attribute. But why?</p> <p>The <code>SameSite</code> attribute is a <strong>new feature aimed at improving cookie security</strong> to: prevent <strong>Cross Site Request Forgery attacks</strong>, avoid privacy leaks.</p> <p><code>SameSite</code> can be assigned one of these three values:</p> <ul> <li><strong>Strict</strong></li> <li><strong>Lax</strong></li> <li><strong>None</strong></li> </ul> <p>If we are a service providing embeddable widgets (iframes), or we need to put cookies in remote websites (for a good reason and not for wild tracking), these cookies must be marked as <code>SameSite=None</code>, and <code>Secure</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Set-Cookie: frogcookie=fr0g-c00k13; SameSite=None; Secure </code></pre> </div> <p>Failing to do so will make the <strong>browser reject the third-party cookie</strong>. Here's what browsers are going to do in the near future:</p> <blockquote> <p>A cookie associated with a cross-site resource at <a href="http://www.valentinog.com/" rel="noopener noreferrer">http://www.valentinog.com/</a> was set without the SameSite attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with SameSite=None and Secure.</p> </blockquote> <p>In other words <code>SameSite=None; Secure</code> will make third-party cookies work as they work today, the only difference being that they must be transmitted only over HTTPS.</p> <p>A cookie configured this way is sent alongside each request if domain and path matches. This is the normal behaviour.</p> <p>Worth noting, <code>SameSite</code> does not concern only third-party cookies.</p> <p>By default, <strong><a href="https://www.chromestatus.com/feature/5088147346030592" rel="noopener noreferrer">browsers will enforce</a></strong> <code>SameSite=Lax</code> <strong>on all cookies, both first-party and third-party, if the attribute is missing</strong>. Here's Firefox Nightly on a first-party cookie:</p> <blockquote> <p>Cookie "get_frog_simplecookiename" has "sameSite" policy set to "lax" because it is missing a "sameSite" attribute, and "sameSite=lax" is the default value for this attribute.</p> </blockquote> <p>A <code>SameSite=Lax</code> cookie is sent back with <strong>safe HTTP methods</strong>, namely GET, HEAD, OPTIONS, and TRACE. <strong>POST requests instead won't carry the cookie.</strong></p> <p>Third-party cookies with <code>SameSite=Strict</code> instead will be rejected altogether by the browser.</p> <p>To recap, <strong>here's the browser's behaviour for the different values of</strong> <code>SameSite</code>:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>VALUE</th> <th>INCOMING COOKIE</th> <th>OUTGOING COOKIE</th> </tr> </thead> <tbody> <tr> <td>Strict</td> <td>Reject</td> <td>-</td> </tr> <tr> <td>Lax</td> <td>Accept</td> <td>Send with safe HTTP methods</td> </tr> <tr> <td>None + Secure</td> <td>Accept</td> <td>Send</td> </tr> </tbody> </table></div> <p>To learn more about <code>SameSite</code> and to understand in detail all the use cases for this attribute, go read these fantastic resources:</p> <ul> <li><a href="https://blog.heroku.com/chrome-changes-samesite-cookie" rel="noopener noreferrer">Prepare for SameSite Cookie Updates</a></li> <li><a href="https://web.dev/samesite-cookies-explained/" rel="noopener noreferrer">SameSite cookies explained</a></li> <li><a href="https://web.dev/samesite-cookie-recipes/" rel="noopener noreferrer">SameSite cookie recipes</a></li> <li><a href="https://scotthelme.co.uk/tough-cookies/" rel="noopener noreferrer">Tough Cookies</a></li> <li> <a href="https://scotthelme.co.uk/csrf-is-dead/" rel="noopener noreferrer">Cross-Site Request Forgery is dead!</a> </li> <li><a href="https://scotthelme.co.uk/csrf-is-really-dead/" rel="noopener noreferrer">CSRF is (really) dead</a></li> </ul> <h2> Cookies and authentication </h2> <p>Authentication is one of the most challenging tasks in web development. There seems to be so much confusion around this topic, as token based authentication with JWT seems to supersede "old", solid patterns like <strong>session based authentication</strong>.</p> <p>Let's see what role cookies play here.</p> <h3> Session based authentication </h3> <p><strong>Authentication</strong> is one of the most common use case for cookies.</p> <p>When you visit a website that requests authentication, on credential submit (through a form for example) the backend sends under the hood a <code>Set-Cookie</code> header to the frontend.</p> <p>A typical session cookie looks like the following:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Set-Cookie: sessionid=sty1z3kz11mpqxjv648mqwlx4ginpt6c; expires=Tue, 09 Jun 2020 15:46:52 GMT; HttpOnly; Max-Age=1209600; Path=/; SameSite=Lax </code></pre> </div> <p>In this <code>Set-Cookie</code> header the server may include a cookie named <strong>session, session id, or similar</strong>.</p> <p>This is the only identifier that the browser can see in the clear. Any time the <strong>authenticated user requests a new page to the backend, the browser sends back the session cookie</strong>.</p> <p>At this point the backend pairs the session id with the session stored on a storage behind the scenes to properly identify the user.</p> <p>Session based authentication is know as <strong>stateful</strong> because the backend has to keep track of sessions for each user. The storage for these sessions might be: </p> <ul> <li>a database</li> <li>a key/value store like Redis</li> <li>the filesystem</li> </ul> <p>Of these three session storages, Redis or the like should be preferred over database or filesystem.</p> <p>Note that session based authentication has <strong>nothing to do with the browser's Session Storage</strong>. </p> <p>It's called <strong>session based</strong> only because the relevant data for user identification lives in the backend's session storage, which is not the same thing as a browser's Session Storage. </p> <h3> When to use session based authentication? </h3> <p>Use it <strong>whenever you can</strong>. <strong>Session based authentication is one of the simplest, secure, and straightforward form of authentication for websites</strong>. It's available by default on all the most popular web frameworks like Django.</p> <p>But, its <strong>stateful</strong> nature is also its main drawback, especially when a website is served by a load balancer. In this case, techniques like <strong>sticky sessions</strong>, or <strong>storing sessions on a centralized Redis storage</strong> can help.</p> <h3> A note on JWT </h3> <p><strong>JWT, short for JSON Web Tokens</strong>, is an authentication mechanism, rising in popularity in recent years.</p> <p>JWT is well suited for single page and mobile applications, but it presents a new set of challenges. The typical flow for a frontend application wanting to authenticate against an API is the following:</p> <ol> <li>Frontend sends credentials to the backend</li> <li>Backend checks credentials and sends back a token</li> <li>Frontend sends the token on each subsequent request</li> </ol> <p>The main question which comes up with this approach is: <strong>where do I store this token in the frontend for keeping the user logged in?</strong></p> <p>The most natural thing to do for someone who writes JavaScript is to save the token in <code>localStorage</code>. This <strong>is bad for so many reasons</strong>.</p> <p><code>localStorage</code> is easily accessible from JavaScript code, and it's an <strong>easy target for XSS attacks</strong>.</p> <p>To overcome this issue, most developers resort to save the <strong>JWT token in a cookie</strong> thinking that <code>HttpOnly</code> and <code>Secure</code> can protect the cookie, at least from XSS attacks.</p> <p>The new <code>SameSite</code> attribute, set to <code>SameSite=Strict</code> would also protect your "cookified " JWT from CSRF attacks. But, is <strong>also completely invalidates the use case for JWT in first instance</strong> because <code>SameSite=Strict</code> does not sends cookies on cross-origin requests!</p> <p>How about <code>SameSite=Lax</code> then? This mode allows sending cookies back with <strong>safe HTTP methods</strong>, namely GET, HEAD, OPTIONS, and TRACE. POST requests won't transmit the cookie either way.</p> <p>Really, storing a JWT token in a cookie or in <code>localStorage</code> are both <strong>bad ideas.</strong> </p> <p>If you really want to use JWT instead of sticking with session based auth, and scaling your session storage, <strong>you might want to use JWT with refresh tokens</strong> to keep the user logged in.</p> <p>Resources:</p> <ul> <li><a href="https://hasura.io/blog/best-practices-of-using-jwt-with-graphql/" rel="noopener noreferrer">The Ultimate Guide to handling JWTs on frontend clients (GraphQL)</a></li> <li><a href="http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/" rel="noopener noreferrer">Stop using JWT for sessions</a></li> <li><a href="https://www.rdegges.com/2018/please-stop-using-local-storage/" rel="noopener noreferrer">Please, stop using localStorage</a></li> </ul> <h2> Wrapping up </h2> <p>HTTP cookies have been there since 1994. They're everywhere.</p> <p>Cookies are simple text strings, but they can be fine tuned for permissions, with <code>Domain</code> and <code>Path</code>, transmitted only over HTTPS with <code>Secure</code>, hide from JavaScript with <code>HttpOnly</code>.</p> <p>A cookie might be used for personalization of the user's experience, user authentication, or shady purposes like tracking.</p> <p>But, for all the intended uses, <strong>cookies can expose users to attacks and vulnerabilities</strong>. </p> <p>Browser's vendors and the Internet Engineering Task Force have worked year after year to improve cookie security, the last recent step being <code>SameSite</code>.</p> <p>So what makes a secure cookie? There isn't such a thing. We could consider relatively secure a cookie that:</p> <ul> <li>travels only over HTTPS, that is, has <code>Secure</code> </li> <li>has <code>HttpOnly</code> whenever possible</li> <li>has the proper <code>SameSite</code> configuration</li> <li>does not carry sensitive data</li> </ul> <p>Thanks for reading!</p> <h2> Further resources </h2> <ul> <li><a href="https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-02" rel="noopener noreferrer">IETF on cookies</a></li> <li><a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie" rel="noopener noreferrer">Set-Cookie on MDN</a></li> <li><a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies" rel="noopener noreferrer">HTTP Cookies on MDN</a></li> </ul> <p>Icon in the featured picture by <a href="https://www.flaticon.com/authors/freepik" rel="noopener noreferrer">freepik</a>.</p> beginners http javascript python Valentino Gagliardi Tue, 15 Sep 2020 15:01:54 +0000 https://dev.to/valentinogagliardi/var-let-and-const-in-javascript-a-cheatsheet-14k https://dev.to/valentinogagliardi/var-let-and-const-in-javascript-a-cheatsheet-14k <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--W_W_zlaH--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/v3xxscd3pitf3rtuhhe9.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--W_W_zlaH--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/v3xxscd3pitf3rtuhhe9.png" alt="var, let, and const in JavaScript: a cheatsheet" width="880" height="827"></a></p> <h2> var </h2> <p>The <code>var</code> statement declares a variable in JavaScript which abides to the following rules:</p> <ul> <li>is function-scoped or globally-scoped.</li> <li>is not subject to the temporal dead zone.</li> <li>it creates a global property on <code>window</code> with the same name.</li> <li>is <strong>reassignable</strong>.</li> <li>is <strong>redeclarable</strong>.</li> </ul> <h3> Function-scoped or globally-scoped </h3> <p><code>var</code> creates a global variable when appears in the global scope. In addition, it creates a <strong>global property</strong> on <code>window</code> with the same name:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">var</span> <span class="nx">city</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Florence</span><span class="dl">"</span><span class="p">;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nb">window</span><span class="p">.</span><span class="nx">city</span><span class="p">);</span> <span class="c1">// "Florence"</span> </code></pre> </div> <p>When declared inside a function, the variable is scoped to that function:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">var</span> <span class="nx">city</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Florence</span><span class="dl">"</span><span class="p">;</span> <span class="kd">function</span> <span class="nx">bubble</span><span class="p">()</span> <span class="p">{</span> <span class="kd">var</span> <span class="nx">city</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Siena</span><span class="dl">"</span><span class="p">;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">city</span><span class="p">);</span> <span class="p">}</span> <span class="nx">bubble</span><span class="p">();</span> <span class="c1">// "Siena"</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">city</span><span class="p">);</span> <span class="c1">// "Florence"</span> </code></pre> </div> <p><code>var</code> declarations are subject to hoisting:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nx">bubble</span><span class="p">()</span> <span class="p">{</span> <span class="nx">city</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Siena</span><span class="dl">"</span><span class="p">;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">city</span><span class="p">);</span> <span class="kd">var</span> <span class="nx">city</span><span class="p">;</span> <span class="c1">// hoists</span> <span class="p">}</span> <span class="nx">bubble</span><span class="p">();</span> <span class="c1">// "Siena"</span> </code></pre> </div> <h3> Accidental global variables </h3> <p>Variables assigned without any statement, be it <code>var</code>, <code>let</code>, or <code>const</code>, become <strong>global variables</strong> by default:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nx">bubble</span><span class="p">()</span> <span class="p">{</span> <span class="nx">city</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Siena</span><span class="dl">"</span><span class="p">;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nb">window</span><span class="p">.</span><span class="nx">city</span><span class="p">);</span> <span class="p">}</span> <span class="nx">bubble</span><span class="p">();</span> <span class="c1">// "Siena"</span> </code></pre> </div> <p>To neutralize this behaviour we use <strong>strict mode</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="dl">"</span><span class="s2">use strict</span><span class="dl">"</span><span class="p">;</span> <span class="kd">function</span> <span class="nx">bubble</span><span class="p">()</span> <span class="p">{</span> <span class="nx">city</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Siena</span><span class="dl">"</span><span class="p">;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nb">window</span><span class="p">.</span><span class="nx">city</span><span class="p">);</span> <span class="p">}</span> <span class="nx">bubble</span><span class="p">();</span> <span class="c1">// ReferenceError: assignment to undeclared variable city</span> </code></pre> </div> <h3> reassignable and redeclarable </h3> <p>Any variable declared with <code>var</code> can be later <strong>reassigned, or redeclared</strong>. An example of redeclaration:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nx">bubble</span><span class="p">()</span> <span class="p">{</span> <span class="kd">var</span> <span class="nx">city</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Florence</span><span class="dl">"</span><span class="p">;</span> <span class="kd">var</span> <span class="nx">city</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Siena</span><span class="dl">"</span><span class="p">;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">city</span><span class="p">);</span> <span class="p">}</span> <span class="nx">bubble</span><span class="p">();</span> <span class="c1">// "Siena"</span> </code></pre> </div> <p>An example of reassignation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nx">bubble</span><span class="p">()</span> <span class="p">{</span> <span class="kd">var</span> <span class="nx">city</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Siena</span><span class="dl">"</span><span class="p">;</span> <span class="nx">city</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Florence</span><span class="dl">"</span><span class="p">;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">city</span><span class="p">);</span> <span class="p">}</span> <span class="nx">bubble</span><span class="p">();</span> <span class="c1">// "Florence"</span> </code></pre> </div> <h2> let </h2> <p>The <code>let</code> statement declares a variable in JavaScript which abides to the following rules:</p> <ul> <li>is block scoped.</li> <li>is subject to the <strong>temporal dead zone</strong>.</li> <li>it does not create any global property on <code>window</code>.</li> <li>is <strong>reassignable</strong>.</li> <li>is <strong>not redeclarable</strong>.</li> </ul> <h3> Block scoped </h3> <p>A variable declared with <code>let</code> does not create any global property on <code>window</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">let</span> <span class="nx">city</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Florence</span><span class="dl">"</span><span class="p">;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nb">window</span><span class="p">.</span><span class="nx">city</span><span class="p">);</span> <span class="c1">// undefined</span> </code></pre> </div> <p>When declared inside a function, the variable is scoped to that function:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">let</span> <span class="nx">city</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Florence</span><span class="dl">"</span><span class="p">;</span> <span class="kd">function</span> <span class="nx">bubble</span><span class="p">()</span> <span class="p">{</span> <span class="kd">let</span> <span class="nx">city</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Siena</span><span class="dl">"</span><span class="p">;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">city</span><span class="p">);</span> <span class="p">}</span> <span class="nx">bubble</span><span class="p">();</span> <span class="c1">// "Siena"</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">city</span><span class="p">);</span> <span class="c1">// "Florence"</span> </code></pre> </div> <p>When declared inside a <strong>block</strong>, the variable is scoped to that block. An example with the block statement:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">let</span> <span class="nx">city</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Florence</span><span class="dl">"</span><span class="p">;</span> <span class="p">{</span> <span class="kd">let</span> <span class="nx">city</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Siena</span><span class="dl">"</span><span class="p">;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">city</span><span class="p">);</span> <span class="c1">// "Siena";</span> <span class="p">}</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">city</span><span class="p">);</span> <span class="c1">// "Florence"</span> </code></pre> </div> <p>An example with an <code>if</code> block:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">let</span> <span class="nx">city</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Florence</span><span class="dl">"</span><span class="p">;</span> <span class="k">if</span> <span class="p">(</span><span class="kc">true</span><span class="p">)</span> <span class="p">{</span> <span class="kd">let</span> <span class="nx">city</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Siena</span><span class="dl">"</span><span class="p">;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">city</span><span class="p">);</span> <span class="c1">// "Siena";</span> <span class="p">}</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">city</span><span class="p">);</span> <span class="c1">// "Florence"</span> </code></pre> </div> <p><code>var</code> instead, doesn't care about blocks:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">var</span> <span class="nx">city</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Florence</span><span class="dl">"</span><span class="p">;</span> <span class="p">{</span> <span class="kd">var</span> <span class="nx">city</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Siena</span><span class="dl">"</span><span class="p">;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">city</span><span class="p">);</span> <span class="c1">// "Siena";</span> <span class="p">}</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nb">window</span><span class="p">.</span><span class="nx">city</span><span class="p">);</span> <span class="c1">// "Siena"</span> </code></pre> </div> <h3> Temporal dead zone </h3> <p><code>let</code> declarations are subject to hoisting, but <strong>temporal dead zone kicks in</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nx">bubble</span><span class="p">()</span> <span class="p">{</span> <span class="nx">city</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Siena</span><span class="dl">"</span><span class="p">;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">city</span><span class="p">);</span> <span class="c1">// TDZ</span> <span class="kd">let</span> <span class="nx">city</span><span class="p">;</span> <span class="p">}</span> <span class="nx">bubble</span><span class="p">();</span> <span class="c1">// ReferenceError: can't access lexical declaration 'city' before initialization</span> </code></pre> </div> <p><strong>Temporal dead zone prevents access to</strong> <code>let</code> declarations before their initialization. Another example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nx">bubble</span><span class="p">()</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">city</span><span class="p">);</span> <span class="c1">// TDZ</span> <span class="kd">let</span> <span class="nx">city</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Siena</span><span class="dl">"</span><span class="p">;</span> <span class="p">}</span> <span class="nx">bubble</span><span class="p">();</span> <span class="c1">// ReferenceError: can't access lexical declaration 'city' before initialization</span> </code></pre> </div> <p>We can see that the exceptions are the same in both examples: the proof that <strong>temporal dead zone</strong> kicked in.</p> <p>Further resources on the topic: <a href="http://jsrocks.org/2015/01/temporal-dead-zone-tdz-demystified">Temporal dead zone demystified</a>.</p> <h3> Reassignable, not redeclarable </h3> <p>Any variable declared with <code>let</code> <strong>can't be redeclared</strong>. An example of redeclaration which throws:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nx">bubble</span><span class="p">()</span> <span class="p">{</span> <span class="kd">let</span> <span class="nx">city</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Siena</span><span class="dl">"</span><span class="p">;</span> <span class="kd">let</span> <span class="nx">city</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Florence</span><span class="dl">"</span><span class="p">;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">city</span><span class="p">);</span> <span class="p">}</span> <span class="nx">bubble</span><span class="p">();</span> <span class="c1">// SyntaxError: redeclaration of let city</span> </code></pre> </div> <p>An example of valid <strong>reassignation</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nx">bubble</span><span class="p">()</span> <span class="p">{</span> <span class="kd">let</span> <span class="nx">city</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Siena</span><span class="dl">"</span><span class="p">;</span> <span class="nx">city</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Florence</span><span class="dl">"</span><span class="p">;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">city</span><span class="p">);</span> <span class="p">}</span> <span class="nx">bubble</span><span class="p">();</span> <span class="c1">// "Florence"</span> </code></pre> </div> <h2> const </h2> <p>The <code>const</code> statement declares a variable in JavaScript which abides to the following rules:</p> <ul> <li>is block scoped.</li> <li>is subject to the <strong>temporal dead zone</strong>.</li> <li>it does not create any global property on <code>window</code>.</li> <li>is <strong>not reassignable</strong>.</li> <li>is <strong>not redeclarable</strong>.</li> </ul> <h3> Block scoped </h3> <p>A variable declared with <code>const</code> does not create any global property on <code>window</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">city</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Florence</span><span class="dl">"</span><span class="p">;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nb">window</span><span class="p">.</span><span class="nx">city</span><span class="p">);</span> <span class="c1">// undefined</span> </code></pre> </div> <p>When declared inside a function, the variable is scoped to that function:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">city</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Florence</span><span class="dl">"</span><span class="p">;</span> <span class="kd">function</span> <span class="nx">bubble</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">city</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Siena</span><span class="dl">"</span><span class="p">;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">city</span><span class="p">);</span> <span class="p">}</span> <span class="nx">bubble</span><span class="p">();</span> <span class="c1">// "Siena"</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">city</span><span class="p">);</span> <span class="c1">// "Florence"</span> </code></pre> </div> <p>When declared inside a <strong>block</strong>, the variable is scoped to that block. An example with the block statement <code>{}</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">city</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Florence</span><span class="dl">"</span><span class="p">;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">city</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Siena</span><span class="dl">"</span><span class="p">;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">city</span><span class="p">);</span> <span class="c1">// "Siena";</span> <span class="p">}</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">city</span><span class="p">);</span> <span class="c1">// "Florence"</span> </code></pre> </div> <p>An example with an <code>if</code> block:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">city</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Florence</span><span class="dl">"</span><span class="p">;</span> <span class="k">if</span> <span class="p">(</span><span class="kc">true</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">city</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Siena</span><span class="dl">"</span><span class="p">;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">city</span><span class="p">);</span> <span class="c1">// "Siena";</span> <span class="p">}</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">city</span><span class="p">);</span> <span class="c1">// "Florence"</span> </code></pre> </div> <h3> Temporal dead zone </h3> <p><code>const</code> declarations are subject to hoisting, but <strong>temporal dead zone kicks in</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nx">bubble</span><span class="p">()</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">city</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">city</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Siena</span><span class="dl">"</span><span class="p">;</span> <span class="p">}</span> <span class="nx">bubble</span><span class="p">();</span> <span class="c1">// ReferenceError: can't access lexical declaration 'city' before initialization</span> </code></pre> </div> <h3> Not reassignable, not redeclarable </h3> <p>Any variable declared with <code>const</code> <strong>can't be redeclared, nor reassigned</strong>. An example of redeclaration which <a href="https://www.valentinog.com/blog/error/">throws</a>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nx">bubble</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">city</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Siena</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">city</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Florence</span><span class="dl">"</span><span class="p">;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">city</span><span class="p">);</span> <span class="p">}</span> <span class="nx">bubble</span><span class="p">();</span> <span class="c1">// SyntaxError: redeclaration of const city</span> </code></pre> </div> <p>An example of <strong>reassignation</strong> which trows as well:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nx">bubble</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">city</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Siena</span><span class="dl">"</span><span class="p">;</span> <span class="nx">city</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Florence</span><span class="dl">"</span><span class="p">;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">city</span><span class="p">);</span> <span class="p">}</span> <span class="nx">bubble</span><span class="p">();</span> <span class="c1">// TypeError: invalid assignment to const 'city'</span> </code></pre> </div> beginners javascript Valentino Gagliardi Mon, 14 Sep 2020 09:24:03 +0000 https://dev.to/valentinogagliardi/a-mostly-complete-guide-to-error-handling-in-javascript-min https://dev.to/valentinogagliardi/a-mostly-complete-guide-to-error-handling-in-javascript-min <h2> What is an error in programming? </h2> <p><strong>Things don't go always well</strong> in our programs.</p> <p>In particular, there are situations where we may want to <strong>stop the program or inform the user if something bad happens</strong>.</p> <p>For example:</p> <ul> <li>the program tried to open a non-existent file.</li> <li>the network connection is broken.</li> <li>the user entered invalid input.</li> </ul> <p>In all these cases we as programmers, create <strong>errors</strong>, or we let the programming engine create some for us. </p> <p>After creating the error we can inform the user with a message, or we can halt the execution altogether.</p> <h2> What is an error in JavaScript? </h2> <p>An <strong>error in JavaScript is an object</strong>, which is later <strong>thrown</strong> to halt the program.</p> <p>To create a new error in JavaScript we call the appropriate <strong>constructor function</strong>. For example, to create a new, generic error we can do:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">err</span> <span class="o">=</span> <span class="k">new</span> <span class="nb">Error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Something bad happened!</span><span class="dl">"</span><span class="p">);</span> </code></pre> </div> <p>When creating an error object it's also possible to omit the <code>new</code> keyword:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">err</span> <span class="o">=</span> <span class="nb">Error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Something bad happened!</span><span class="dl">"</span><span class="p">);</span> </code></pre> </div> <p>Once created, the error object presents three properties:</p> <ul> <li> <code>message</code>: a string with the error message.</li> <li> <code>name</code>: the error's type.</li> <li> <code>stack</code>: a stack trace of functions execution.</li> </ul> <p>For example, if we create a new <code>TypeError</code> object with the appropriate message, the <code>message</code> will carry the actual error string, while <code>name</code> will be <code>"TypeError"</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">wrongType</span> <span class="o">=</span> <span class="nx">TypeError</span><span class="p">(</span><span class="dl">"</span><span class="s2">Wrong type given, expected number</span><span class="dl">"</span><span class="p">);</span> <span class="nx">wrongType</span><span class="p">.</span><span class="nx">message</span><span class="p">;</span> <span class="c1">// "Wrong type given, expected number"</span> <span class="nx">wrongType</span><span class="p">.</span><span class="nx">name</span><span class="p">;</span> <span class="c1">// "TypeError"</span> </code></pre> </div> <p>Firefox also implements a bunch on non-standard property like <code>columnNumber</code>, <code>filename</code>, and <code>lineNumber</code>.</p> <h2> Many types of errors in JavaScript </h2> <p>There are many types of errors in JavaScript, namely:</p> <ul> <li><code>Error</code></li> <li><code>EvalError</code></li> <li><code>InternalError</code></li> <li><code>RangeError</code></li> <li><code>ReferenceError</code></li> <li><code>SyntaxError</code></li> <li><code>TypeError</code></li> <li><code>URIError</code></li> </ul> <p>Remember, all these error types are <strong>actual constructor functions</strong> meant to return a new error object.</p> <p>In your code you'll mostly use <code>Error</code> and <code>TypeError</code>, two of the most common types, to create your own error object.</p> <p>Most of the times, the majority of errors will come directly from the JavaScript engine, like <code>InternalError</code> or <code>SyntaxError</code>.</p> <p>An example of <code>TypeError</code> occurs when you try to reassign <code>const</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Jules</span><span class="dl">"</span><span class="p">;</span> <span class="nx">name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Caty</span><span class="dl">"</span><span class="p">;</span> <span class="c1">// TypeError: Assignment to constant variable.</span> </code></pre> </div> <p>An example of <code>SyntaxError</code> is when you misspell language keywords:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">va</span> <span class="nx">x</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">33</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// SyntaxError: Unexpected identifier</span> </code></pre> </div> <p>Or when you use reserved keywords in wrong places, like <code>await</code> outside of an <code>async</code> function:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nx">wrong</span><span class="p">(){</span> <span class="k">await</span> <span class="mi">99</span><span class="p">;</span> <span class="p">}</span> <span class="nx">wrong</span><span class="p">();</span> <span class="c1">// SyntaxError: await is only valid in async function</span> </code></pre> </div> <p>Another example of <code>TypeError</code> occurs when we select non-existent HTML elements in the page:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Uncaught TypeError: button is null </code></pre> </div> <p>In addition to these traditional error objects, an <code>AggregateError</code> object is going to land soon in JavaScript. <code>AggregateError</code> is convenient for wrapping multiple errors together, as we'll see later.</p> <p>Besides these built-in errors, in the browser we can find also:</p> <ul> <li> <code>DOMException</code>.</li> <li> <code>DOMError</code>, deprecated and no longer used today.</li> </ul> <p><code>DOMException</code> is a family of errors related to Web APIs. They are thrown when we do silly things in the browser, like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nb">document</span><span class="p">.</span><span class="nx">body</span><span class="p">.</span><span class="nx">appendChild</span><span class="p">(</span><span class="nb">document</span><span class="p">.</span><span class="nx">cloneNode</span><span class="p">(</span><span class="kc">true</span><span class="p">));</span> </code></pre> </div> <p>The result:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Uncaught DOMException: Node.appendChild: May not add a Document as a child </code></pre> </div> <p>For a complete list see <a href="https://developer.mozilla.org/en-US/docs/Web/API/DOMException">this page on MDN</a>.</p> <h2> What is an exception? </h2> <p>Most developers think that error and exceptions are the same thing. In reality, an <strong>error object becomes an exception only when it's thrown</strong>.</p> <p>To throw an exception in JavaScript we use <code>throw</code>, followed by the error object:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">wrongType</span> <span class="o">=</span> <span class="nx">TypeError</span><span class="p">(</span><span class="dl">"</span><span class="s2">Wrong type given, expected number</span><span class="dl">"</span><span class="p">);</span> <span class="k">throw</span> <span class="nx">wrongType</span><span class="p">;</span> </code></pre> </div> <p>The short form is more common, in most code bases you'll find:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">throw</span> <span class="nx">TypeError</span><span class="p">(</span><span class="dl">"</span><span class="s2">Wrong type given, expected number</span><span class="dl">"</span><span class="p">);</span> </code></pre> </div> <p>or<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">throw</span> <span class="k">new</span> <span class="nx">TypeError</span><span class="p">(</span><span class="dl">"</span><span class="s2">Wrong type given, expected number</span><span class="dl">"</span><span class="p">);</span> </code></pre> </div> <p>It's unlikely to throw exceptions outside of a function or a conditional block. Instead, consider the following example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nx">toUppercase</span><span class="p">(</span><span class="nx">string</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="k">typeof</span> <span class="nx">string</span> <span class="o">!==</span> <span class="dl">"</span><span class="s2">string</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="nx">TypeError</span><span class="p">(</span><span class="dl">"</span><span class="s2">Wrong type given, expected a string</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">string</span><span class="p">.</span><span class="nx">toUpperCase</span><span class="p">();</span> <span class="p">}</span> </code></pre> </div> <p>Here we check if the function argument is a string. If it's not we throw an exception.</p> <p>Technically, you could throw anything in JavaScript, not only error objects:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">throw</span> <span class="nb">Symbol</span><span class="p">();</span> <span class="k">throw</span> <span class="mi">33</span><span class="p">;</span> <span class="k">throw</span> <span class="dl">"</span><span class="s2">Error!</span><span class="dl">"</span><span class="p">;</span> <span class="k">throw</span> <span class="kc">null</span><span class="p">;</span> </code></pre> </div> <p>However, it's better to avoid these things: <strong>always throw proper error objects, not primitives</strong>. </p> <p>By doing so you keep error handling consistent through the codebase. Other team members can always expect to access <code>error.message</code> or <code>error.stack</code> on the error object.</p> <h2> What happens when we throw an exception? </h2> <p><strong>Exceptions are like an elevator going up</strong>: once you throw one, <strong>it bubbles up in the program stack, unless it is caught somewhere</strong>.</p> <p>Consider the following code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nx">toUppercase</span><span class="p">(</span><span class="nx">string</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="k">typeof</span> <span class="nx">string</span> <span class="o">!==</span> <span class="dl">"</span><span class="s2">string</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="nx">TypeError</span><span class="p">(</span><span class="dl">"</span><span class="s2">Wrong type given, expected a string</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">string</span><span class="p">.</span><span class="nx">toUpperCase</span><span class="p">();</span> <span class="p">}</span> <span class="nx">toUppercase</span><span class="p">(</span><span class="mi">4</span><span class="p">);</span> </code></pre> </div> <p>If you run this code in a browser or in Node.js, the program stops and reports the error:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Uncaught TypeError: Wrong type given, expected a string toUppercase http://localhost:5000/index.js:3 &lt;anonymous&gt; http://localhost:5000/index.js:9 </code></pre> </div> <p>In addition, you can see the exact line where the error happened.</p> <p>This report is a <strong>stack trace</strong>, and it's helpful for tracking down problems in your code.</p> <p>The stack trace goes from bottom to top. So here:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> toUppercase http://localhost:5000/index.js:3 &lt;anonymous&gt; http://localhost:5000/index.js:9 </code></pre> </div> <p>We can say:</p> <ul> <li>something in the program at line 9 called <code>toUppercase</code> </li> <li> <code>toUppercase</code> blew up at line 3</li> </ul> <p>In addition to seeing this stack trace in the browser's console, you can access it on the <code>stack</code> property of the error object.</p> <p>If the exception is <strong>uncaught</strong>, that is, nothing is done by the programmer to catch it, the program will crash.</p> <p><strong>When, and where you catch an exception in your code depends on the specific use case</strong>.</p> <p>For example <strong>you may want to propagate an exception up in the stack to crash the program altogether</strong>. This could happen for fatal errors, when it's safer to stop the program rather than working with invalid data.</p> <p>Having introduced the basics let's now turn our attention to <strong>error and exception handling in both synchronous and asynchronous JavaScript code</strong>.</p> <h2> Synchronous error handling </h2> <p>Synchronous code is most of the times straightforward, and so its error handling.</p> <h3> Error handling for regular functions </h3> <p>Synchronous code is executed in the same order in which is written. Let's take again the previous example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nx">toUppercase</span><span class="p">(</span><span class="nx">string</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="k">typeof</span> <span class="nx">string</span> <span class="o">!==</span> <span class="dl">"</span><span class="s2">string</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="nx">TypeError</span><span class="p">(</span><span class="dl">"</span><span class="s2">Wrong type given, expected a string</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">string</span><span class="p">.</span><span class="nx">toUpperCase</span><span class="p">();</span> <span class="p">}</span> <span class="nx">toUppercase</span><span class="p">(</span><span class="mi">4</span><span class="p">);</span> </code></pre> </div> <p>Here the engine calls and executes <code>toUppercase</code>. All happens <strong>synchronously</strong>. To <strong>catch</strong> an exception originating by such synchronous function we can use <code>try/catch/finally</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">try</span> <span class="p">{</span> <span class="nx">toUppercase</span><span class="p">(</span><span class="mi">4</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">error</span><span class="p">(</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">);</span> <span class="c1">// or log remotely</span> <span class="p">}</span> <span class="k">finally</span> <span class="p">{</span> <span class="c1">// clean up</span> <span class="p">}</span> </code></pre> </div> <p>Usually, <code>try</code> deals with the happy path, or with the function call that could potentially throw.</p> <p><code>catch</code> instead, <strong>captures the actual exception</strong>. It <strong>receives the error object</strong>, which we can inspect (and send remotely to some logger in production).</p> <p>The <code>finally</code> statement on the other hand runs regardless of the function's outcome: whether it failed or succeeded, any code inside <code>finally</code> will run.</p> <p>Remember: <code>try/catch/finally</code> is a <strong>synchronous</strong> construct: <strong>it has now way to catch exceptions coming from asynchronous code</strong>.</p> <h3> Error handling for generator functions </h3> <p>A generator function in JavaScript is a special type of function.</p> <p>It can be <strong>paused and resumed at will</strong>, other than providing a <strong>bi-directional communication channel</strong> between its inner scope and the consumer.</p> <p>To create a generator function we put a star <code>*</code> after the <code>function</code> keyword:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span><span class="o">*</span> <span class="nx">generate</span><span class="p">()</span> <span class="p">{</span> <span class="c1">//</span> <span class="p">}</span> </code></pre> </div> <p>Once inside the function we can use <code>yield</code> to return values:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span><span class="o">*</span> <span class="nx">generate</span><span class="p">()</span> <span class="p">{</span> <span class="k">yield</span> <span class="mi">33</span><span class="p">;</span> <span class="k">yield</span> <span class="mi">99</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>The <strong>return value from a generator function</strong> is an <strong>iterator object</strong>. To <strong>pull values out a generator</strong> we can use two approaches:</p> <ul> <li>calling <code>next()</code> on the iterator object.</li> <li> <strong>iteration</strong> with <code>for...of</code>.</li> </ul> <p>If we take our example, to get values from the generator we can do:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span><span class="o">*</span> <span class="nx">generate</span><span class="p">()</span> <span class="p">{</span> <span class="k">yield</span> <span class="mi">33</span><span class="p">;</span> <span class="k">yield</span> <span class="mi">99</span><span class="p">;</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">go</span> <span class="o">=</span> <span class="nx">generate</span><span class="p">();</span> </code></pre> </div> <p>Here <code>go</code> becomes our iterator object when we call the generator function.</p> <p>From now on we can call <code>go.next()</code> to advance the execution:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span><span class="o">*</span> <span class="nx">generate</span><span class="p">()</span> <span class="p">{</span> <span class="k">yield</span> <span class="mi">33</span><span class="p">;</span> <span class="k">yield</span> <span class="mi">99</span><span class="p">;</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">go</span> <span class="o">=</span> <span class="nx">generate</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">firstStep</span> <span class="o">=</span> <span class="nx">go</span><span class="p">.</span><span class="nx">next</span><span class="p">().</span><span class="nx">value</span><span class="p">;</span> <span class="c1">// 33</span> <span class="kd">const</span> <span class="nx">secondStep</span> <span class="o">=</span> <span class="nx">go</span><span class="p">.</span><span class="nx">next</span><span class="p">().</span><span class="nx">value</span><span class="p">;</span> <span class="c1">// 99</span> </code></pre> </div> <p>Generators also work the other way around: <strong>they can accept values and exceptions back from the caller</strong>.</p> <p>In addition to <code>next()</code>, iterator objects returned from generators have a <code>throw()</code> method.</p> <p>With this method we can halt the program by injecting an exception into the generator:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span><span class="o">*</span> <span class="nx">generate</span><span class="p">()</span> <span class="p">{</span> <span class="k">yield</span> <span class="mi">33</span><span class="p">;</span> <span class="k">yield</span> <span class="mi">99</span><span class="p">;</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">go</span> <span class="o">=</span> <span class="nx">generate</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">firstStep</span> <span class="o">=</span> <span class="nx">go</span><span class="p">.</span><span class="nx">next</span><span class="p">().</span><span class="nx">value</span><span class="p">;</span> <span class="c1">// 33</span> <span class="nx">go</span><span class="p">.</span><span class="k">throw</span><span class="p">(</span><span class="nb">Error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Tired of iterating!</span><span class="dl">"</span><span class="p">));</span> <span class="kd">const</span> <span class="nx">secondStep</span> <span class="o">=</span> <span class="nx">go</span><span class="p">.</span><span class="nx">next</span><span class="p">().</span><span class="nx">value</span><span class="p">;</span> <span class="c1">// never reached</span> </code></pre> </div> <p>To catch such error you would wrap your code inside the generator with <code>try/catch</code> (and <code>finally</code> if needed):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span><span class="o">*</span> <span class="nx">generate</span><span class="p">()</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="k">yield</span> <span class="mi">33</span><span class="p">;</span> <span class="k">yield</span> <span class="mi">99</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">error</span><span class="p">(</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Generator functions can also throw exceptions to the outside. The mechanism for catching these exceptions is the same for catching synchronous exceptions: <code>try/catch/finally</code>. </p> <p>Here's an example of a generator function consumed from the outside with <code>for...of</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span><span class="o">*</span> <span class="nx">generate</span><span class="p">()</span> <span class="p">{</span> <span class="k">yield</span> <span class="mi">33</span><span class="p">;</span> <span class="k">yield</span> <span class="mi">99</span><span class="p">;</span> <span class="k">throw</span> <span class="nb">Error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Tired of iterating!</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="k">try</span> <span class="p">{</span> <span class="k">for</span> <span class="p">(</span><span class="kd">const</span> <span class="nx">value</span> <span class="k">of</span> <span class="nx">generate</span><span class="p">())</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">value</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">error</span><span class="p">(</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">);</span> <span class="p">}</span> <span class="cm">/* Output: 33 99 Tired of iterating! */</span> </code></pre> </div> <p>Here we iterate the happy path inside a <code>try</code> block. If any exceptions occurs we stop it with <code>catch</code>.</p> <h2> Asynchronous error handling </h2> <p>JavaScript is synchronous by nature, being a single-threaded language.</p> <p>Host environments like browsers engines augment JavaScript with a number of Web API for interacting with external systems, and for dealing with I/O bound operations.</p> <p>Examples of asynchronicity in the browser are <strong>timeouts, events, Promise</strong>.</p> <p><strong>Error handling in the asynchronous world</strong> is distinct from its synchronous counterpart.</p> <p>Let's see some examples.</p> <h3> Error handling for timers </h3> <p>In the beginning of your explorations with JavaScript, after learning about <code>try/catch/finally</code>, you might be tempted to put it around any block of code.</p> <p>Consider the following snippet:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nx">failAfterOneSecond</span><span class="p">()</span> <span class="p">{</span> <span class="nx">setTimeout</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">throw</span> <span class="nb">Error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Something went wrong!</span><span class="dl">"</span><span class="p">);</span> <span class="p">},</span> <span class="mi">1000</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>This function throws after roughly 1 second. What's the right way to handle this exception?</p> <p>The following example <strong>does not work</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nx">failAfterOneSecond</span><span class="p">()</span> <span class="p">{</span> <span class="nx">setTimeout</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">throw</span> <span class="nb">Error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Something went wrong!</span><span class="dl">"</span><span class="p">);</span> <span class="p">},</span> <span class="mi">1000</span><span class="p">);</span> <span class="p">}</span> <span class="k">try</span> <span class="p">{</span> <span class="nx">failAfterOneSecond</span><span class="p">();</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">error</span><span class="p">(</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>As we said, <code>try/catch</code> is synchronous. On the other hand we have <code>setTimeout</code>, a browser API for timers.</p> <p>By the time the callback passed to <code>setTimeout</code> runs, our <code>try/catch</code> is <strong>long gone</strong>. The program will crash because we failed to capture the exception.</p> <p><strong>They travel on two different tracks</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Track A: --&gt; try/catch Track B: --&gt; setTimeout --&gt; callback --&gt; throw </code></pre> </div> <p>If we don't want to crash the program, to handle the error correctly we must move <code>try/catch</code> inside the callback for <code>setTimeout</code>.</p> <p>But, this approach doesn't make much sense most of the times. As we'll see later, <strong>asynchronous error handling with Promises provides a better ergonomic</strong>.</p> <h3> Error handling for events </h3> <p>HTML nodes in the Document Object Model are connected to <code>EventTarget</code>, the common ancestor for any event emitter in the browser.</p> <p>That means we can <a href="https://www.valentinog.com/blog/event/#how-does-event-driven-applies-to-javascript-in-the-browser">listen for events on any HTML element in the page</a>.</p> <p>(<a href="https://nodejs.org/api/events.html#events_eventtarget_and_event_api">Node.js will support</a> <code>EventTarget</code> in a future release).</p> <p>The <strong>error handling mechanics for DOM events follows the same scheme of any asynchronous</strong> Web API.</p> <p>Consider the following example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">button</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nx">querySelector</span><span class="p">(</span><span class="dl">"</span><span class="s2">button</span><span class="dl">"</span><span class="p">);</span> <span class="nx">button</span><span class="p">.</span><span class="nx">addEventListener</span><span class="p">(</span><span class="dl">"</span><span class="s2">click</span><span class="dl">"</span><span class="p">,</span> <span class="kd">function</span><span class="p">()</span> <span class="p">{</span> <span class="k">throw</span> <span class="nb">Error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Can't touch this button!</span><span class="dl">"</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>Here we throw an exception as soon as the button is clicked. How do we catch it? This pattern <strong>does not work</strong>, and won't prevent the program from crashing:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">button</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nx">querySelector</span><span class="p">(</span><span class="dl">"</span><span class="s2">button</span><span class="dl">"</span><span class="p">);</span> <span class="k">try</span> <span class="p">{</span> <span class="nx">button</span><span class="p">.</span><span class="nx">addEventListener</span><span class="p">(</span><span class="dl">"</span><span class="s2">click</span><span class="dl">"</span><span class="p">,</span> <span class="kd">function</span><span class="p">()</span> <span class="p">{</span> <span class="k">throw</span> <span class="nb">Error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Can't touch this button!</span><span class="dl">"</span><span class="p">);</span> <span class="p">});</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">error</span><span class="p">(</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>As with the previous example with <code>setTimeout</code>, any callback passed to <code>addEventListener</code> is executed <strong>asynchronously</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Track A: --&gt; try/catch Track B: --&gt; addEventListener --&gt; callback --&gt; throw </code></pre> </div> <p>If we don't want to crash the program, to handle the error correctly we must move <code>try/catch</code> inside the callback for <code>addEventListener</code>.</p> <p>But again, there's little of no value in doing this.</p> <p>As with <code>setTimeout</code>, exception thrown by an asynchronous code path are <strong>un-catchable</strong> from the outside, and will crash your program. </p> <p>In the next sections we'll see how Promises and <code>async/await</code> can ease error handling for asynchronous code.</p> <h3> How about onerror? </h3> <p>HTML elements have a number of event handlers like <code>onclick</code>, <code>onmouseenter</code>, <code>onchange</code> to name a few.</p> <p>There is also <code>onerror</code>, but it has nothing to do with <code>throw</code> and friends.</p> <p>The <code>onerror</code> event handler fires any time an HTML element like an <code>&lt;img&gt;</code> tag or a <code>&lt;script&gt;</code> hits a non-existent resource.</p> <p>Consider the following example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code>// omitted <span class="nt">&lt;body&gt;</span> <span class="nt">&lt;img</span> <span class="na">src=</span><span class="s">"nowhere-to-be-found.png"</span> <span class="na">alt=</span><span class="s">"So empty!"</span><span class="nt">&gt;</span> <span class="nt">&lt;/body&gt;</span> // omitted </code></pre> </div> <p>When visiting an HTML document with a missing or non-existent resource the browser's console records the error:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>GET http://localhost:5000/nowhere-to-be-found.png [HTTP/1.1 404 Not Found 3ms] </code></pre> </div> <p>In our JavaScript we have the chance to "catch" this error with the appropriate event handler:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">image</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nx">querySelector</span><span class="p">(</span><span class="dl">"</span><span class="s2">img</span><span class="dl">"</span><span class="p">);</span> <span class="nx">image</span><span class="p">.</span><span class="nx">onerror</span> <span class="o">=</span> <span class="kd">function</span><span class="p">(</span><span class="nx">event</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">event</span><span class="p">);</span> <span class="p">};</span> </code></pre> </div> <p>Or better:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">image</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nx">querySelector</span><span class="p">(</span><span class="dl">"</span><span class="s2">img</span><span class="dl">"</span><span class="p">);</span> <span class="nx">image</span><span class="p">.</span><span class="nx">addEventListener</span><span class="p">(</span><span class="dl">"</span><span class="s2">error</span><span class="dl">"</span><span class="p">,</span> <span class="kd">function</span><span class="p">(</span><span class="nx">event</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">event</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>This pattern is useful for <strong>loading alternate resources in place of missing images or scripts</strong>.</p> <p>But remember: <code>onerror</code>, has nothing to do with <code>throw</code> or <code>try/catch</code>.</p> <h3> Error handling with Promise </h3> <p>To illustrate error handling with Promise we'll "promisify" one of our original examples. We tweak the following function:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nx">toUppercase</span><span class="p">(</span><span class="nx">string</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="k">typeof</span> <span class="nx">string</span> <span class="o">!==</span> <span class="dl">"</span><span class="s2">string</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="nx">TypeError</span><span class="p">(</span><span class="dl">"</span><span class="s2">Wrong type given, expected a string</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">string</span><span class="p">.</span><span class="nx">toUpperCase</span><span class="p">();</span> <span class="p">}</span> <span class="nx">toUppercase</span><span class="p">(</span><span class="mi">4</span><span class="p">);</span> </code></pre> </div> <p>Instead of returning a simple string, or an exception, we use respectively <code>Promise.reject</code> and <code>Promise.resolve</code> to handle error and success:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nx">toUppercase</span><span class="p">(</span><span class="nx">string</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="k">typeof</span> <span class="nx">string</span> <span class="o">!==</span> <span class="dl">"</span><span class="s2">string</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nb">Promise</span><span class="p">.</span><span class="nx">reject</span><span class="p">(</span><span class="nx">TypeError</span><span class="p">(</span><span class="dl">"</span><span class="s2">Wrong type given, expected a string</span><span class="dl">"</span><span class="p">));</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="nx">string</span><span class="p">.</span><span class="nx">toUpperCase</span><span class="p">();</span> <span class="k">return</span> <span class="nb">Promise</span><span class="p">.</span><span class="nx">resolve</span><span class="p">(</span><span class="nx">result</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>(Technically there's nothing asynchronous in this code, but it serves well to illustrate the point).</p> <p>Now that the function is "promisified" we can attach <code>then</code> for consuming the result, and <code>catch</code> for <strong>handling the rejected Promise</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">toUppercase</span><span class="p">(</span><span class="mi">99</span><span class="p">)</span> <span class="p">.</span><span class="nx">then</span><span class="p">(</span><span class="nx">result</span> <span class="o">=&gt;</span> <span class="nx">result</span><span class="p">)</span> <span class="p">.</span><span class="k">catch</span><span class="p">(</span><span class="nx">error</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">error</span><span class="p">(</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">));</span> </code></pre> </div> <p>This code will log:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Wrong type given, expected a string </code></pre> </div> <p>In the realm of Promise, <code>catch</code> is the construct for handling errors.</p> <p>In addition to <code>catch</code> and <code>then</code> we have also <code>finally</code>, similar to the <code>finally</code> in <code>try/catch</code>.</p> <p>As its synchronous "relative", Promise's <code>finally</code> runs <strong>regardless</strong> of the Promise outcome:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">toUppercase</span><span class="p">(</span><span class="mi">99</span><span class="p">)</span> <span class="p">.</span><span class="nx">then</span><span class="p">(</span><span class="nx">result</span> <span class="o">=&gt;</span> <span class="nx">result</span><span class="p">)</span> <span class="p">.</span><span class="k">catch</span><span class="p">(</span><span class="nx">error</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">error</span><span class="p">(</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">))</span> <span class="p">.</span><span class="k">finally</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">Run baby, run</span><span class="dl">"</span><span class="p">));</span> </code></pre> </div> <p>Always keep in mind that any callback passed to <code>then/catch/finally</code> is handled asynchronously by the Microtask Queue. They're <strong>micro tasks</strong> with precedence over macro tasks such as events and timers.</p> <h3> Promise, error, and throw </h3> <p>As a <strong>best practice when rejecting a Promise</strong> it's convenient to provide an error object:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nb">Promise</span><span class="p">.</span><span class="nx">reject</span><span class="p">(</span><span class="nx">TypeError</span><span class="p">(</span><span class="dl">"</span><span class="s2">Wrong type given, expected a string</span><span class="dl">"</span><span class="p">));</span> </code></pre> </div> <p>By doing so you keep error handling consistent through the codebase. Other team members can always expect to access <code>error.message</code>, and more important you can inspect stack traces.</p> <p>In addition to <code>Promise.reject</code>, we can exit from a Promise chain by <strong>throwing</strong> an exception.</p> <p>Consider the following example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nb">Promise</span><span class="p">.</span><span class="nx">resolve</span><span class="p">(</span><span class="dl">"</span><span class="s2">A string</span><span class="dl">"</span><span class="p">).</span><span class="nx">then</span><span class="p">(</span><span class="nx">value</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="k">typeof</span> <span class="nx">value</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">string</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="nx">TypeError</span><span class="p">(</span><span class="dl">"</span><span class="s2">Expected a number!</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="p">});</span> </code></pre> </div> <p>We resolve a Promise with a string, and then the chain is immediately broken with <code>throw</code>.</p> <p>To stop the exception propagation we use <code>catch</code>, as usual:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nb">Promise</span><span class="p">.</span><span class="nx">resolve</span><span class="p">(</span><span class="dl">"</span><span class="s2">A string</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nx">then</span><span class="p">(</span><span class="nx">value</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="k">typeof</span> <span class="nx">value</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">string</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="nx">TypeError</span><span class="p">(</span><span class="dl">"</span><span class="s2">Expected a number!</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="p">})</span> <span class="p">.</span><span class="k">catch</span><span class="p">(</span><span class="nx">reason</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">reason</span><span class="p">.</span><span class="nx">message</span><span class="p">));</span> </code></pre> </div> <p>This pattern is common in <code>fetch</code>, where we check the response object in search for errors:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">fetch</span><span class="p">(</span><span class="dl">"</span><span class="s2">https://example-dev/api/</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nx">then</span><span class="p">(</span><span class="nx">response</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="nx">response</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="nb">Error</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">statusText</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">response</span><span class="p">.</span><span class="nx">json</span><span class="p">();</span> <span class="p">})</span> <span class="p">.</span><span class="nx">then</span><span class="p">(</span><span class="nx">json</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">json</span><span class="p">));</span> </code></pre> </div> <p>Here the exception can be intercepted with <code>catch</code>. If we fail, or decide to not catch it there, <strong>the exception is free to bubble up in the stack</strong>.</p> <p>This is not bad per-se, but different environments react differently to uncaught rejections.</p> <p>Node.js for example in the future will let crash any program where Promise rejections are un-handled:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code. </code></pre> </div> <p>Better you catch them!</p> <h3> Error handling for "promisified" timers </h3> <p>With timers or events it's not possible to catch exceptions thrown from a callback. We saw an example in the previous section:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nx">failAfterOneSecond</span><span class="p">()</span> <span class="p">{</span> <span class="nx">setTimeout</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">throw</span> <span class="nb">Error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Something went wrong!</span><span class="dl">"</span><span class="p">);</span> <span class="p">},</span> <span class="mi">1000</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// DOES NOT WORK</span> <span class="k">try</span> <span class="p">{</span> <span class="nx">failAfterOneSecond</span><span class="p">();</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">error</span><span class="p">(</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>A solution offered by Promise consists in the "promisification" of our code. Basically, we wrap our timer with a Promise:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nx">failAfterOneSecond</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="k">new</span> <span class="nb">Promise</span><span class="p">((</span><span class="nx">_</span><span class="p">,</span> <span class="nx">reject</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">setTimeout</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">reject</span><span class="p">(</span><span class="nb">Error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Something went wrong!</span><span class="dl">"</span><span class="p">));</span> <span class="p">},</span> <span class="mi">1000</span><span class="p">);</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <p>With <code>reject</code> we set off a Promise rejection, which carries an error object.</p> <p>At this point we can handle the exception with <code>catch</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">failAfterOneSecond</span><span class="p">().</span><span class="k">catch</span><span class="p">(</span><span class="nx">reason</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">error</span><span class="p">(</span><span class="nx">reason</span><span class="p">.</span><span class="nx">message</span><span class="p">));</span> </code></pre> </div> <p>Note: it's common to use <code>value</code> as the returning value from a Promise, and <code>reason</code> as the returning object from a rejection.</p> <p>Node.js has a utility called <a href="https://nodejs.org/api/util.html#util_util_promisify_original">promisify</a> to ease the "promisification" of old-style callback APIs.</p> <h3> Error handling in Promise.all </h3> <p>The static method <code>Promise.all</code> accepts an array of Promise, and returns an array of results from all resolving Promise:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">promise1</span> <span class="o">=</span> <span class="nb">Promise</span><span class="p">.</span><span class="nx">resolve</span><span class="p">(</span><span class="dl">"</span><span class="s2">All good!</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">promise2</span> <span class="o">=</span> <span class="nb">Promise</span><span class="p">.</span><span class="nx">resolve</span><span class="p">(</span><span class="dl">"</span><span class="s2">All good here too!</span><span class="dl">"</span><span class="p">);</span> <span class="nb">Promise</span><span class="p">.</span><span class="nx">all</span><span class="p">([</span><span class="nx">promise1</span><span class="p">,</span> <span class="nx">promise2</span><span class="p">]).</span><span class="nx">then</span><span class="p">((</span><span class="nx">results</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">results</span><span class="p">));</span> <span class="c1">// [ 'All good!', 'All good here too!' ]</span> </code></pre> </div> <p>If any of these Promise rejects, <code>Promise.all</code> rejects with the error from the first rejected Promise. </p> <p>To handle these situations in <code>Promise.all</code> we use <code>catch</code>, as we did in the previous section:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">promise1</span> <span class="o">=</span> <span class="nb">Promise</span><span class="p">.</span><span class="nx">resolve</span><span class="p">(</span><span class="dl">"</span><span class="s2">All good!</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">promise2</span> <span class="o">=</span> <span class="nb">Promise</span><span class="p">.</span><span class="nx">reject</span><span class="p">(</span><span class="nb">Error</span><span class="p">(</span><span class="dl">"</span><span class="s2">No good, sorry!</span><span class="dl">"</span><span class="p">));</span> <span class="kd">const</span> <span class="nx">promise3</span> <span class="o">=</span> <span class="nb">Promise</span><span class="p">.</span><span class="nx">reject</span><span class="p">(</span><span class="nb">Error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Bad day ...</span><span class="dl">"</span><span class="p">));</span> <span class="nb">Promise</span><span class="p">.</span><span class="nx">all</span><span class="p">([</span><span class="nx">promise1</span><span class="p">,</span> <span class="nx">promise2</span><span class="p">,</span> <span class="nx">promise3</span><span class="p">])</span> <span class="p">.</span><span class="nx">then</span><span class="p">(</span><span class="nx">results</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">results</span><span class="p">))</span> <span class="p">.</span><span class="k">catch</span><span class="p">(</span><span class="nx">error</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">error</span><span class="p">(</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">));</span> </code></pre> </div> <p>To run a function regardless of the outcome of <code>Promise.all</code>, again, we can use <code>finally</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nb">Promise</span><span class="p">.</span><span class="nx">all</span><span class="p">([</span><span class="nx">promise1</span><span class="p">,</span> <span class="nx">promise2</span><span class="p">,</span> <span class="nx">promise3</span><span class="p">])</span> <span class="p">.</span><span class="nx">then</span><span class="p">(</span><span class="nx">results</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">results</span><span class="p">))</span> <span class="p">.</span><span class="k">catch</span><span class="p">(</span><span class="nx">error</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">error</span><span class="p">(</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">))</span> <span class="p">.</span><span class="k">finally</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">Always runs!</span><span class="dl">"</span><span class="p">));</span> </code></pre> </div> <h3> Error handling in Promise.any </h3> <p>We can consider <code>Promise.any</code> (Firefox &gt; 79, Chrome &gt; 85) as the opposite of <code>Promise.all</code>.</p> <p>Whereas <code>Promise.all</code> returns a failure even if a single Promise in the array rejects, <code>Promise.any</code> gives us always the first resolved Promise (if present in the array) regardless of any rejection occurred.</p> <p>In case instead <strong>all the Promise</strong> passed to <code>Promise.any</code> reject, the resulting error is an <code>AggregateError</code>. Consider the following example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">promise1</span> <span class="o">=</span> <span class="nb">Promise</span><span class="p">.</span><span class="nx">reject</span><span class="p">(</span><span class="nb">Error</span><span class="p">(</span><span class="dl">"</span><span class="s2">No good, sorry!</span><span class="dl">"</span><span class="p">));</span> <span class="kd">const</span> <span class="nx">promise2</span> <span class="o">=</span> <span class="nb">Promise</span><span class="p">.</span><span class="nx">reject</span><span class="p">(</span><span class="nb">Error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Bad day ...</span><span class="dl">"</span><span class="p">));</span> <span class="nb">Promise</span><span class="p">.</span><span class="nx">any</span><span class="p">([</span><span class="nx">promise1</span><span class="p">,</span> <span class="nx">promise2</span><span class="p">])</span> <span class="p">.</span><span class="nx">then</span><span class="p">(</span><span class="nx">result</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">result</span><span class="p">))</span> <span class="p">.</span><span class="k">catch</span><span class="p">(</span><span class="nx">error</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">error</span><span class="p">(</span><span class="nx">error</span><span class="p">))</span> <span class="p">.</span><span class="k">finally</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">Always runs!</span><span class="dl">"</span><span class="p">));</span> </code></pre> </div> <p>Here we handle the error with <code>catch</code>. The output of this code is:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>AggregateError: No Promise in Promise.any was resolved Always runs! </code></pre> </div> <p>The <code>AggregateError</code> object has the same properties of a basic <code>Error</code>, plus an <code>errors</code> property:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">//</span> <span class="p">.</span><span class="k">catch</span><span class="p">(</span><span class="nx">error</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">error</span><span class="p">(</span><span class="nx">error</span><span class="p">.</span><span class="nx">errors</span><span class="p">))</span> <span class="c1">//</span> </code></pre> </div> <p>This property is an array of each individual error produced by the reject:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>[Error: "No good, sorry!, Error: "Bad day ..."] </code></pre> </div> <h3> Error handling in Promise.race </h3> <p>The static method <code>Promise.race</code> accepts an array of Promise:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">promise1</span> <span class="o">=</span> <span class="nb">Promise</span><span class="p">.</span><span class="nx">resolve</span><span class="p">(</span><span class="dl">"</span><span class="s2">The first!</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">promise2</span> <span class="o">=</span> <span class="nb">Promise</span><span class="p">.</span><span class="nx">resolve</span><span class="p">(</span><span class="dl">"</span><span class="s2">The second!</span><span class="dl">"</span><span class="p">);</span> <span class="nb">Promise</span><span class="p">.</span><span class="nx">race</span><span class="p">([</span><span class="nx">promise1</span><span class="p">,</span> <span class="nx">promise2</span><span class="p">]).</span><span class="nx">then</span><span class="p">(</span><span class="nx">result</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">result</span><span class="p">));</span> <span class="c1">// The first!</span> </code></pre> </div> <p>The result is <strong>the first Promise who wins the "race"</strong>.</p> <p>How about rejections then? If the rejecting Promise is not the first to appear in the input array, <code>Promise.race</code> resolves:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">promise1</span> <span class="o">=</span> <span class="nb">Promise</span><span class="p">.</span><span class="nx">resolve</span><span class="p">(</span><span class="dl">"</span><span class="s2">The first!</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">rejection</span> <span class="o">=</span> <span class="nb">Promise</span><span class="p">.</span><span class="nx">reject</span><span class="p">(</span><span class="nb">Error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Ouch!</span><span class="dl">"</span><span class="p">));</span> <span class="kd">const</span> <span class="nx">promise2</span> <span class="o">=</span> <span class="nb">Promise</span><span class="p">.</span><span class="nx">resolve</span><span class="p">(</span><span class="dl">"</span><span class="s2">The second!</span><span class="dl">"</span><span class="p">);</span> <span class="nb">Promise</span><span class="p">.</span><span class="nx">race</span><span class="p">([</span><span class="nx">promise1</span><span class="p">,</span> <span class="nx">rejection</span><span class="p">,</span> <span class="nx">promise2</span><span class="p">]).</span><span class="nx">then</span><span class="p">(</span><span class="nx">result</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">result</span><span class="p">)</span> <span class="p">);</span> <span class="c1">// The first!</span> </code></pre> </div> <p>If <strong>the rejection instead appears as the first element of the array,</strong> <code>Promise.race</code> <strong>rejects</strong>, and we must catch the rejection:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">promise1</span> <span class="o">=</span> <span class="nb">Promise</span><span class="p">.</span><span class="nx">resolve</span><span class="p">(</span><span class="dl">"</span><span class="s2">The first!</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">rejection</span> <span class="o">=</span> <span class="nb">Promise</span><span class="p">.</span><span class="nx">reject</span><span class="p">(</span><span class="nb">Error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Ouch!</span><span class="dl">"</span><span class="p">));</span> <span class="kd">const</span> <span class="nx">promise2</span> <span class="o">=</span> <span class="nb">Promise</span><span class="p">.</span><span class="nx">resolve</span><span class="p">(</span><span class="dl">"</span><span class="s2">The second!</span><span class="dl">"</span><span class="p">);</span> <span class="nb">Promise</span><span class="p">.</span><span class="nx">race</span><span class="p">([</span><span class="nx">rejection</span><span class="p">,</span> <span class="nx">promise1</span><span class="p">,</span> <span class="nx">promise2</span><span class="p">])</span> <span class="p">.</span><span class="nx">then</span><span class="p">(</span><span class="nx">result</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">result</span><span class="p">))</span> <span class="p">.</span><span class="k">catch</span><span class="p">(</span><span class="nx">error</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">error</span><span class="p">(</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">));</span> <span class="c1">// Ouch!</span> </code></pre> </div> <h3> Error handling in Promise.allSettled </h3> <p><code>Promise.allSettled</code> is an ECMAScript 2020 addition to the language.</p> <p>There is not so much to handle with this static method since <strong>the result will always be a resolved Promise, even if one or more input Promise rejects</strong>.</p> <p>Consider the following example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">promise1</span> <span class="o">=</span> <span class="nb">Promise</span><span class="p">.</span><span class="nx">resolve</span><span class="p">(</span><span class="dl">"</span><span class="s2">Good!</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">promise2</span> <span class="o">=</span> <span class="nb">Promise</span><span class="p">.</span><span class="nx">reject</span><span class="p">(</span><span class="nb">Error</span><span class="p">(</span><span class="dl">"</span><span class="s2">No good, sorry!</span><span class="dl">"</span><span class="p">));</span> <span class="nb">Promise</span><span class="p">.</span><span class="nx">allSettled</span><span class="p">([</span><span class="nx">promise1</span><span class="p">,</span> <span class="nx">promise2</span><span class="p">])</span> <span class="p">.</span><span class="nx">then</span><span class="p">(</span><span class="nx">results</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">results</span><span class="p">))</span> <span class="p">.</span><span class="k">catch</span><span class="p">(</span><span class="nx">error</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">error</span><span class="p">(</span><span class="nx">error</span><span class="p">))</span> <span class="p">.</span><span class="k">finally</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">Always runs!</span><span class="dl">"</span><span class="p">));</span> </code></pre> </div> <p>We pass to <code>Promise.allSettled</code> an array consisting of two Promise: one resolved and another rejected.</p> <p>In this case <code>catch</code> will never be hit. <code>finally</code> instead runs.</p> <p>The result of this code, logged in <code>then</code> is:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>[ { status: 'fulfilled', value: 'Good!' }, { status: 'rejected', reason: Error: No good, sorry! } ] </code></pre> </div> <h3> Error handling for async/await </h3> <p><code>async/await</code> in JavaScript denotes asynchronous functions, but from a reader standpoint they benefit from all the <strong>readability</strong> of synchronous functions.</p> <p>To keep things simple we'll take our previous synchronous function <code>toUppercase</code>, and we transform it to an asynchronous function by putting <code>async</code> before the <code>function</code> keyword:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">async</span> <span class="kd">function</span> <span class="nx">toUppercase</span><span class="p">(</span><span class="nx">string</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="k">typeof</span> <span class="nx">string</span> <span class="o">!==</span> <span class="dl">"</span><span class="s2">string</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="nx">TypeError</span><span class="p">(</span><span class="dl">"</span><span class="s2">Wrong type given, expected a string</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">string</span><span class="p">.</span><span class="nx">toUpperCase</span><span class="p">();</span> <span class="p">}</span> </code></pre> </div> <p>Just by prefixing a function with <code>async</code> we cause the function to <strong>return a Promise</strong>. That means we can chain <code>then</code>, <code>catch</code>, and <code>finally</code> after the function call:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">async</span> <span class="kd">function</span> <span class="nx">toUppercase</span><span class="p">(</span><span class="nx">string</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="k">typeof</span> <span class="nx">string</span> <span class="o">!==</span> <span class="dl">"</span><span class="s2">string</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="nx">TypeError</span><span class="p">(</span><span class="dl">"</span><span class="s2">Wrong type given, expected a string</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">string</span><span class="p">.</span><span class="nx">toUpperCase</span><span class="p">();</span> <span class="p">}</span> <span class="nx">toUppercase</span><span class="p">(</span><span class="dl">"</span><span class="s2">abc</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nx">then</span><span class="p">(</span><span class="nx">result</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">result</span><span class="p">))</span> <span class="p">.</span><span class="k">catch</span><span class="p">(</span><span class="nx">error</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">error</span><span class="p">(</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">))</span> <span class="p">.</span><span class="k">finally</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">Always runs!</span><span class="dl">"</span><span class="p">));</span> </code></pre> </div> <p><strong>When we throw from an</strong> <code>async</code> function the exception becomes cause of <strong>rejection for the underlying Promise</strong>.</p> <p>Any error can be intercepted with <code>catch</code> from the outside.</p> <p>Most important, in <strong>addition to this style we can use</strong> <code>try/catch/finally</code>, much as we would do with a synchronous function.</p> <p>In the following example we call <code>toUppercase</code> from another function, <code>consumer</code>, which conveniently wraps the function call with <code>try/catch/finally</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">async</span> <span class="kd">function</span> <span class="nx">toUppercase</span><span class="p">(</span><span class="nx">string</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="k">typeof</span> <span class="nx">string</span> <span class="o">!==</span> <span class="dl">"</span><span class="s2">string</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="nx">TypeError</span><span class="p">(</span><span class="dl">"</span><span class="s2">Wrong type given, expected a string</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">string</span><span class="p">.</span><span class="nx">toUpperCase</span><span class="p">();</span> <span class="p">}</span> <span class="k">async</span> <span class="kd">function</span> <span class="nx">consumer</span><span class="p">()</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">toUppercase</span><span class="p">(</span><span class="mi">98</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">error</span><span class="p">(</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">);</span> <span class="p">}</span> <span class="k">finally</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">Always runs!</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">consumer</span><span class="p">();</span> <span class="c1">// Returning Promise ignored</span> </code></pre> </div> <p>The output is:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Wrong type given, expected a string Always runs! </code></pre> </div> <p>On the same topic: <a href="https://www.valentinog.com/blog/throw-async/">How to Throw Errors From Async Functions in JavaScript?</a></p> <h3> Error handling for async generators </h3> <p><strong>Async generators</strong> in JavaScript are <strong>generator functions capable of yielding Promises</strong> instead of simple values.</p> <p>They combine generator functions with <code>async</code>. The result is a generator function whose iterator objects expose a Promise to the consumer.</p> <p>To create an async generator we declare a generator function with the star <code>*</code>, prefixed with <code>async</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">async</span> <span class="kd">function</span><span class="o">*</span> <span class="nx">asyncGenerator</span><span class="p">()</span> <span class="p">{</span> <span class="k">yield</span> <span class="mi">33</span><span class="p">;</span> <span class="k">yield</span> <span class="mi">99</span><span class="p">;</span> <span class="k">throw</span> <span class="nb">Error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Something went wrong!</span><span class="dl">"</span><span class="p">);</span> <span class="c1">// Promise.reject</span> <span class="p">}</span> </code></pre> </div> <p>Being based on Promise, the same rules for error handling apply here. <code>throw</code> inside an async generator causes a Promise rejection, which we intercept with <code>catch</code>.</p> <p>To <strong>pull Promises out an async generators</strong> we can use two approaches:</p> <ul> <li> <code>then</code> handlers.</li> <li> <strong>async iteration</strong>.</li> </ul> <p>From the above example we know for sure there will be an exception after the first two <code>yield</code>. This means we can do:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">go</span> <span class="o">=</span> <span class="nx">asyncGenerator</span><span class="p">();</span> <span class="nx">go</span><span class="p">.</span><span class="nx">next</span><span class="p">().</span><span class="nx">then</span><span class="p">(</span><span class="nx">value</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">value</span><span class="p">));</span> <span class="nx">go</span><span class="p">.</span><span class="nx">next</span><span class="p">().</span><span class="nx">then</span><span class="p">(</span><span class="nx">value</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">value</span><span class="p">));</span> <span class="nx">go</span><span class="p">.</span><span class="nx">next</span><span class="p">().</span><span class="k">catch</span><span class="p">(</span><span class="nx">reason</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">error</span><span class="p">(</span><span class="nx">reason</span><span class="p">.</span><span class="nx">message</span><span class="p">));</span> </code></pre> </div> <p>The output from this code is:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>{ value: 33, done: false } { value: 99, done: false } Something went wrong! </code></pre> </div> <p>The other approach uses <strong>async iteration</strong> with <code>for await...of</code>. To use async iteration we need to wrap the consumer with an <code>async</code> function.</p> <p>Here's the complete example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">async</span> <span class="kd">function</span><span class="o">*</span> <span class="nx">asyncGenerator</span><span class="p">()</span> <span class="p">{</span> <span class="k">yield</span> <span class="mi">33</span><span class="p">;</span> <span class="k">yield</span> <span class="mi">99</span><span class="p">;</span> <span class="k">throw</span> <span class="nb">Error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Something went wrong!</span><span class="dl">"</span><span class="p">);</span> <span class="c1">// Promise.reject</span> <span class="p">}</span> <span class="k">async</span> <span class="kd">function</span> <span class="nx">consumer</span><span class="p">()</span> <span class="p">{</span> <span class="k">for</span> <span class="k">await</span> <span class="p">(</span><span class="kd">const</span> <span class="nx">value</span> <span class="k">of</span> <span class="nx">asyncGenerator</span><span class="p">())</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">value</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">consumer</span><span class="p">();</span> </code></pre> </div> <p>And as with <code>async/await</code> we handle any potential exception with <code>try/catch</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">async</span> <span class="kd">function</span><span class="o">*</span> <span class="nx">asyncGenerator</span><span class="p">()</span> <span class="p">{</span> <span class="k">yield</span> <span class="mi">33</span><span class="p">;</span> <span class="k">yield</span> <span class="mi">99</span><span class="p">;</span> <span class="k">throw</span> <span class="nb">Error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Something went wrong!</span><span class="dl">"</span><span class="p">);</span> <span class="c1">// Promise.reject</span> <span class="p">}</span> <span class="k">async</span> <span class="kd">function</span> <span class="nx">consumer</span><span class="p">()</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="k">for</span> <span class="k">await</span> <span class="p">(</span><span class="kd">const</span> <span class="nx">value</span> <span class="k">of</span> <span class="nx">asyncGenerator</span><span class="p">())</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">value</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">error</span><span class="p">(</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">consumer</span><span class="p">();</span> </code></pre> </div> <p>The output of this code is:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>33 99 Something went wrong! </code></pre> </div> <p>The iterator object returned from an asynchronous generator function has also a <code>throw()</code> method, much like its synchronous counterpart.</p> <p>Calling <code>throw()</code> on the iterator object here won't throw an exception, but a Promise rejection:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">async</span> <span class="kd">function</span><span class="o">*</span> <span class="nx">asyncGenerator</span><span class="p">()</span> <span class="p">{</span> <span class="k">yield</span> <span class="mi">33</span><span class="p">;</span> <span class="k">yield</span> <span class="mi">99</span><span class="p">;</span> <span class="k">yield</span> <span class="mi">11</span><span class="p">;</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">go</span> <span class="o">=</span> <span class="nx">asyncGenerator</span><span class="p">();</span> <span class="nx">go</span><span class="p">.</span><span class="nx">next</span><span class="p">().</span><span class="nx">then</span><span class="p">(</span><span class="nx">value</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">value</span><span class="p">));</span> <span class="nx">go</span><span class="p">.</span><span class="nx">next</span><span class="p">().</span><span class="nx">then</span><span class="p">(</span><span class="nx">value</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">value</span><span class="p">));</span> <span class="nx">go</span><span class="p">.</span><span class="k">throw</span><span class="p">(</span><span class="nb">Error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Let's reject!</span><span class="dl">"</span><span class="p">));</span> <span class="nx">go</span><span class="p">.</span><span class="nx">next</span><span class="p">().</span><span class="nx">then</span><span class="p">(</span><span class="nx">value</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">value</span><span class="p">));</span> <span class="c1">// value is undefined</span> </code></pre> </div> <p>To handle this situation from the outside we can do:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">go</span><span class="p">.</span><span class="k">throw</span><span class="p">(</span><span class="nb">Error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Let's reject!</span><span class="dl">"</span><span class="p">)).</span><span class="k">catch</span><span class="p">(</span><span class="nx">reason</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">error</span><span class="p">(</span><span class="nx">reason</span><span class="p">.</span><span class="nx">message</span><span class="p">));</span> </code></pre> </div> <p>But let's not forget that iterator objects <code>throw()</code> send the exception <strong>inside the generator</strong>. This means we can also apply the following pattern:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">async</span> <span class="kd">function</span><span class="o">*</span> <span class="nx">asyncGenerator</span><span class="p">()</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="k">yield</span> <span class="mi">33</span><span class="p">;</span> <span class="k">yield</span> <span class="mi">99</span><span class="p">;</span> <span class="k">yield</span> <span class="mi">11</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">error</span><span class="p">(</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">go</span> <span class="o">=</span> <span class="nx">asyncGenerator</span><span class="p">();</span> <span class="nx">go</span><span class="p">.</span><span class="nx">next</span><span class="p">().</span><span class="nx">then</span><span class="p">(</span><span class="nx">value</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">value</span><span class="p">));</span> <span class="nx">go</span><span class="p">.</span><span class="nx">next</span><span class="p">().</span><span class="nx">then</span><span class="p">(</span><span class="nx">value</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">value</span><span class="p">));</span> <span class="nx">go</span><span class="p">.</span><span class="k">throw</span><span class="p">(</span><span class="nb">Error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Let's reject!</span><span class="dl">"</span><span class="p">));</span> <span class="nx">go</span><span class="p">.</span><span class="nx">next</span><span class="p">().</span><span class="nx">then</span><span class="p">(</span><span class="nx">value</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">value</span><span class="p">));</span> <span class="c1">// value is undefined</span> </code></pre> </div> <h2> Error handling in Node.js </h2> <h3> Synchronous error handling in Node.js </h3> <p>Synchronous error handling in Node.js does not differ too much from what we saw so far.</p> <p>For <strong>synchronous code</strong>, <code>try/catch/finally</code> works fine.</p> <p>However, things get interesting if we take a glance at the asynchronous world.</p> <h3> Asynchronous error handling in Node.js: the callback pattern </h3> <p>For asynchronous code, Node.js strongly relies on two idioms:</p> <ul> <li>the callback pattern.</li> <li>event emitters.</li> </ul> <p>In the <strong>callback pattern, asynchronous Node.js APIs</strong> accept a function which is handled through the <strong>event loop</strong> and executed as soon as the <strong>call stack</strong> is empty.</p> <p>Consider the following code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="p">{</span> <span class="nx">readFile</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">require</span><span class="p">(</span><span class="dl">"</span><span class="s2">fs</span><span class="dl">"</span><span class="p">);</span> <span class="kd">function</span> <span class="nx">readDataset</span><span class="p">(</span><span class="nx">path</span><span class="p">)</span> <span class="p">{</span> <span class="nx">readFile</span><span class="p">(</span><span class="nx">path</span><span class="p">,</span> <span class="p">{</span> <span class="na">encoding</span><span class="p">:</span> <span class="dl">"</span><span class="s2">utf8</span><span class="dl">"</span> <span class="p">},</span> <span class="kd">function</span><span class="p">(</span><span class="nx">error</span><span class="p">,</span> <span class="nx">data</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="nx">console</span><span class="p">.</span><span class="nx">error</span><span class="p">(</span><span class="nx">error</span><span class="p">);</span> <span class="c1">// do stuff with the data</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <p>If we extract the callback from this listing, we can see how it is supposed to deal with errors:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">//</span> <span class="kd">function</span><span class="p">(</span><span class="nx">error</span><span class="p">,</span> <span class="nx">data</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="nx">console</span><span class="p">.</span><span class="nx">error</span><span class="p">(</span><span class="nx">error</span><span class="p">);</span> <span class="c1">// do stuff with the data</span> <span class="p">}</span> <span class="c1">//</span> </code></pre> </div> <p>If any errors arises from reading the given path with <code>fs.readFile</code>, we get an error object.</p> <p>At this point we can:</p> <ul> <li>simply log the error object as we did.</li> <li>throw an exception.</li> <li>pass the error to another callback.</li> </ul> <p>To throw an exception we can do:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="p">{</span> <span class="nx">readFile</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">require</span><span class="p">(</span><span class="dl">"</span><span class="s2">fs</span><span class="dl">"</span><span class="p">);</span> <span class="kd">function</span> <span class="nx">readDataset</span><span class="p">(</span><span class="nx">path</span><span class="p">)</span> <span class="p">{</span> <span class="nx">readFile</span><span class="p">(</span><span class="nx">path</span><span class="p">,</span> <span class="p">{</span> <span class="na">encoding</span><span class="p">:</span> <span class="dl">"</span><span class="s2">utf8</span><span class="dl">"</span> <span class="p">},</span> <span class="kd">function</span><span class="p">(</span><span class="nx">error</span><span class="p">,</span> <span class="nx">data</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="k">throw</span> <span class="nb">Error</span><span class="p">(</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">);</span> <span class="c1">// do stuff with the data</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <p>However, as with events and timers in the DOM, this exception will <strong>crash the program</strong>. The following attempt to stop it with <code>try/catch</code> won't work:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="p">{</span> <span class="nx">readFile</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">require</span><span class="p">(</span><span class="dl">"</span><span class="s2">fs</span><span class="dl">"</span><span class="p">);</span> <span class="kd">function</span> <span class="nx">readDataset</span><span class="p">(</span><span class="nx">path</span><span class="p">)</span> <span class="p">{</span> <span class="nx">readFile</span><span class="p">(</span><span class="nx">path</span><span class="p">,</span> <span class="p">{</span> <span class="na">encoding</span><span class="p">:</span> <span class="dl">"</span><span class="s2">utf8</span><span class="dl">"</span> <span class="p">},</span> <span class="kd">function</span><span class="p">(</span><span class="nx">error</span><span class="p">,</span> <span class="nx">data</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="k">throw</span> <span class="nb">Error</span><span class="p">(</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">);</span> <span class="c1">// do stuff with the data</span> <span class="p">});</span> <span class="p">}</span> <span class="k">try</span> <span class="p">{</span> <span class="nx">readDataset</span><span class="p">(</span><span class="dl">"</span><span class="s2">not-here.txt</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">error</span><span class="p">(</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p><strong>Passing the error to another callback is the preferred option</strong>, if we don't want to crash the program:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="p">{</span> <span class="nx">readFile</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">require</span><span class="p">(</span><span class="dl">"</span><span class="s2">fs</span><span class="dl">"</span><span class="p">);</span> <span class="kd">function</span> <span class="nx">readDataset</span><span class="p">(</span><span class="nx">path</span><span class="p">)</span> <span class="p">{</span> <span class="nx">readFile</span><span class="p">(</span><span class="nx">path</span><span class="p">,</span> <span class="p">{</span> <span class="na">encoding</span><span class="p">:</span> <span class="dl">"</span><span class="s2">utf8</span><span class="dl">"</span> <span class="p">},</span> <span class="kd">function</span><span class="p">(</span><span class="nx">error</span><span class="p">,</span> <span class="nx">data</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="k">return</span> <span class="nx">errorHandler</span><span class="p">(</span><span class="nx">error</span><span class="p">);</span> <span class="c1">// do stuff with the data</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <p>Here <code>errorHandler</code> is what the name suggests, a simple function for error handling:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nx">errorHandler</span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">error</span><span class="p">(</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">);</span> <span class="c1">// do something with the error:</span> <span class="c1">// - write to a log.</span> <span class="c1">// - send to an external logger.</span> <span class="p">}</span> </code></pre> </div> <h3> Asynchronous error handling in Node.js: event emitters </h3> <p>Much of what you do in Node.js is based on <strong>events</strong>. Most of the times you interact with an <strong>emitter object</strong> and some observers listening for messages.</p> <p>Any event-driven module (like <a href="https://nodejs.org/dist/latest-v14.x/docs/api/net.html">net</a> for example) in Node.js extends a root class named <code>EventEmitter</code>.</p> <p><code>EventEmitter</code> in Node.js has two fundamental methods: <code>on</code> and <code>emit</code>.</p> <p>Consider this simple HTTP server:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">net</span> <span class="o">=</span> <span class="nx">require</span><span class="p">(</span><span class="dl">"</span><span class="s2">net</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">server</span> <span class="o">=</span> <span class="nx">net</span><span class="p">.</span><span class="nx">createServer</span><span class="p">().</span><span class="nx">listen</span><span class="p">(</span><span class="mi">8081</span><span class="p">,</span> <span class="dl">"</span><span class="s2">127.0.0.1</span><span class="dl">"</span><span class="p">);</span> <span class="nx">server</span><span class="p">.</span><span class="nx">on</span><span class="p">(</span><span class="dl">"</span><span class="s2">listening</span><span class="dl">"</span><span class="p">,</span> <span class="kd">function</span> <span class="p">()</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">Server listening!</span><span class="dl">"</span><span class="p">);</span> <span class="p">});</span> <span class="nx">server</span><span class="p">.</span><span class="nx">on</span><span class="p">(</span><span class="dl">"</span><span class="s2">connection</span><span class="dl">"</span><span class="p">,</span> <span class="kd">function</span> <span class="p">(</span><span class="nx">socket</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">Client connected!</span><span class="dl">"</span><span class="p">);</span> <span class="nx">socket</span><span class="p">.</span><span class="nx">end</span><span class="p">(</span><span class="dl">"</span><span class="s2">Hello client!</span><span class="dl">"</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>Here we listen for two events: <strong>listening</strong> and <strong>connection</strong>.</p> <p>In addition to these events, event emitters expose also an <strong>error</strong> event, fired in case of errors.</p> <p>If you run this code listening on port 80 instead of the previous example, you'll get an exception:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">net</span> <span class="o">=</span> <span class="nx">require</span><span class="p">(</span><span class="dl">"</span><span class="s2">net</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">server</span> <span class="o">=</span> <span class="nx">net</span><span class="p">.</span><span class="nx">createServer</span><span class="p">().</span><span class="nx">listen</span><span class="p">(</span><span class="mi">80</span><span class="p">,</span> <span class="dl">"</span><span class="s2">127.0.0.1</span><span class="dl">"</span><span class="p">);</span> <span class="nx">server</span><span class="p">.</span><span class="nx">on</span><span class="p">(</span><span class="dl">"</span><span class="s2">listening</span><span class="dl">"</span><span class="p">,</span> <span class="kd">function</span> <span class="p">()</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">Server listening!</span><span class="dl">"</span><span class="p">);</span> <span class="p">});</span> <span class="nx">server</span><span class="p">.</span><span class="nx">on</span><span class="p">(</span><span class="dl">"</span><span class="s2">connection</span><span class="dl">"</span><span class="p">,</span> <span class="kd">function</span> <span class="p">(</span><span class="nx">socket</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">Client connected!</span><span class="dl">"</span><span class="p">);</span> <span class="nx">socket</span><span class="p">.</span><span class="nx">end</span><span class="p">(</span><span class="dl">"</span><span class="s2">Hello client!</span><span class="dl">"</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>Output:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>events.js:291 throw er; // Unhandled 'error' event ^ Error: listen EACCES: permission denied 127.0.0.1:80 Emitted 'error' event on Server instance at: ... </code></pre> </div> <p>To catch it we can register an event handler for <strong>error</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">server</span><span class="p">.</span><span class="nx">on</span><span class="p">(</span><span class="dl">"</span><span class="s2">error</span><span class="dl">"</span><span class="p">,</span> <span class="kd">function</span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">error</span><span class="p">(</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>This will print:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>listen EACCES: permission denied 127.0.0.1:80 </code></pre> </div> <p>In addition, the program won't crash.</p> <p>To learn more on the topic, consider also reading <a href="https://www.joyent.com/node-js/production/design/errors">"Error handling in Node.js"</a>.</p> <h2> Wrapping up </h2> <p>In this guide we covered <strong>error handling in JavaScript for the whole spectrum</strong>, from simple synchronous code, to advanced asynchronous primitives.</p> <p>There are many ways in which an exception can manifest in our JavaScript programs.</p> <p>Exceptions from synchronous code are the most straightforward to catch. <strong>Exceptions</strong> from <strong>asynchronous code</strong> paths instead can be <strong>tricky</strong> to deal with.</p> <p>In the meantime, new JavaScript APIs in the browser are almost all headed toward <code>Promise</code>. This pervasive pattern makes easier to handle exceptions with <code>then/catch/finally</code>, or with <code>try/catch</code> for <code>async/await</code>.</p> <p>After reading this guide you should be <strong>able to recognize all the different situations</strong> that may arise in your programs, and catch your <strong>exceptions</strong> correctly.</p> <p>Thanks for reading and stay tuned!</p> beginners javascript Valentino Gagliardi Wed, 04 Mar 2020 12:05:02 +0000 https://dev.to/valentinogagliardi/redux-course-for-beginners-lesson-1-introduction-history-and-architecture-1a4 https://dev.to/valentinogagliardi/redux-course-for-beginners-lesson-1-introduction-history-and-architecture-1a4 <p><iframe width="710" height="399" src="https://www.youtube.com/embed/4lnkiPQ8spk"> </iframe> </p> redux javascript beginners Valentino Gagliardi Tue, 28 Jan 2020 16:53:08 +0000 https://dev.to/valentinogagliardi/redux-visualized-5fmj https://dev.to/valentinogagliardi/redux-visualized-5fmj <p>While revamping my slides for a Redux workshop I came up with this animation:</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--szCghJXz--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_66%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/ofveedx2ix7c9xk7xhv2.gif" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--szCghJXz--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_66%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/ofveedx2ix7c9xk7xhv2.gif" alt="Redux Visualized"></a></p> <p>If you think about it, Redux is not so hard to grasp :-)</p> <p>For the occasion I updated this <a href="https://dev.to/valentinogagliardi/react-redux-tutorial-for-beginners-learning-redux-in-2018-13hj">React Redux tutorial</a> as well.</p> <p>Happy coding!</p> javascript redux beginners Valentino Gagliardi Tue, 28 Jan 2020 08:25:15 +0000 https://dev.to/valentinogagliardi/understanding-the-firefox-dev-tools-architecture-and-how-to-start-contributing-to-firefox-2plc https://dev.to/valentinogagliardi/understanding-the-firefox-dev-tools-architecture-and-how-to-start-contributing-to-firefox-2plc <p>This year I decided to contribute more to open source projects and since I've made the resolution to <strong>switch to Firefox</strong> from Chrome I've also got the chance to <strong>find an interesting bug to work on</strong>.</p> <p>In this post I want to share my learnings in the hope that more people could start contributing to Firefox.</p> <h2> Contributing to Firefox: a bit of backstory </h2> <p>In Firefox Dev Tools I wanted a <strong>"Store as global variable" option</strong> in the <strong>Scopes panel</strong>. The Scopes panel appears in the <strong>debugger tab</strong> when you stop the script with a breakpoint, much like Chrome Dev Tools.</p> <p>As of now the only thing that you can do on an object in the panel is adding a watchpoint, that is, a watcher which fires on properties get and set. You can <a href="https://hacks.mozilla.org/2019/12/debugging-variables-with-watchpoints-in-firefox-72/">read more about watchpoints here</a>.</p> <p>With the idea in mind I reached the Firefox Dev Tools account on Twitter and the team replied promptly with a workaround:</p> <blockquote class="ltag__twitter-tweet"> <div class="ltag__twitter-tweet__main"> <div class="ltag__twitter-tweet__header"> <img class="ltag__twitter-tweet__profile-image" src="https://res.cloudinary.com/practicaldev/image/fetch/s--ecUOO1lJ--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://pbs.twimg.com/profile_images/1049195344775598080/__CcrJNY_normal.jpg" alt="𝕡𝕒𝕥𝕣𝕚𝕔𝕜 profile image"> <div class="ltag__twitter-tweet__full-name"> 𝕡𝕒𝕥𝕣𝕚𝕔𝕜 </div> <div class="ltag__twitter-tweet__username"> <a class="mentioned-user" href="https://dev.to/patrickbrosset">@patrickbrosset</a> </div> <div class="ltag__twitter-tweet__twitter-logo"> <img src="https://res.cloudinary.com/practicaldev/image/fetch/s--ir1kO05j--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev.to/assets/twitter-f95605061196010f91e64806688390eb1a4dbc9e913682e043eb8b1e06ca484f.svg" alt="twitter logo"> </div> </div> <div class="ltag__twitter-tweet__body"> <a href="https://twitter.com/gagliardi_vale">@gagliardi_vale</a> <a href="https://twitter.com/FirefoxDevTools">@FirefoxDevTools</a> This should work:<br>- open the console while paused<br>- type and execute inputList<br>- right-click on the returned value and choose "store as global variable" </div> <div class="ltag__twitter-tweet__date"> 12:26 PM - 08 Jan 2020 </div> <div class="ltag__twitter-tweet__actions"> <a href="https://twitter.com/intent/tweet?in_reply_to=1214886156241899525" class="ltag__twitter-tweet__actions__button"> <img src="https://res.cloudinary.com/practicaldev/image/fetch/s--fFnoeFxk--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev.to/assets/twitter-reply-action-238fe0a37991706a6880ed13941c3efd6b371e4aefe288fe8e0db85250708bc4.svg" alt="Twitter reply action"> </a> <a href="https://twitter.com/intent/retweet?tweet_id=1214886156241899525" class="ltag__twitter-tweet__actions__button"> <img src="https://res.cloudinary.com/practicaldev/image/fetch/s--k6dcrOn8--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev.to/assets/twitter-retweet-action-632c83532a4e7de573c5c08dbb090ee18b348b13e2793175fea914827bc42046.svg" alt="Twitter retweet action"> </a> <a href="https://twitter.com/intent/like?tweet_id=1214886156241899525" class="ltag__twitter-tweet__actions__button"> <img src="https://res.cloudinary.com/practicaldev/image/fetch/s--SRQc9lOp--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev.to/assets/twitter-like-action-1ea89f4b87c7d37465b0eb78d51fcb7fe6c03a089805d7ea014ba71365be5171.svg" alt="Twitter like action"> </a> </div> </div> </blockquote> <p>But it turns out there was already a bug filled for the feature I wanted: <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1573088">Variables/values in Scopes should offer reps context menu</a>.</p> <p>So I jumped in and I tried to work on the bug. But before going into details let's see how to get started in contributing to Firefox Dev Tools.</p> <p>Enjoy!</p> <h2> Contributing to Firefox: how to get started </h2> <p>If you want to start contributing to Firefox your first stop must be <a href="https://firefox-dev.tools/">this website: Firefox Developer Tools</a>. Also, join the Slack channel.</p> <p><strong>Read every section of the guide carefully</strong> and try to not skip anything. There are great insights into the Firefox Developer Tools architecture, but I know, you want to get your hands dirty.</p> <p><strong><a href="https://docs.firefox-dev.tools/getting-started/build.html">Clone the repo</a></strong> (you'll need Mercurial) and <strong>make yourself comfortable with the codebase</strong>. <strong>It is big, and you'll need a lot of reading through the source code before starting to grasp anything</strong>.</p> <p>Don't try to rush it, don't be like me. <strong>Your first patch will be likely need changes</strong> because you don't know how Firefox Dev Tools works under the hood.</p> <p>But that's a good thing because <strong>learning from such a big codebase and interacting with more expert developers is invaluable</strong>.</p> <p>After cloning the repo and glancing through the code it will come the time to create <strong>your first patch</strong>. But first, <strong>let's demystify the architecture of Firefox Dev Tools</strong>.</p> <h2> Firefox Dev Tools frontend: the architecture </h2> <p>The Firefox Dev Tools frontend is a big <strong>React/Redux app made of many little apps</strong>. For that reason you'll need a good understanding of Redux, namely:</p> <ul> <li>reducers</li> <li>actions</li> <li>middlewares</li> <li>store enhancers</li> <li>selectors</li> </ul> <p><strong>Every tab in the developer tool is a React/Redux app</strong> which lives in a separate folder in <strong>mozilla-central/devtools/client</strong>. Here's a breakdown:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>tree <span class="nt">-d</span> <span class="nt">-L</span> 1 devtools/client/ devtools/client/ ├── aboutdebugging ├── accessibility ├── application ├── bin ├── debugger ├── dom ├── framework ├── inspector ├── jsonview ├── locales ├── memory ├── netmonitor ├── performance ├── performance-new ├── preferences ├── responsive ├── shared ├── storage ├── styleeditor ├── themes ├── webconsole ├── webreplay └── whats-new </code></pre> </div> <p>You can recognize each tab: <strong>debugger, inspector, memory, netmonitor, performance</strong>, and so on.</p> <p>As you'll find out by going through, each application follows more or less the same directory structure. Inside each app you'll find:</p> <ul> <li><strong>React components</strong></li> <li> <strong>Redux actions, reducers</strong>, and so on</li> <li><strong>tests</strong></li> <li><strong>utilities</strong></li> </ul> <p>There are also a lot of other folders which I won't cover here, but you can learn more by checking out <a href="https://docs.firefox-dev.tools/files/">this link</a>.</p> <p>Worth noting, each tab in the developer tool is also a <strong>panel</strong>. The debugger for example is defined in <strong>devtools/client/debugger/panel.js</strong>.</p> <p>On top of that, the entirety of each panel grouped together is called <strong>toolbox</strong> and is defined in <strong>devtools/client/framework/toolbox.js</strong>.</p> <p>The toolbox is in practice the entire dev tool window. <strong>Each panel gets access to the toolbox, which is injected</strong> at runtime. The debugger panel for example takes toolbox as a parameter:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// devtools/client/debugger/panel.js</span> <span class="kd">function</span> <span class="nx">DebuggerPanel</span><span class="p">(</span><span class="nx">iframeWindow</span><span class="p">,</span> <span class="nx">toolbox</span><span class="p">)</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">panelWin</span> <span class="o">=</span> <span class="nx">iframeWindow</span><span class="p">;</span> <span class="k">this</span><span class="p">.</span><span class="nx">panelWin</span><span class="p">.</span><span class="nx">L10N</span> <span class="o">=</span> <span class="nx">L10N</span><span class="p">;</span> <span class="k">this</span><span class="p">.</span><span class="nx">toolbox</span> <span class="o">=</span> <span class="nx">toolbox</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>Same is true for the inspector panel:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// devtools/client/inspector/panel.js</span> <span class="kd">function</span> <span class="nx">InspectorPanel</span><span class="p">(</span><span class="nx">iframeWindow</span><span class="p">,</span> <span class="nx">toolbox</span><span class="p">)</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">_inspector</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">iframeWindow</span><span class="p">.</span><span class="nx">Inspector</span><span class="p">(</span><span class="nx">toolbox</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>Turns out, <strong>this frontend is only the tip of the iceberg</strong>. There is also a <strong>Firefox Dev Tools backend</strong>. But we'll get to it later: let me show you my first attempt to implement "Store as global variable".</p> <p><strong>TIP</strong>: to browse the codebase you can also use <a href="https://searchfox.org/mozilla-central/source/devtools">Searchfox</a>.</p> <h2> Store as global variable: a first attempt </h2> <p>After building Firefox (<a href="https://docs.firefox-dev.tools/getting-started/build.html">instructions here</a>) I started off by looking around in <strong>devtools/client/debugger</strong>.</p> <p>I found out my entry point in <strong><a href="https://searchfox.org/mozilla-central/source/devtools/client/debugger/src/components/SecondaryPanes/Scopes.js">devtools/client/debugger/src/components/SecondaryPanes/Scopes.js</a></strong>.</p> <p><strong>This component is responsible for displaying Scopes</strong>, and has already a <strong>context menu</strong> for adding watchpoints.</p> <p>I started off by adding a new entry named "Store as global variable" to the menu. Here's the relevant part:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="nx">onContextMenu</span> <span class="o">=</span> <span class="p">(</span><span class="nx">event</span><span class="p">:</span> <span class="nx">any</span><span class="p">,</span> <span class="nx">item</span><span class="p">:</span> <span class="nx">any</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">addWatchpoint</span><span class="p">,</span> <span class="nx">removeWatchpoint</span><span class="p">,</span> <span class="nx">storeAsGlobalVariable</span><span class="p">,</span> <span class="p">}</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nx">props</span><span class="p">;</span> <span class="c1">// omitted for brevity</span> <span class="kd">const</span> <span class="nx">storeAsGlobalVariableItem</span> <span class="o">=</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="dl">"</span><span class="s2">node-menu-store-as-global</span><span class="dl">"</span><span class="p">,</span> <span class="na">label</span><span class="p">:</span> <span class="nx">storeAsGlobalLabel</span><span class="p">,</span> <span class="na">disable</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">click</span><span class="p">:</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nx">storeAsGlobalVariable</span><span class="p">(</span><span class="nx">item</span><span class="p">),</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">menuItems</span> <span class="o">=</span> <span class="p">[</span><span class="nx">storeAsGlobalVariableItem</span><span class="p">,</span> <span class="nx">watchpointsSubmenuItem</span><span class="p">];</span> <span class="nx">showMenu</span><span class="p">(</span><span class="nx">event</span><span class="p">,</span> <span class="nx">menuItems</span><span class="p">);</span> <span class="p">};</span> </code></pre> </div> <p>As you can see the menu is shown in response to the <a href="https://developer.mozilla.org/en-US/docs/Web/API/Element/contextmenu_event">contextmenu event</a>.</p> <p>The Scopes component is connected to the Redux store, that means it has access to <strong>actions</strong>. </p> <p>So I've added a new action in <strong>devtools/client/debugger/packages/devtools-reps/src/object-inspector/actions.js</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nx">storeAsGlobalVariable</span><span class="p">(</span><span class="nx">item</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="k">async</span> <span class="kd">function</span><span class="p">({</span> <span class="nx">panel</span> <span class="p">})</span> <span class="p">{</span> <span class="c1">// omit for brevity</span> <span class="k">await</span> <span class="nx">panel</span><span class="p">.</span><span class="nx">storeAsGlobalVariable</span><span class="p">(</span><span class="nx">selectedObjectActor</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>With the help of <a href="https://twitter.com/nicolaschevobbe">Nicolas from the Firefox team</a> I've got a first proof of concept. There is a lot more going on in this action and I've omitted some code for brevity's sake, but if you're familiar with Redux you can recognize a <strong>thunk</strong>. </p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--U6scMprj--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/3ulkhuj5zryyf9g8j8t1.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--U6scMprj--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/3ulkhuj5zryyf9g8j8t1.png" alt="Context menu" width="648" height="273"></a></p> <p>Thunk is a middleware, and as for the project is configured <strong>each thunk has access to the panel</strong>.</p> <p>If you remember from the previous section <strong>a panel is a dev tools tab</strong>. In this case <strong>panel is the debugger tab</strong>.</p> <p>What happens in this action is that it takes item as a parameter and computes a selectedObjectActor. In brief, the item is the actual thing that has been clicked in the Scopes panel. selectedObjectActor instead is a reference (a string) that we need to pass to the <strong>server</strong>.</p> <p>Yes, there is a server. In the next section I'll describe what I learned about it, while trying to explain how the entire architecture works.</p> <p>Worth noting, most of the codebase is type annotated with <strong>Flow</strong>. I'm not familiar with it, but it's not so different from TypeScript, which I use most of the times.</p> <p>By the way, since it's all JavaScript don't forget to install the dependencies for any given panel you're working on (you'll need to install Yarn). In my case:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cd</span> ~/Code/mozilla-central/devtools/client/debugger yarn <span class="nb">install</span> </code></pre> </div> <p>After making changes don't forget to build the bundle and to rebuild Firefox as well, again in my case:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cd</span> ~/Code/mozilla-central/devtools/client/debugger node bin/bundle.js ~/Code/mozilla-central/mach build </code></pre> </div> <p>Now you can run Firefox with:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>~/Code/mozilla-central/mach run <span class="c"># or simply ./mach run if you're in the same folder</span> </code></pre> </div> <p>The build produces a version of <strong>Firefox called Nightly</strong>. I use Firefox Developer Edition for development, Nightly is similar, but includes all the newest features. To learn more about all the Firefox versions <a href="https://www.youtube.com/watch?v=qQ1oQJJn1nQ">check out out this video by Jen Simmons</a>.</p> <h2> Firefox Dev Tools server: the architecture </h2> <p>As I said, <strong>the Firefox Dev Tools frontend is only the tip of the iceberg</strong>. <strong>Each panel in fact is a client</strong>, and <strong>has a corresponding actor on the server</strong>.</p> <p>That means there is the webconsole actor, the inspector actor, the network actor, and so on. It's not a 1:1 match, the debugger panel for example talks to the <strong>thread actor</strong>, but, you got the point.</p> <p>Actors are defined in <strong>devtools/server/actors</strong>. The term <strong>actor</strong> refers also to any object that is being debugged (the debuggee).</p> <p>In my action for example I passed a selectedObjectActor:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nx">storeAsGlobalVariable</span><span class="p">(</span><span class="nx">item</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="k">async</span> <span class="kd">function</span><span class="p">({</span> <span class="nx">panel</span> <span class="p">})</span> <span class="p">{</span> <span class="c1">// omit for brevity</span> <span class="k">await</span> <span class="nx">panel</span><span class="p">.</span><span class="nx">storeAsGlobalVariable</span><span class="p">(</span><span class="nx">selectedObjectActor</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Here <strong>selectedObjectActor will be a string</strong> like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>"server0.conn0.child1/obj464" </code></pre> </div> <p>This string is used by the client to tell the server "ehi, please, tell me about this object and give me back the result".</p> <p>The thing to keep in mind then is that <strong>it's not the Dev Tool frontend that evaluates the actual JavaScript code</strong>.</p> <p><strong>Everything lives on the server-side and client panels talk to the server via JSON objects</strong>. Then it's the <strong>server-side of Dev Tools that talks to the Firefox JavaScript engine</strong> (SpiderMonkey) and reports back to the client panel if asked.</p> <p>You can read more about the <a href="https://docs.firefox-dev.tools/backend/protocol.html">Debugging protocol architecture here</a>.</p> <p>Now after introducing server and panels it's time to see <strong>how all these components interact</strong>.</p> <h2> Firefox Dev Tools: from the toolbox to the server </h2> <p>Let's take a look again at the action:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nx">storeAsGlobalVariable</span><span class="p">(</span><span class="nx">item</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="k">async</span> <span class="kd">function</span><span class="p">({</span> <span class="nx">panel</span> <span class="p">})</span> <span class="p">{</span> <span class="c1">// omit for brevity</span> <span class="k">await</span> <span class="nx">panel</span><span class="p">.</span><span class="nx">storeAsGlobalVariable</span><span class="p">(</span><span class="nx">selectedObjectActor</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>panel</strong> is a thunk argument and maps to <strong><a href="https://searchfox.org/mozilla-central/source/devtools/client/debugger/panel.js">devtools/client/debugger/panel.js</a></strong>, the actual debugger panel.</p> <p>If you look at the source code you can see that the constructor function for DebuggerPanel takes <strong>toolbox</strong> among the parameters. Toolbox is at <strong><a href="https://searchfox.org/mozilla-central/source/devtools/client/framework/toolbox.js">devtools/client/framework/toolbox.js</a></strong> and has an <a href="https://searchfox.org/mozilla-central/source/devtools/client/framework/toolbox.js#2781">openSplitConsole method</a>.</p> <p>That was exactly what I was searching for. Also, by looking at how the "Use in console" feature works in the inspector I tried to replicate the same feature. That lead me to create a new method in <strong>devtools/client/debugger/panel.js</strong>, storeAsGlobalVariable:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="nx">storeAsGlobalVariable</span><span class="p">:</span> <span class="k">async</span> <span class="kd">function</span><span class="p">(</span><span class="nx">selectedObjectActor</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">toolbox</span><span class="p">.</span><span class="nx">openSplitConsole</span><span class="p">();</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">hud</span> <span class="p">}</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nx">toolbox</span><span class="p">.</span><span class="nx">getPanel</span><span class="p">(</span><span class="dl">"</span><span class="s2">webconsole</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">script</span> <span class="o">=</span> <span class="s2">`{ let i = 0; while (this.hasOwnProperty("temp" + i) &amp;&amp; i &lt; 1000) { i++; } this["temp" + i] = _self; "temp" + i; }`</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">thread</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nx">_selectors</span><span class="p">.</span><span class="nx">getCurrentThread</span><span class="p">(</span><span class="k">this</span><span class="p">.</span><span class="nx">_getState</span><span class="p">());</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">id</span> <span class="p">}</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nx">_selectors</span><span class="p">.</span><span class="nx">getSelectedFrame</span><span class="p">(</span><span class="k">this</span><span class="p">.</span><span class="nx">_getState</span><span class="p">(),</span> <span class="nx">thread</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">options</span> <span class="o">=</span> <span class="p">{</span> <span class="nx">selectedObjectActor</span><span class="p">,</span> <span class="na">frameActor</span><span class="p">:</span> <span class="nx">id</span><span class="p">,</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">res</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">hud</span><span class="p">.</span><span class="nx">evaluateJSAsync</span><span class="p">(</span><span class="nx">script</span><span class="p">,</span> <span class="nx">options</span><span class="p">);</span> <span class="nx">hud</span><span class="p">.</span><span class="nx">setInputValue</span><span class="p">(</span><span class="nx">res</span><span class="p">.</span><span class="nx">result</span><span class="p">);</span> <span class="p">},</span> </code></pre> </div> <p>This method bears a bit of explanation. First, it receives <strong>selectedObjectActor</strong> from the Redux action. Next up it <strong>opens the split console</strong>, that is, the little console you can see some times in the Dev Tool.</p> <p>It also <strong>hooks the webconsole panel</strong> which returns itself as <strong>hud</strong>.</p> <p>You can also notice the script for creating a new global variable. Before forwarding the script for evaluation to the server this method computes also the <strong>frameActor id</strong>.</p> <p>We already saw what is <strong>selectedObjectActor</strong>, a reference to an object in the Scope panel. The <strong>frameActor id</strong> is another string:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>server0.conn0.child1/frame26 </code></pre> </div> <p>In particular it is a reference to the context where we are currently in. <strong>In other words if I pause a script with the debugger, that context where the script is paused is the actual frame</strong>.</p> <p>These two references, selectedObjectActor and frameActor are <strong>needed by an actor which lives in the server</strong>. More on this in the next section.</p> <h2> Store as global variable: the working POC </h2> <p>This is the part that required the help of Nicolas. Let's look again at the previous method:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="nx">storeAsGlobalVariable</span><span class="p">:</span> <span class="k">async</span> <span class="kd">function</span><span class="p">(</span><span class="nx">selectedObjectActor</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// omitted for brevity</span> <span class="kd">const</span> <span class="nx">options</span> <span class="o">=</span> <span class="p">{</span> <span class="nx">selectedObjectActor</span><span class="p">,</span> <span class="na">frameActor</span><span class="p">:</span> <span class="nx">id</span><span class="p">,</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">res</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">hud</span><span class="p">.</span><span class="nx">evaluateJSAsync</span><span class="p">(</span><span class="nx">script</span><span class="p">,</span> <span class="nx">options</span><span class="p">);</span> <span class="nx">hud</span><span class="p">.</span><span class="nx">setInputValue</span><span class="p">(</span><span class="nx">res</span><span class="p">.</span><span class="nx">result</span><span class="p">);</span> <span class="p">},</span> </code></pre> </div> <p>Long story short, the call to <strong>hud.evaluateJSAsync</strong> is forwarded to the server and lands on <strong>evalWithDebugger</strong> defined in <a href="https://searchfox.org/mozilla-central/source/devtools/server/actors/webconsole/eval-with-debugger.js#106">devtools/server/actors/webconsole/eval-with-debugger.js</a>.</p> <p>This function required a tweak because it prevented <strong>_self</strong> from being defined. <strong>_self</strong> is used by the server as a placeholder during evaluation. Here _self is replaced by the actual object:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="kd">const</span> <span class="nx">script</span> <span class="o">=</span> <span class="s2">`{ let i = 0; while (this.hasOwnProperty("temp" + i) &amp;&amp; i &lt; 1000) { i++; } this["temp" + i] = _self; "temp" + i; }`</span><span class="p">;</span> </code></pre> </div> <p>When the evaluation is done the appropriate object is assigned to a <strong>temporary variable named temp0, temp1, and so on</strong>.</p> <p>And with the fix in place (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1573088">you can see the history here</a>) I've got a working proof of concept:</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--0GQsMMkM--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/uyq0zznjvdfrfe0rm9lr.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--0GQsMMkM--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/uyq0zznjvdfrfe0rm9lr.png" alt="working proof of concept" width="633" height="320"></a></p> <p><strong>When the script is paused and the Scopes panel is opened</strong> I can (in my build for now) <strong>save an object in a global variable</strong> after the split panel opens.</p> <h2> Conclusions </h2> <p>Firefox is a fantastic browser and the <strong>developers tools are second to none</strong>.</p> <p>At the time of writing the feature is far from finished, there are some edge cases to cover. But I was eager to share this little open source story to clarify my understanding about such a big system.</p> <h2> Acknowledgments </h2> <p>Thanks to Jason Laster and Nicolas Chevobbe for answering to my questions and providing guidance on my first patch for Firefox.</p> javascript react redux opensource Valentino Gagliardi Mon, 27 Jan 2020 10:14:54 +0000 https://dev.to/valentinogagliardi/cypress-tutorial-for-beginners-getting-started-with-end-to-end-testing-5e0 https://dev.to/valentinogagliardi/cypress-tutorial-for-beginners-getting-started-with-end-to-end-testing-5e0 <p><em>End to End testing can be slow and boring. Cypress has changed the way we test. Learn how to test your applications in this tutorial.</em></p> <h2> Cypress Tutorial for Beginners: requirements </h2> <p>To follow along you need a working installation of <strong>Node.js</strong> on your system. Also, a basic understanding of a newer version of JavaScript is a plus.</p> <h2> What is Cypress? What is End to End Testing? </h2> <p><strong>End to End Testing</strong>, or UI testing is one the many approaches for testing a web application.</p> <p>An end to end test is supposed to check whether a web application works as expected or not, by testing the so called <strong>user flow</strong>.</p> <p>Is End to End Testing important? Yes it is. But nobody likes E2E tests. They can be slow, cumbersome and expensive to write.</p> <p>On the other hand <strong>testing gives you confidence</strong>. Would you ship a broken product to your users on purpose?</p> <p>Enter <strong>Cypress</strong>: a Javascript End to End testing framework. It will make your life easier.</p> <h2> Disclaimer </h2> <p>Before purists yell at me: I know the <strong>subtle line between End to End Testing, UI testing, integration testing</strong>, and so on.</p> <p>And for you dear reader: <strong>testing terminology is so blurry that I can't even ...</strong>. If it's your first time with JavaScript testing I recommend reading <a href="https://www.valentinog.com/blog/jest/">Jest Tutorial for Beginners: Getting Started With Jest for JavaScript Testing</a> for an introduction on unit testing and terminology.</p> <p>When you're done come back here for End to End Testing.</p> <h2> Cypress tutorial for beginners: setting up the project </h2> <p>To start off create a new folder, I called mine <strong>cypress-tutorial</strong>, move into it an initialize a new JavaScript project:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir </span>cypress-tutorial <span class="o">&amp;&amp;</span> <span class="nb">cd</span> <span class="nv">$_</span> npm init <span class="nt">-y</span> </code></pre> </div> <p>Inside this folder create two new files. An HTML document in <strong>index.html</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="cp">&lt;!DOCTYPE html&gt;</span> <span class="nt">&lt;html</span> <span class="na">lang=</span><span class="s">"en"</span><span class="nt">&gt;</span> <span class="nt">&lt;head&gt;</span> <span class="nt">&lt;meta</span> <span class="na">charset=</span><span class="s">"UTF-8"</span> <span class="nt">/&gt;</span> <span class="nt">&lt;title&gt;</span>Cypress tutorial for beginners<span class="nt">&lt;/title&gt;</span> <span class="nt">&lt;/head&gt;</span> <span class="nt">&lt;body&gt;</span> <span class="nt">&lt;main&gt;</span> <span class="nt">&lt;form&gt;</span> <span class="nt">&lt;div&gt;</span> <span class="nt">&lt;label</span> <span class="na">for=</span><span class="s">"name"</span><span class="nt">&gt;</span>Name<span class="nt">&lt;/label&gt;</span> <span class="nt">&lt;input</span> <span class="na">type=</span><span class="s">"name"</span> <span class="na">required</span> <span class="na">name=</span><span class="s">"name"</span> <span class="na">id=</span><span class="s">"name"</span> <span class="nt">/&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;div&gt;</span> <span class="nt">&lt;label</span> <span class="na">for=</span><span class="s">"email"</span><span class="nt">&gt;</span>Email<span class="nt">&lt;/label&gt;</span> <span class="nt">&lt;input</span> <span class="na">type=</span><span class="s">"email"</span> <span class="na">required</span> <span class="na">name=</span><span class="s">"email"</span> <span class="na">id=</span><span class="s">"email"</span> <span class="nt">/&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;div&gt;</span> <span class="nt">&lt;label</span> <span class="na">for=</span><span class="s">"message"</span><span class="nt">&gt;</span>Your message<span class="nt">&lt;/label&gt;</span> <span class="nt">&lt;textarea</span> <span class="na">id=</span><span class="s">"message"</span> <span class="na">name=</span><span class="s">"message"</span> <span class="na">required</span><span class="nt">&gt;&lt;/textarea&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;div&gt;</span> <span class="nt">&lt;button</span> <span class="na">type=</span><span class="s">"submit"</span><span class="nt">&gt;</span>SEND<span class="nt">&lt;/button&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;/form&gt;</span> <span class="nt">&lt;/main&gt;</span> <span class="nt">&lt;/body&gt;</span> <span class="nt">&lt;script </span><span class="na">src=</span><span class="s">"form.js"</span><span class="nt">&gt;&lt;/script&gt;</span> <span class="nt">&lt;/html&gt;</span> </code></pre> </div> <p>It is an HTML form with a bunch on inputs and a textarea. Next up create a JavaScript file in <strong>form.js</strong> with a minimal logic for handling form submission:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">form</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nx">forms</span><span class="p">[</span><span class="mi">0</span><span class="p">];</span> <span class="nx">form</span><span class="p">.</span><span class="nx">addEventListener</span><span class="p">(</span><span class="dl">"</span><span class="s2">submit</span><span class="dl">"</span><span class="p">,</span> <span class="nx">event</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">event</span><span class="p">.</span><span class="nx">preventDefault</span><span class="p">();</span> <span class="p">});</span> </code></pre> </div> <p>Note that I won't add styles to keep things simple. And with this simple project in place we're ready to <strong>install Cypress</strong>.</p> <h2> Installing Cypress </h2> <p>To install Cypress, still in the project folder, run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm i cypress <span class="nt">--save-dev</span> </code></pre> </div> <p>Give it a minute (it needs to download the binary) and then run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>node_modules/.bin/cypress open </code></pre> </div> <p>Cypress will start for the first time and a bunch of new folder will appear in your project. You can remove the example folder, but look a moment into it because there are some nice examples.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--HKUANpky--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://thepracticaldev.s3.amazonaws.com/i/6d0kxygc0xdnt8p4mp3w.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--HKUANpky--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://thepracticaldev.s3.amazonaws.com/i/6d0kxygc0xdnt8p4mp3w.png" alt="Cypress opens" width="820" height="582"></a></p> <p>Close the window for now and head over the next section.</p> <h2> Starting the project </h2> <p>To serve the project on the local machine make sure to have a newer version of Node.js installed and then run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npx serve </code></pre> </div> <p>This will spin a development server at <a href="http://localhost:5000/">http://localhost:5000/</a>. Head over the link and you should see our form:</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--OKzUZFc2--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://thepracticaldev.s3.amazonaws.com/i/l3hrpioamvu906p2mfed.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--OKzUZFc2--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://thepracticaldev.s3.amazonaws.com/i/l3hrpioamvu906p2mfed.png" alt="npx serve" width="580" height="289"></a></p> <p><strong>serve</strong> is a nice NPM package for development. And now time to write our first test!</p> <h2> Cypress tutorial for beginners: writing your first test </h2> <p>Create a new file in <strong>cypress/integration/form.spec.js</strong> and write your first block:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">describe</span><span class="p">(</span><span class="dl">"</span><span class="s2">Form test</span><span class="dl">"</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">//</span> <span class="p">});</span> </code></pre> </div> <p><strong>describe</strong> is a Cypress method (borrowed from Mocha) for containing one or more <strong>related tests</strong>. Every time you start writing a new suite of tests for a functionality wrap it in a describe block. </p> <p>As you can see it takes two arguments: a string for describing the test suite and a <strong>callback function for wrapping the actual test</strong>.</p> <p>Next up we're going to meet another function called <strong>it</strong> which is the actual test block:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">describe</span><span class="p">(</span><span class="dl">"</span><span class="s2">Form test</span><span class="dl">"</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">it</span><span class="p">(</span><span class="dl">"</span><span class="s2">Can fill the form</span><span class="dl">"</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">//</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <p>If you know already Jest you may recall that it takes <strong>it</strong> or <strong>test</strong> interchangeably. That's not the case with Cypress. <strong>it</strong> is the only accepted block.</p> <p>And now time for a smoke test! In the <strong>it block</strong> write:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">describe</span><span class="p">(</span><span class="dl">"</span><span class="s2">Form test</span><span class="dl">"</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">it</span><span class="p">(</span><span class="dl">"</span><span class="s2">Can fill the form</span><span class="dl">"</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">cy</span><span class="p">.</span><span class="nx">visit</span><span class="p">(</span><span class="dl">"</span><span class="s2">/</span><span class="dl">"</span><span class="p">);</span> <span class="nx">cy</span><span class="p">.</span><span class="kd">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">form</span><span class="dl">"</span><span class="p">);</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <p>Here <strong>cy</strong> is Cypress itself and <strong>visit</strong> is a Cypress method for browsing to a given path.</p> <p><strong>get</strong> instead is a method for <strong>selecting elements in the page</strong>. With this code we tell Cypress "go grab the form in the page". </p> <p>In a minute we'll see Cypress in action, but first, a bit of configuration!</p> <h2> Configuring Cypress </h2> <p>To streamline things a bit we're going to configure Cypress. To begin with open up <strong>package.json</strong> and create a script named <strong>e2e</strong> pointing to the Cypress binary:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="w"> </span><span class="nl">"scripts"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"e2e"</span><span class="p">:</span><span class="w"> </span><span class="s2">"cypress open"</span><span class="w"> </span><span class="p">}</span><span class="err">,</span><span class="w"> </span></code></pre> </div> <p>Next up open <strong>cypress.json</strong> and configure the base url:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"baseUrl"</span><span class="p">:</span><span class="w"> </span><span class="s2">"http://localhost:5000"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>With this option we tell Cypress to visit our development url. (5000 is the default port for the <strong>serve</strong> package).</p> <p>And now we're ready to launch your first test!</p> <h2> Cypress tutorial for beginners: running the test </h2> <p>Ready? With the development server still running in a terminal:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npx serve </code></pre> </div> <p><strong>open up another terminal</strong> and run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm run e2e </code></pre> </div> <p>You should see <strong>Cypress opening a browser</strong> and going through the page:</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s---Mu2e4by--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://thepracticaldev.s3.amazonaws.com/i/vxg5q4thz63uxgzk8gzn.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s---Mu2e4by--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://thepracticaldev.s3.amazonaws.com/i/vxg5q4thz63uxgzk8gzn.png" alt="First test passing" width="880" height="448"></a></p> <p>That's your first test passing! Both <strong>visit</strong> and <strong>get</strong> are Cypress commands which act also as <strong>implicit assertions</strong>, that is, if the element is in the page Cypress will consider the test passed.</p> <p>Now let's continue extending your test to see if the user can fill the form:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">describe</span><span class="p">(</span><span class="dl">"</span><span class="s2">Form test</span><span class="dl">"</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">it</span><span class="p">(</span><span class="dl">"</span><span class="s2">Can fill the form</span><span class="dl">"</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">cy</span><span class="p">.</span><span class="nx">visit</span><span class="p">(</span><span class="dl">"</span><span class="s2">/</span><span class="dl">"</span><span class="p">);</span> <span class="nx">cy</span><span class="p">.</span><span class="kd">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">form</span><span class="dl">"</span><span class="p">);</span> <span class="nx">cy</span><span class="p">.</span><span class="kd">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">input[name="name"]</span><span class="dl">'</span><span class="p">).</span><span class="nx">type</span><span class="p">(</span><span class="dl">"</span><span class="s2">Molly</span><span class="dl">"</span><span class="p">);</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <p>Here's another Cypress command: <strong>type</strong>, which unsurprisingly types into our first text input. Also notice the CSS selector for getting the input element.</p> <p>While there let's also add another command: <strong>should</strong>. This command creates an assertion and is used for example to check if an input is updating its state as expected:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">describe</span><span class="p">(</span><span class="dl">"</span><span class="s2">Form test</span><span class="dl">"</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">it</span><span class="p">(</span><span class="dl">"</span><span class="s2">Can fill the form</span><span class="dl">"</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">cy</span><span class="p">.</span><span class="nx">visit</span><span class="p">(</span><span class="dl">"</span><span class="s2">/</span><span class="dl">"</span><span class="p">);</span> <span class="nx">cy</span><span class="p">.</span><span class="kd">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">form</span><span class="dl">"</span><span class="p">);</span> <span class="nx">cy</span><span class="p">.</span><span class="kd">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">input[name="name"]</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nx">type</span><span class="p">(</span><span class="dl">"</span><span class="s2">Molly</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nx">should</span><span class="p">(</span><span class="dl">"</span><span class="s2">have.value</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Molly</span><span class="dl">"</span><span class="p">);</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <p>Notice <strong>have.value</strong>. If you're new to this concept you can <a href="https://docs.cypress.io/guides/core-concepts/introduction-to-cypress.html#Assertions">learn more about assertions here</a>.</p> <p>And with a minimal test in place let's continue in the next section.</p> <h2> Cypress tutorial for beginners: more tests and a submit </h2> <p>To continue our test we can check the email input:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">describe</span><span class="p">(</span><span class="dl">"</span><span class="s2">Form test</span><span class="dl">"</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">it</span><span class="p">(</span><span class="dl">"</span><span class="s2">Can fill the form</span><span class="dl">"</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">cy</span><span class="p">.</span><span class="nx">visit</span><span class="p">(</span><span class="dl">"</span><span class="s2">/</span><span class="dl">"</span><span class="p">);</span> <span class="nx">cy</span><span class="p">.</span><span class="kd">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">form</span><span class="dl">"</span><span class="p">);</span> <span class="nx">cy</span><span class="p">.</span><span class="kd">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">input[name="name"]</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nx">type</span><span class="p">(</span><span class="dl">"</span><span class="s2">Molly</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nx">should</span><span class="p">(</span><span class="dl">"</span><span class="s2">have.value</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Molly</span><span class="dl">"</span><span class="p">);</span> <span class="nx">cy</span><span class="p">.</span><span class="kd">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">input[name="email"]</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nx">type</span><span class="p">(</span><span class="dl">"</span><span class="s2">molly@dev.dev</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nx">should</span><span class="p">(</span><span class="dl">"</span><span class="s2">have.value</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">molly@dev.dev</span><span class="dl">"</span><span class="p">);</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <p>Also we can type into the textarea:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">describe</span><span class="p">(</span><span class="dl">"</span><span class="s2">Form test</span><span class="dl">"</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">it</span><span class="p">(</span><span class="dl">"</span><span class="s2">Can fill the form</span><span class="dl">"</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">cy</span><span class="p">.</span><span class="nx">visit</span><span class="p">(</span><span class="dl">"</span><span class="s2">/</span><span class="dl">"</span><span class="p">);</span> <span class="nx">cy</span><span class="p">.</span><span class="kd">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">form</span><span class="dl">"</span><span class="p">);</span> <span class="nx">cy</span><span class="p">.</span><span class="kd">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">input[name="name"]</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nx">type</span><span class="p">(</span><span class="dl">"</span><span class="s2">Molly</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nx">should</span><span class="p">(</span><span class="dl">"</span><span class="s2">have.value</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Molly</span><span class="dl">"</span><span class="p">);</span> <span class="nx">cy</span><span class="p">.</span><span class="kd">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">input[name="email"]</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nx">type</span><span class="p">(</span><span class="dl">"</span><span class="s2">molly@dev.dev</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nx">should</span><span class="p">(</span><span class="dl">"</span><span class="s2">have.value</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">molly@dev.dev</span><span class="dl">"</span><span class="p">);</span> <span class="nx">cy</span><span class="p">.</span><span class="kd">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">textarea</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nx">type</span><span class="p">(</span><span class="dl">"</span><span class="s2">Mind you if I ask some silly question?</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nx">should</span><span class="p">(</span><span class="dl">"</span><span class="s2">have.value</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Mind you if I ask some silly question?</span><span class="dl">"</span><span class="p">);</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <p><strong>If you left Cypress open</strong> the test should watch your changes and run automatically:</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--XDURA3Dc--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://thepracticaldev.s3.amazonaws.com/i/r9e6yc2oqzrfo438lbhh.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--XDURA3Dc--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://thepracticaldev.s3.amazonaws.com/i/r9e6yc2oqzrfo438lbhh.png" alt="More tests" width="880" height="397"></a></p> <p>How nice! As icing on the cake let's <strong>test form submission</strong> with <strong>submit</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">describe</span><span class="p">(</span><span class="dl">"</span><span class="s2">Form test</span><span class="dl">"</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">it</span><span class="p">(</span><span class="dl">"</span><span class="s2">Can fill the form</span><span class="dl">"</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">cy</span><span class="p">.</span><span class="nx">visit</span><span class="p">(</span><span class="dl">"</span><span class="s2">/</span><span class="dl">"</span><span class="p">);</span> <span class="nx">cy</span><span class="p">.</span><span class="kd">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">form</span><span class="dl">"</span><span class="p">);</span> <span class="nx">cy</span><span class="p">.</span><span class="kd">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">input[name="name"]</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nx">type</span><span class="p">(</span><span class="dl">"</span><span class="s2">Molly</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nx">should</span><span class="p">(</span><span class="dl">"</span><span class="s2">have.value</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Molly</span><span class="dl">"</span><span class="p">);</span> <span class="nx">cy</span><span class="p">.</span><span class="kd">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">input[name="email"]</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nx">type</span><span class="p">(</span><span class="dl">"</span><span class="s2">molly@dev.dev</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nx">should</span><span class="p">(</span><span class="dl">"</span><span class="s2">have.value</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">molly@dev.dev</span><span class="dl">"</span><span class="p">);</span> <span class="nx">cy</span><span class="p">.</span><span class="kd">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">textarea</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nx">type</span><span class="p">(</span><span class="dl">"</span><span class="s2">Mind you if I ask some silly question?</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nx">should</span><span class="p">(</span><span class="dl">"</span><span class="s2">have.value</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Mind you if I ask some silly question?</span><span class="dl">"</span><span class="p">);</span> <span class="nx">cy</span><span class="p">.</span><span class="kd">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">form</span><span class="dl">"</span><span class="p">).</span><span class="nx">submit</span><span class="p">();</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <p>The test should keep passing without any problem. <strong>One thing you can notice are these self-describing commands</strong>: type, submit. It's plain english.</p> <p>Now let's go a bit fancy in the next section with <strong>XHR request testing</strong>.</p> <h2> Stubbing XHR requests with Cypress </h2> <p>Among all the things <strong>Cypress is also able to intercept AJAX request</strong>. This approach is called <strong>stubbing</strong>.</p> <p>Stubbing is convenient when working in development where you can choose to <strong>return fake response to your AJAX requests</strong>.</p> <p>To demonstrate this feature let's add a new piece of code inside our test:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">describe</span><span class="p">(</span><span class="dl">"</span><span class="s2">Form test</span><span class="dl">"</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">it</span><span class="p">(</span><span class="dl">"</span><span class="s2">Can fill the form</span><span class="dl">"</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">cy</span><span class="p">.</span><span class="nx">visit</span><span class="p">(</span><span class="dl">"</span><span class="s2">/</span><span class="dl">"</span><span class="p">);</span> <span class="nx">cy</span><span class="p">.</span><span class="kd">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">form</span><span class="dl">"</span><span class="p">);</span> <span class="c1">// omitted for brevity</span> <span class="nx">cy</span><span class="p">.</span><span class="nx">server</span><span class="p">();</span> <span class="nx">cy</span><span class="p">.</span><span class="nx">route</span><span class="p">({</span> <span class="na">url</span><span class="p">:</span> <span class="dl">"</span><span class="s2">/users/**</span><span class="dl">"</span><span class="p">,</span> <span class="na">method</span><span class="p">:</span> <span class="dl">"</span><span class="s2">POST</span><span class="dl">"</span><span class="p">,</span> <span class="na">response</span><span class="p">:</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Saved</span><span class="dl">"</span><span class="p">,</span> <span class="na">code</span><span class="p">:</span> <span class="mi">201</span> <span class="p">}</span> <span class="p">});</span> <span class="nx">cy</span><span class="p">.</span><span class="kd">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">form</span><span class="dl">"</span><span class="p">).</span><span class="nx">submit</span><span class="p">();</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <p>Here <strong>cy.server</strong> spins up a "virtual" server while <strong>cy.route</strong> is used for configuring a fake API endpoint. </p> <p>Now let's add another test to check things out: <strong>after the user submits the form we want to test that the fake API is responding</strong>. Why so?</p> <p><strong>Stubbing is useful because we can bypass the real API altogether in development</strong>. Let's extend the test with <strong>cy.contains</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">describe</span><span class="p">(</span><span class="dl">"</span><span class="s2">Form test</span><span class="dl">"</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">it</span><span class="p">(</span><span class="dl">"</span><span class="s2">Can fill the form</span><span class="dl">"</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">cy</span><span class="p">.</span><span class="nx">visit</span><span class="p">(</span><span class="dl">"</span><span class="s2">/</span><span class="dl">"</span><span class="p">);</span> <span class="nx">cy</span><span class="p">.</span><span class="kd">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">form</span><span class="dl">"</span><span class="p">);</span> <span class="c1">// omitted for brevity</span> <span class="nx">cy</span><span class="p">.</span><span class="nx">server</span><span class="p">();</span> <span class="nx">cy</span><span class="p">.</span><span class="nx">route</span><span class="p">({</span> <span class="na">url</span><span class="p">:</span> <span class="dl">"</span><span class="s2">/users/**</span><span class="dl">"</span><span class="p">,</span> <span class="na">method</span><span class="p">:</span> <span class="dl">"</span><span class="s2">POST</span><span class="dl">"</span><span class="p">,</span> <span class="na">response</span><span class="p">:</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Form saved!</span><span class="dl">"</span><span class="p">,</span> <span class="na">code</span><span class="p">:</span> <span class="mi">201</span> <span class="p">}</span> <span class="p">});</span> <span class="nx">cy</span><span class="p">.</span><span class="kd">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">form</span><span class="dl">"</span><span class="p">).</span><span class="nx">submit</span><span class="p">();</span> <span class="nx">cy</span><span class="p">.</span><span class="nx">contains</span><span class="p">(</span><span class="dl">"</span><span class="s2">Form saved!</span><span class="dl">"</span><span class="p">);</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <p>The test is <strong>expected to fail</strong> because there is no logic in place for sending the form to an API. In the next section we'll make the test pass.</p> <h2> Sending form data to an API </h2> <p>Bear with me in this section! At the time of writing <a href="https://github.com/cypress-io/cypress/issues/95">Cypress couldn't intercept Fetch requests</a>. We're going to use <strong>XMLHttpRequest</strong> instead. (<a href="https://github.com/valentinogagliardi/Little-JavaScript-Book/blob/1.1.0/manuscript/chapter9.md">Check this out for an introduction</a>).</p> <p>Open up <strong>form.js</strong> and implement the logic:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">form</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nx">forms</span><span class="p">[</span><span class="mi">0</span><span class="p">];</span> <span class="nx">form</span><span class="p">.</span><span class="nx">addEventListener</span><span class="p">(</span><span class="dl">"</span><span class="s2">submit</span><span class="dl">"</span><span class="p">,</span> <span class="nx">event</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">event</span><span class="p">.</span><span class="nx">preventDefault</span><span class="p">();</span> <span class="k">new</span> <span class="nx">FormData</span><span class="p">(</span><span class="nx">form</span><span class="p">);</span> <span class="p">});</span> <span class="nb">document</span><span class="p">.</span><span class="nx">addEventListener</span><span class="p">(</span><span class="dl">"</span><span class="s2">formdata</span><span class="dl">"</span><span class="p">,</span> <span class="nx">event</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">body</span> <span class="o">=</span> <span class="nb">Object</span><span class="p">.</span><span class="nx">fromEntries</span><span class="p">(</span><span class="nx">event</span><span class="p">.</span><span class="nx">formData</span><span class="p">.</span><span class="nx">entries</span><span class="p">());</span> <span class="kd">const</span> <span class="nx">jsonBody</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nx">stringify</span><span class="p">(</span><span class="nx">body</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">request</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">XMLHttpRequest</span><span class="p">();</span> <span class="nx">request</span><span class="p">.</span><span class="nx">open</span><span class="p">(</span><span class="dl">"</span><span class="s2">POST</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">https://jsonplaceholder.typicode.com/users/</span><span class="dl">"</span><span class="p">);</span> <span class="nx">request</span><span class="p">.</span><span class="nx">send</span><span class="p">(</span><span class="nx">jsonBody</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>In this snippet I'm using the <a href="https://www.valentinog.com/blog/formdata/">formdata event</a>. The event is dispatched when we call <strong>new FormData</strong>.</p> <p>In the event listener we build an object with <strong>fromEntries</strong> (ECMAScript 2019). The <strong>we send the data to an API</strong>.</p> <p>To make the test pass we also need to <strong>get the response back from the API</strong> and save it to the document. For doing so we can listen on the onload event of XMLHttpRequest:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// omit</span> <span class="nb">document</span><span class="p">.</span><span class="nx">addEventListener</span><span class="p">(</span><span class="dl">"</span><span class="s2">formdata</span><span class="dl">"</span><span class="p">,</span> <span class="nx">event</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">body</span> <span class="o">=</span> <span class="nb">Object</span><span class="p">.</span><span class="nx">fromEntries</span><span class="p">(</span><span class="nx">event</span><span class="p">.</span><span class="nx">formData</span><span class="p">.</span><span class="nx">entries</span><span class="p">());</span> <span class="kd">const</span> <span class="nx">jsonBody</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nx">stringify</span><span class="p">(</span><span class="nx">body</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">request</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">XMLHttpRequest</span><span class="p">();</span> <span class="nx">request</span><span class="p">.</span><span class="nx">open</span><span class="p">(</span><span class="dl">"</span><span class="s2">POST</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">https://jsonplaceholder.typicode.com/users/</span><span class="dl">"</span><span class="p">);</span> <span class="nx">request</span><span class="p">.</span><span class="nx">send</span><span class="p">(</span><span class="nx">jsonBody</span><span class="p">);</span> <span class="c1">// get the response</span> <span class="nx">request</span><span class="p">.</span><span class="nx">onload</span> <span class="o">=</span> <span class="kd">function</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">jsonResponse</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nx">parse</span><span class="p">(</span><span class="k">this</span><span class="p">.</span><span class="nx">response</span><span class="p">);</span> <span class="p">};</span> <span class="p">});</span> </code></pre> </div> <p>Finally we can <strong>dangerously (just for keeping things simple) save the response in the page</strong> (please don't never ever do this in a serious codebase):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// omit</span> <span class="nx">request</span><span class="p">.</span><span class="nx">onload</span> <span class="o">=</span> <span class="kd">function</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">jsonResponse</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nx">parse</span><span class="p">(</span><span class="k">this</span><span class="p">.</span><span class="nx">response</span><span class="p">);</span> <span class="nb">document</span><span class="p">.</span><span class="nx">body</span><span class="p">.</span><span class="nx">innerHTML</span> <span class="o">+=</span> <span class="s2">`Response from the server: </span><span class="p">${</span><span class="nx">jsonResponse</span><span class="p">.</span><span class="nx">status</span><span class="p">}</span><span class="s2">`</span><span class="p">;</span> <span class="p">};</span> </code></pre> </div> <p>And now it's time to see the test passing!</p> <h2> Stubbing XHR requests with Cypress: a passing test </h2> <p>To recap here's the complete test in <strong>cypress/integration/form.spec.js</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">describe</span><span class="p">(</span><span class="dl">"</span><span class="s2">Form test</span><span class="dl">"</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">it</span><span class="p">(</span><span class="dl">"</span><span class="s2">Can fill the form</span><span class="dl">"</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">cy</span><span class="p">.</span><span class="nx">visit</span><span class="p">(</span><span class="dl">"</span><span class="s2">/</span><span class="dl">"</span><span class="p">);</span> <span class="nx">cy</span><span class="p">.</span><span class="kd">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">form</span><span class="dl">"</span><span class="p">);</span> <span class="nx">cy</span><span class="p">.</span><span class="kd">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">input[name="name"]</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nx">type</span><span class="p">(</span><span class="dl">"</span><span class="s2">Molly</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nx">should</span><span class="p">(</span><span class="dl">"</span><span class="s2">have.value</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Molly</span><span class="dl">"</span><span class="p">);</span> <span class="nx">cy</span><span class="p">.</span><span class="kd">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">input[name="email"]</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nx">type</span><span class="p">(</span><span class="dl">"</span><span class="s2">molly@dev.dev</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nx">should</span><span class="p">(</span><span class="dl">"</span><span class="s2">have.value</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">molly@dev.dev</span><span class="dl">"</span><span class="p">);</span> <span class="nx">cy</span><span class="p">.</span><span class="kd">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">textarea</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nx">type</span><span class="p">(</span><span class="dl">"</span><span class="s2">Mind you if I ask some silly question?</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nx">should</span><span class="p">(</span><span class="dl">"</span><span class="s2">have.value</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Mind you if I ask some silly question?</span><span class="dl">"</span><span class="p">);</span> <span class="nx">cy</span><span class="p">.</span><span class="nx">server</span><span class="p">();</span> <span class="nx">cy</span><span class="p">.</span><span class="nx">route</span><span class="p">({</span> <span class="na">url</span><span class="p">:</span> <span class="dl">"</span><span class="s2">/users/**</span><span class="dl">"</span><span class="p">,</span> <span class="na">method</span><span class="p">:</span> <span class="dl">"</span><span class="s2">POST</span><span class="dl">"</span><span class="p">,</span> <span class="na">response</span><span class="p">:</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Form saved!</span><span class="dl">"</span><span class="p">,</span> <span class="na">code</span><span class="p">:</span> <span class="mi">201</span> <span class="p">}</span> <span class="p">});</span> <span class="nx">cy</span><span class="p">.</span><span class="kd">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">form</span><span class="dl">"</span><span class="p">).</span><span class="nx">submit</span><span class="p">();</span> <span class="nx">cy</span><span class="p">.</span><span class="nx">contains</span><span class="p">(</span><span class="dl">"</span><span class="s2">Form saved!</span><span class="dl">"</span><span class="p">);</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <p>And here's the complete code for <strong>form.js</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">form</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nx">forms</span><span class="p">[</span><span class="mi">0</span><span class="p">];</span> <span class="nx">form</span><span class="p">.</span><span class="nx">addEventListener</span><span class="p">(</span><span class="dl">"</span><span class="s2">submit</span><span class="dl">"</span><span class="p">,</span> <span class="nx">event</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">event</span><span class="p">.</span><span class="nx">preventDefault</span><span class="p">();</span> <span class="k">new</span> <span class="nx">FormData</span><span class="p">(</span><span class="nx">form</span><span class="p">);</span> <span class="p">});</span> <span class="nb">document</span><span class="p">.</span><span class="nx">addEventListener</span><span class="p">(</span><span class="dl">"</span><span class="s2">formdata</span><span class="dl">"</span><span class="p">,</span> <span class="nx">event</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">body</span> <span class="o">=</span> <span class="nb">Object</span><span class="p">.</span><span class="nx">fromEntries</span><span class="p">(</span><span class="nx">event</span><span class="p">.</span><span class="nx">formData</span><span class="p">.</span><span class="nx">entries</span><span class="p">());</span> <span class="kd">const</span> <span class="nx">jsonBody</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nx">stringify</span><span class="p">(</span><span class="nx">body</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">request</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">XMLHttpRequest</span><span class="p">();</span> <span class="nx">request</span><span class="p">.</span><span class="nx">open</span><span class="p">(</span><span class="dl">"</span><span class="s2">POST</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">https://jsonplaceholder.typicode.com/users/</span><span class="dl">"</span><span class="p">);</span> <span class="nx">request</span><span class="p">.</span><span class="nx">send</span><span class="p">(</span><span class="nx">jsonBody</span><span class="p">);</span> <span class="c1">// get the response</span> <span class="nx">request</span><span class="p">.</span><span class="nx">onload</span> <span class="o">=</span> <span class="kd">function</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">jsonResponse</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nx">parse</span><span class="p">(</span><span class="k">this</span><span class="p">.</span><span class="nx">response</span><span class="p">);</span> <span class="nb">document</span><span class="p">.</span><span class="nx">body</span><span class="p">.</span><span class="nx">innerHTML</span> <span class="o">+=</span> <span class="s2">`Response from the server: </span><span class="p">${</span><span class="nx">jsonResponse</span><span class="p">.</span><span class="nx">status</span><span class="p">}</span><span class="s2">`</span><span class="p">;</span> <span class="p">};</span> <span class="p">});</span> </code></pre> </div> <p>One thing to keep in mind is that the <strong>real API would not likely return the same shape of our fake stub</strong>. When developing a real app you do need to adapt your tests to the real system.</p> <p>But for now we're good and if you kept Cypress opened you should already see the test passing:</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--HrsQmRxT--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://thepracticaldev.s3.amazonaws.com/i/kx50mguo37jgou2em1bx.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--HrsQmRxT--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://thepracticaldev.s3.amazonaws.com/i/kx50mguo37jgou2em1bx.png" alt="Stubbing XHR requests" width="880" height="489"></a></p> <p>You can see a routes section at the top left and <strong>XHR stub</strong> in the test output, <strong>sign that Cypress has intercepted the POST request</strong>.</p> <p>That's one of the best features of Cypress, not counting the dozens of commands and assertions ready to use.</p> <p>With stubbing we can conclude the tutorial. Great job!</p> <h2> Cypress tutorial for beginners: conclusions </h2> <p>I hope you learned something new with this tutorial and you'll apply these concepts to your next project! Testing is important!</p> <p>End to end testing shouldn't be hard: Cypress makes it pleasing and enjoyable. The team at Cypress really nailed it.</p> <p>Plus, the documentation is pure gold: <a href="https://docs.cypress.io/guides/overview/why-cypress.html#In-a-nutshell">Cypress Docs</a> are filled up with best practices and examples.</p> <p>Thanks for reading!</p> <p>Originally published on <a href="https://www.valentinog.com/blog/cypress/">my blog</a></p> <h2> Resources </h2> <p>Stefano Magni has a lot of nice testing tips in his <a href="https://github.com/NoriSte/ui-testing-best-practices">UI testing best practices</a>.</p> javascript testing webdev Valentino Gagliardi Thu, 16 Jan 2020 23:35:28 +0000 https://dev.to/valentinogagliardi/asynchronous-tasks-in-django-with-django-q-22ch https://dev.to/valentinogagliardi/asynchronous-tasks-in-django-with-django-q-22ch <p><em>Learn how to use Django Q, the task queue, with the Redis broker for offloading long running tasks in your Django applications.</em></p> <h2> Requirements </h2> <p>To follow along you'll need:</p> <ul> <li>an Heroku account if you want to use their Redis add-on</li> <li>the Heroku CLI installed on your system</li> <li>a newer version of Python, ideally 3.6 or 3.7</li> <li>Git</li> </ul> <p><strong>Deployment on Heroku is optional, and you can use your own Redis instance if you've already got one locally.</strong></p> <h2> Setting up the project </h2> <p>And now let's get to work! To start off we're going to create a new Python virtual environment alongside with a Django installation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir </span>django-q-django <span class="o">&amp;&amp;</span> <span class="nb">cd</span> <span class="nv">$_</span> python3 <span class="nt">-m</span> venv venv <span class="nb">source </span>venv/bin/activate pip <span class="nb">install </span>django </code></pre> </div> <p>Next up we're going to create a <strong>new Django project from a template</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>django-admin startproject <span class="se">\</span> <span class="nt">--template</span> https://github.com/valentinogagliardi/ponee/archive/master.zip <span class="se">\</span> <span class="nt">--name</span><span class="o">=</span>Procfile <span class="se">\</span> <span class="nt">--extension</span><span class="o">=</span>py,example django_q_django <span class="nb">.</span> </code></pre> </div> <p>If you're wondering what I'm doing here, this is a template of mine. I've got a link in the resources with a tutorial for creating your own Django project template.</p> <p>Now let's install the dependencies with pip:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install</span> <span class="nt">-r</span> ./requirements/dev.txt </code></pre> </div> <p>We need also to provide some environment variables for our project:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mv</span> .env.example .env </code></pre> </div> <p>and finally we're going to run Django migrations:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>python manage.py makemigrations python manage.py migrate </code></pre> </div> <p>at this point you should be able to run the development server:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>python manage.py runserver </code></pre> </div> <p>Now before moving to <strong>Django Q let's see what problem is it meant to solve</strong>.</p> <h2> Asynchronous tasks in Django with Django Q: the problem with synchronous code </h2> <p>The main issue for Python and Django is that they're <strong>synchronous</strong>. It's not a bad thing per se, and there are a lot of ways to circumvent it.</p> <p><strong>Python, on which Django builds on, is single threaded by nature</strong>. <strong>Single threaded means that the language interpreter can only run your code in sequence</strong>.</p> <p>The <strong>practical implication is that any view in a Django application can get stuck if one or more operations take too much to complete</strong>.</p> <p>To demonstrate the concept let's create a new Django application inside our project:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>django-admin startapp demo_app </code></pre> </div> <p>In this app we're going to define a view which returns a simple JSON response:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># demo_app/views.py </span> <span class="kn">from</span> <span class="n">django.http</span> <span class="kn">import</span> <span class="n">JsonResponse</span> <span class="k">def</span> <span class="nf">index</span><span class="p">(</span><span class="n">request</span><span class="p">):</span> <span class="n">json_payload</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">message</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Hello world!</span><span class="sh">"</span> <span class="p">}</span> <span class="k">return</span> <span class="nc">JsonResponse</span><span class="p">(</span><span class="n">json_payload</span><span class="p">)</span> </code></pre> </div> <p>And let's also create the corresponding url:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># demo_app/urls.py </span> <span class="kn">from</span> <span class="n">django.urls</span> <span class="kn">import</span> <span class="n">path</span> <span class="kn">from</span> <span class="n">.views</span> <span class="kn">import</span> <span class="n">index</span> <span class="n">urlpatterns</span> <span class="o">=</span> <span class="p">[</span> <span class="nf">path</span><span class="p">(</span><span class="sh">"</span><span class="s">demo-app/</span><span class="sh">"</span><span class="p">,</span> <span class="n">index</span><span class="p">)</span> <span class="p">]</span> </code></pre> </div> <p>Don't forget to wire up the url for the new app:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># django_q_django/urls.py </span> <span class="kn">from</span> <span class="n">django.contrib</span> <span class="kn">import</span> <span class="n">admin</span> <span class="kn">from</span> <span class="n">django.urls</span> <span class="kn">import</span> <span class="n">path</span><span class="p">,</span> <span class="n">include</span> <span class="kn">from</span> <span class="n">.settings.base</span> <span class="kn">import</span> <span class="n">ADMIN_URL</span> <span class="n">urlpatterns</span> <span class="o">=</span> <span class="p">[</span> <span class="nf">path</span><span class="p">(</span><span class="sa">f</span><span class="sh">'</span><span class="si">{</span><span class="n">ADMIN_URL</span><span class="si">}</span><span class="s">/</span><span class="sh">'</span><span class="p">,</span> <span class="n">admin</span><span class="p">.</span><span class="n">site</span><span class="p">.</span><span class="n">urls</span><span class="p">),</span> <span class="c1"># the new url </span> <span class="nf">path</span><span class="p">(</span><span class="sh">""</span><span class="p">,</span> <span class="nf">include</span><span class="p">(</span><span class="sh">"</span><span class="s">demo_app.urls</span><span class="sh">"</span><span class="p">))</span> <span class="p">]</span> </code></pre> </div> <p>And finally activate the app:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># django_q_django/settings/base.py </span> <span class="n">INSTALLED_APPS</span> <span class="o">=</span> <span class="p">[</span> <span class="c1"># omitted for brevity </span> <span class="sh">'</span><span class="s">demo_app.apps.DemoAppConfig</span><span class="sh">'</span> <span class="p">]</span> </code></pre> </div> <p>Now to <strong>simulate a blocking event in the view</strong> we're going to use <strong>sleep from the time module, part of the Python standard library</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">django.http</span> <span class="kn">import</span> <span class="n">JsonResponse</span> <span class="kn">from</span> <span class="n">time</span> <span class="kn">import</span> <span class="n">sleep</span> <span class="k">def</span> <span class="nf">index</span><span class="p">(</span><span class="n">request</span><span class="p">):</span> <span class="n">json_payload</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">message</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Hello world!</span><span class="sh">"</span> <span class="p">}</span> <span class="nf">sleep</span><span class="p">(</span><span class="mi">10</span><span class="p">)</span> <span class="k">return</span> <span class="nc">JsonResponse</span><span class="p">(</span><span class="n">json_payload</span><span class="p">)</span> </code></pre> </div> <p>Run the development server, head over <a href="http://127.0.0.1:8000/demo-app/" rel="noopener noreferrer">http://127.0.0.1:8000/demo-app/</a> and you can see the <strong>view hanging for 10 seconds before returning to the user</strong>.</p> <p>Now, this is a delay created on purpose, but <strong>in a real application the block could happen for a number of reasons</strong>:</p> <ul> <li>I/O operations taking too long</li> <li>network delay</li> <li>interactions with the file system</li> </ul> <p>Even if it's a contrived example you can see why <strong>it's crucial to offload long running tasks in a web application</strong>.</p> <p><strong>Django Q</strong> was born with this goal in mind. In the next sections we'll finally put our hands on it.</p> <h2> Wait, how about asynchronous Django? </h2> <p>We're left with a Django project, a Django application, and a <strong>view that remains stuck for 10 seconds</strong>!</p> <p><strong>It's not that Django and Python don't scale</strong>. There are <strong>a number of ways to get around single threading</strong>.</p> <p>For Python there is asyncio. Django instead moved to async only recently, the implementation is in its infancy and still there's <strong>no support for async views</strong>. </p> <p>Things are going to change in the future, I suggest staying tuned on <a href="https://twitter.com/andrewgodwin" rel="noopener noreferrer">Andrew Godwin</a> because it's the lead person for the async story in Django.</p> <p>But <strong>the need for third party queues won't go away anytime soon even when Django will go 100% async</strong>. Still a nice skill to have.</p> <h2> Preparing the Heroku app and the Redis instance </h2> <p>In this section we'll prepare the Heroku project. I'm using Heroku here because you may want to deploy to production later, and also because they offer the <strong>Redis add-on for free</strong>.</p> <p>If you're new to <strong>Redis, it's an in-memory database, can be used as a cache and as a message broker</strong>.</p> <p><strong>A message broker</strong> is more or less like a post office box: it takes messages, holds them in a queue, and folks from around the city can retrieve these messages later.</p> <p>If you're interested in how Django Q uses brokers <a href="https://django-q.readthedocs.io/en/latest/architecture.html" rel="noopener noreferrer">check out this page</a>.</p> <p>Still in the <strong>project folder initialize a Git repo</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git init </code></pre> </div> <p>Then <strong>create a new Heroku app</strong>. I'm going to add two add-ons: </p> <ul> <li>heroku-postgresql which is more robust than the default sqlite for production</li> <li> <strong>heroku-redis</strong> which will give us the Redis instance</li> </ul> <p>If you haven't got the Heroku CLI and an Heroku account go create one, install the CLI and come back later.</p> <p>Otherwise follow along with me and create the app:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>heroku create <span class="nt">--addons</span><span class="o">=</span>heroku-postgresql,heroku-redis </code></pre> </div> <p>Once done give Heroku a couple of minutes and then run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>heroku config:get REDIS_URL </code></pre> </div> <p>This command will reveal <strong>REDIS_URL</strong>, an environment variable with the credentials for the Redis instance.</p> <p>Take note of it and head over the next section!</p> <h2> Asynchronous tasks in Django with Django Q: installing and running Django Q </h2> <p>Let's install Django Q and the Redis client library (the client is needed by the Redis broker for Django Q):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>django-q redis </code></pre> </div> <p>Once done activate Django Q in the list of installed apps:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">INSTALLED_APPS</span> <span class="o">=</span> <span class="p">[</span> <span class="c1"># omit </span> <span class="c1"># add Django Q </span> <span class="sh">'</span><span class="s">django_q</span><span class="sh">'</span> <span class="p">]</span> </code></pre> </div> <p>Now reveal the Redis Heroku credentials:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>heroku config:get REDIS_URL </code></pre> </div> <p>You should see a string like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>redis://h:p948710311f252a334c3b21cabe0bd63f943f68f0824cd41932781e7793c785bf@ec2-52-18-11-1.eu-west-1.compute.amazonaws.com:9059 </code></pre> </div> <p>Before the @ you'll find the password:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>p948710311f252a334c3b21cabe0bd63f943f68f0824cd41932781e7793c785bf </code></pre> </div> <p>After the @ there's the host:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>ec2-52-18-11-1.eu-west-1.compute.amazonaws.com </code></pre> </div> <p>And <strong>9059</strong> is the port. <strong>Note that the credentials will be different for you, don't use mine!</strong></p> <p>(Needless to say, by the time you read this article these credentials will be gone.)</p> <p>Now configure Django Q in <strong>django_q_django/settings/base.py</strong>. Fill host, port, and password with your credentials:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">Q_CLUSTER</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">'</span><span class="s">name</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">django_q_django</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">workers</span><span class="sh">'</span><span class="p">:</span> <span class="mi">8</span><span class="p">,</span> <span class="sh">'</span><span class="s">recycle</span><span class="sh">'</span><span class="p">:</span> <span class="mi">500</span><span class="p">,</span> <span class="sh">'</span><span class="s">timeout</span><span class="sh">'</span><span class="p">:</span> <span class="mi">60</span><span class="p">,</span> <span class="sh">'</span><span class="s">compress</span><span class="sh">'</span><span class="p">:</span> <span class="bp">True</span><span class="p">,</span> <span class="sh">'</span><span class="s">save_limit</span><span class="sh">'</span><span class="p">:</span> <span class="mi">250</span><span class="p">,</span> <span class="sh">'</span><span class="s">queue_limit</span><span class="sh">'</span><span class="p">:</span> <span class="mi">500</span><span class="p">,</span> <span class="sh">'</span><span class="s">cpu_affinity</span><span class="sh">'</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="sh">'</span><span class="s">label</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">Django Q</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">redis</span><span class="sh">'</span><span class="p">:</span> <span class="p">{</span> <span class="sh">'</span><span class="s">host</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">ec2-52-18-11-1.eu-west-1.compute.amazonaws.com</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">port</span><span class="sh">'</span><span class="p">:</span> <span class="mi">9059</span><span class="p">,</span> <span class="sh">'</span><span class="s">password</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">p948710311f252a334c3b21cabe0bd63f943f68f0824cd41932781e7793c785bf</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">db</span><span class="sh">'</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>You might wonder <strong>why I'm not using REDIS_URL as it is</strong>. The reason is that Django Q wants credentials in a dictionary.</p> <p><del>I didn't have time to check if is the Python Redis client imposing this limitation, maybe I'll write a patch for both in the future.</del> It was a limitation of Django Q, <del>hope I'll have time to open a PR</del> <a href="https://github.com/Koed00/django-q/pull/403" rel="noopener noreferrer">I opened a pull request</a> which got merged, and now you can use a Redis url:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">Q_CLUSTER</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">'</span><span class="s">name</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">django_q_django</span><span class="sh">'</span><span class="p">,</span> <span class="c1"># omitted for brevity </span> <span class="sh">'</span><span class="s">label</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">Django Q</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">redis</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">redis://h:asdfqwer1234asdf@ec2-111-1-1-1.compute-1.amazonaws.com:111</span><span class="sh">'</span> <span class="p">}</span> </code></pre> </div> <p>(When <strong>running the project in production you may want to switch to using environment variables</strong>. See the base configuration for learning how to use env).</p> <p>Once you're done run the migrations (Django Q needs to create its tables in the database):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>python manage.py migrate </code></pre> </div> <p>At this point you're ready to <strong>run the Django Q cluster</strong> with:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>python manage.py qcluster </code></pre> </div> <p>If everything goes well you should see this:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2F6jowrdcmvnrhluu8d6ch.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2F6jowrdcmvnrhluu8d6ch.png" alt="Django Q cluster"></a></p> <p>Well done! In the next section we'll create our first <strong>asynchronous task</strong>.</p> <p>What is the Django Q cluster? <a href="https://django-q.readthedocs.io/en/latest/cluster.html" rel="noopener noreferrer">Check this out</a>.</p> <h2> Asynchronous tasks in Django with Django Q: async_task </h2> <p>Worth doing a quick recap of what we covered so far:</p> <ul> <li>we created a Django project</li> <li>we created a Django application</li> <li>we installed Django Q and the Redis client</li> <li>we created an Heroku project and a Redis instance</li> <li>finally we configured Django Q</li> </ul> <p>To test that Django Q could connect to Redis I launched:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>python manage.py qcluster </code></pre> </div> <p>With the project in place let's finally see an <strong>example of Django Q in action</strong>. Remember your view?<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># demo_app/views.py </span> <span class="kn">from</span> <span class="n">django.http</span> <span class="kn">import</span> <span class="n">JsonResponse</span> <span class="kn">from</span> <span class="n">time</span> <span class="kn">import</span> <span class="n">sleep</span> <span class="k">def</span> <span class="nf">index</span><span class="p">(</span><span class="n">request</span><span class="p">):</span> <span class="n">json_payload</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">message</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Hello world!</span><span class="sh">"</span> <span class="p">}</span> <span class="nf">sleep</span><span class="p">(</span><span class="mi">10</span><span class="p">)</span> <span class="k">return</span> <span class="nc">JsonResponse</span><span class="p">(</span><span class="n">json_payload</span><span class="p">)</span> </code></pre> </div> <p>Remove the time import and create a new file in <strong>demo_app/services.py</strong> (the name of this file is totally up to you).</p> <p>In this new module we're going to define a function, sleep_and_print:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># demo_app/services.py </span> <span class="kn">from</span> <span class="n">time</span> <span class="kn">import</span> <span class="n">sleep</span> <span class="k">def</span> <span class="nf">sleep_and_print</span><span class="p">(</span><span class="n">secs</span><span class="p">):</span> <span class="nf">sleep</span><span class="p">(</span><span class="n">secs</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Task ran!</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p>In the view instead we'll borrow <strong>async_task</strong> from Django Q:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">django.http</span> <span class="kn">import</span> <span class="n">JsonResponse</span> <span class="kn">from</span> <span class="n">django_q.tasks</span> <span class="kn">import</span> <span class="n">async_task</span> <span class="k">def</span> <span class="nf">index</span><span class="p">(</span><span class="n">request</span><span class="p">):</span> <span class="n">json_payload</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">message</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">hello world!</span><span class="sh">"</span> <span class="p">}</span> <span class="sh">"""</span><span class="s"> TODO </span><span class="sh">"""</span> <span class="k">return</span> <span class="nc">JsonResponse</span><span class="p">(</span><span class="n">json_payload</span><span class="p">)</span> </code></pre> </div> <p><strong>async_task</strong> is the principal function you'll use with Django Q. It takes at least one argument, the function's module that you want to enqueue:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># example </span> <span class="nf">async_task</span><span class="p">(</span><span class="sh">"</span><span class="s">demo_app.services.sleep_and_print</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p>The second group of arguments instead is any argument that the function is supposed to take. sleep_and_print in our example takes one argument, the seconds to wait before printing. That means for async_task:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># example </span> <span class="nf">async_task</span><span class="p">(</span><span class="sh">"</span><span class="s">demo_app.services.sleep_and_print</span><span class="sh">"</span><span class="p">,</span> <span class="mi">10</span><span class="p">)</span> </code></pre> </div> <p>That's enough to enqueue a task. Let's now mix our <strong>view with async_task</strong>.</p> <h2> Asynchronous tasks in Django with Django Q: enqueue your first task </h2> <p>Back to our view, with async_task imported, call it right after the return statement:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">django.http</span> <span class="kn">import</span> <span class="n">JsonResponse</span> <span class="kn">from</span> <span class="n">django_q.tasks</span> <span class="kn">import</span> <span class="n">async_task</span> <span class="k">def</span> <span class="nf">index</span><span class="p">(</span><span class="n">request</span><span class="p">):</span> <span class="n">json_payload</span> <span class="o">=</span> <span class="p">{</span><span class="sh">"</span><span class="s">message</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">hello world!</span><span class="sh">"</span><span class="p">}</span> <span class="c1"># enqueue the task </span> <span class="nf">async_task</span><span class="p">(</span><span class="sh">"</span><span class="s">demo_app.services.sleep_and_print</span><span class="sh">"</span><span class="p">,</span> <span class="mi">10</span><span class="p">)</span> <span class="c1"># </span> <span class="k">return</span> <span class="nc">JsonResponse</span><span class="p">(</span><span class="n">json_payload</span><span class="p">)</span> </code></pre> </div> <p>Now run the cluster:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>python manage.py qcluster </code></pre> </div> <p>Run the Django server:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>python manage.py runserver </code></pre> </div> <p>And finally <strong>make a call to your view</strong>, either from <a href="http://127.0.0.1:8000/demo-app/" rel="noopener noreferrer">http://127.0.0.1:8000/demo-app/</a> or from the terminal:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl http://127.0.0.1:8000/demo-app/ </code></pre> </div> <p>Now <strong>you should notice a couple of things</strong>. The Django dev server should log:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>13:55:42 [Q] INFO Enqueued 1 </code></pre> </div> <p>The Django Q cluster should log something along these lines:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>13:55:42 [Q] INFO Process-1:1 processing [juliet-mountain-august-alaska] </code></pre> </div> <p>And after that you should see:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Task ran! </code></pre> </div> <p>Here's my terminal:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2F2dmorc28ahr0ixbq69ox.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2F2dmorc28ahr0ixbq69ox.png" alt="Enqueue your first task"></a></p> <p>What happened here is that:</p> <ol> <li>the Django <strong>view responded immediately to the request</strong> </li> <li>Django Q saved the task (just a reference) in Redis</li> <li>Django Q ran the task</li> </ol> <p>With this "architecture" the <strong>view does not remain stuck anymore</strong>. Brilliant.</p> <p>Think about the use cases for this pattern. You can:</p> <ul> <li>safely interact with the I/O</li> <li>crunch data in the background</li> <li>safely move out API calls from your views</li> </ul> <p>and much more.</p> <h2> Asynchronous tasks in Django with Django Q: what's next? </h2> <p>In addition to async_task Django Q has the ability to <strong>schedule</strong> a task. A practical use case is <strong>do X every X days</strong>, much like a cron job. Check the <a href="https://django-q.readthedocs.io/en/latest/schedules.html" rel="noopener noreferrer">documentation to learn more</a>.</p> <p>Django Q supports other brokers in addition to Redis. Again, the docs are your friend.</p> <p>If you don't need other brokers than Redis, <a href="https://github.com/rq/django-rq" rel="noopener noreferrer">django-rq</a> might be a lightweight alternative to Django Q.</p> <h2> Asynchronous tasks in Django with Django Q: why not Celery? </h2> <p>Fun fact: Celery was created by a friend of mine. We were in high school together. Despite that I don't have much experience with Celery itself, but I always heard a lot of people complaining about it.</p> <p>Check <a href="https://github.com/Koed00/django-q/issues/8" rel="noopener noreferrer">this out for a better perspective</a>.</p> <p>Thanks for reading and stay tuned!</p> <h2> Resources </h2> <ul> <li><a href="https://django-q.readthedocs.io/en/latest/" rel="noopener noreferrer">Django Q</a></li> <li><a href="https://redis.io/" rel="noopener noreferrer">Redis</a></li> <li><a href="https://en.wikipedia.org/wiki/Message_broker" rel="noopener noreferrer">What is message broker?</a></li> <li><a href="https://devcenter.heroku.com/articles/background-jobs-queueing" rel="noopener noreferrer">Background Jobs and Queueing</a></li> <li><a href="https://www.valentinog.com/blog/django-project/" rel="noopener noreferrer">How to create a Django project from a template</a></li> </ul> <p>Originally published on <a href="https://www.valentinog.com/blog/django-q/" rel="noopener noreferrer">my blog</a></p> django python webdev redis Valentino Gagliardi Tue, 14 Jan 2020 09:26:15 +0000 https://dev.to/valentinogagliardi/javascript-private-class-fields-and-the-typescript-private-modifier-4go3 https://dev.to/valentinogagliardi/javascript-private-class-fields-and-the-typescript-private-modifier-4go3 <p><em>In this post we'll shed some light on JavaScript private class fields and see how they compare to the TypeScript private modifier.</em></p> <h2> JavaScript private class fields and the need for privacy </h2> <p>Historically <strong>JavaScript had no native mechanism for protecting variables from access</strong>, unless of course, <strong>the quintessential closure</strong>.</p> <p>Closures are the foundation for a lot of private-like patterns in JavaScript like the popular module pattern. But after ECMAScript 2015 classes took over in recent years, developers felt <strong>the need for more control over classes member privacy</strong>.</p> <p>The <strong>class field proposal</strong> (at the time of writing in stage 3) tries to solve the problem with the introduction of <strong>private class fields</strong>. </p> <p>Let's see how they look.</p> <h2> JavaScript private class fields, an example </h2> <p>Here's a JavaScript class with private fields, note that unlike "public" members every <strong>private field must be declared before access</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">class</span> <span class="nx">Person</span> <span class="p">{</span> <span class="err">#</span><span class="nx">age</span><span class="p">;</span> <span class="err">#</span><span class="nx">name</span><span class="p">;</span> <span class="err">#</span><span class="nx">surname</span><span class="p">;</span> <span class="kd">constructor</span><span class="p">(</span><span class="nx">name</span><span class="p">,</span> <span class="nx">surname</span><span class="p">,</span> <span class="nx">age</span><span class="p">)</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="err">#</span><span class="nx">name</span> <span class="o">=</span> <span class="nx">name</span><span class="p">;</span> <span class="k">this</span><span class="p">.</span><span class="err">#</span><span class="nx">surname</span> <span class="o">=</span> <span class="nx">surname</span><span class="p">;</span> <span class="k">this</span><span class="p">.</span><span class="err">#</span><span class="nx">age</span> <span class="o">=</span> <span class="nx">age</span><span class="p">;</span> <span class="p">}</span> <span class="nx">getFullName</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="s2">`</span><span class="p">${</span><span class="k">this</span><span class="p">.</span><span class="err">#</span><span class="nx">name</span><span class="p">}</span><span class="s2"> + </span><span class="p">${</span><span class="k">this</span><span class="p">.</span><span class="err">#</span><span class="nx">surname</span><span class="p">}</span><span class="s2">`</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>Private class fields are not accessible from outside the class</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">class</span> <span class="nx">Person</span> <span class="p">{</span> <span class="err">#</span><span class="nx">age</span><span class="p">;</span> <span class="err">#</span><span class="nx">name</span><span class="p">;</span> <span class="err">#</span><span class="nx">surname</span><span class="p">;</span> <span class="kd">constructor</span><span class="p">(</span><span class="nx">name</span><span class="p">,</span> <span class="nx">surname</span><span class="p">,</span> <span class="nx">age</span><span class="p">)</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="err">#</span><span class="nx">name</span> <span class="o">=</span> <span class="nx">name</span><span class="p">;</span> <span class="k">this</span><span class="p">.</span><span class="err">#</span><span class="nx">surname</span> <span class="o">=</span> <span class="nx">surname</span><span class="p">;</span> <span class="k">this</span><span class="p">.</span><span class="err">#</span><span class="nx">age</span> <span class="o">=</span> <span class="nx">age</span><span class="p">;</span> <span class="p">}</span> <span class="nx">getFullName</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="s2">`</span><span class="p">${</span><span class="k">this</span><span class="p">.</span><span class="err">#</span><span class="nx">name</span><span class="p">}</span><span class="s2"> + </span><span class="p">${</span><span class="k">this</span><span class="p">.</span><span class="err">#</span><span class="nx">surname</span><span class="p">}</span><span class="s2">`</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">marta</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">Person</span><span class="p">(</span><span class="dl">"</span><span class="s2">Marta</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Cantrell</span><span class="dl">"</span><span class="p">,</span> <span class="mi">33</span><span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">marta</span><span class="p">.</span><span class="err">#</span><span class="nx">age</span><span class="p">);</span> <span class="c1">// SyntaxError</span> </code></pre> </div> <p>This is true "privacy". At this point if you now a bit of TypeScript you might ask what "native" private fields have in common with the <strong>private modifier in TypeScript</strong>.</p> <p>Well, the answer is: <strong>nothing</strong>. But why?</p> <h2> The private modifier in TypeScript </h2> <p>The <strong>private modifier in TypeScript</strong> should be familiar to developers coming from more traditional backgrounds. In brief, the keyword is meant to deny class members access from outside the class.</p> <p>But let's not forget, <strong>TypeScript is a layer on top of JavaScript</strong> and the TypeScript compiler is supposed to strip away any fancy TypeScript annotation, including <strong>private</strong>. </p> <p>That means the following class doesn't do what you think it does:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">class</span> <span class="nx">Person</span> <span class="p">{</span> <span class="k">private</span> <span class="nx">age</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="k">private</span> <span class="nx">name</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="k">private</span> <span class="nx">surname</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="kd">constructor</span><span class="p">(</span><span class="nx">name</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">surname</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">age</span><span class="p">:</span> <span class="kr">number</span><span class="p">)</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">name</span> <span class="o">=</span> <span class="nx">name</span><span class="p">;</span> <span class="k">this</span><span class="p">.</span><span class="nx">surname</span> <span class="o">=</span> <span class="nx">surname</span><span class="p">;</span> <span class="k">this</span><span class="p">.</span><span class="nx">age</span> <span class="o">=</span> <span class="nx">age</span><span class="p">;</span> <span class="p">}</span> <span class="nx">getFullName</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="s2">`</span><span class="p">${</span><span class="k">this</span><span class="p">.</span><span class="nx">name</span><span class="p">}</span><span class="s2"> + </span><span class="p">${</span><span class="k">this</span><span class="p">.</span><span class="nx">surname</span><span class="p">}</span><span class="s2">`</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">liz</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">Person</span><span class="p">(</span><span class="dl">"</span><span class="s2">Liz</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Cantrill</span><span class="dl">"</span><span class="p">,</span> <span class="mi">31</span><span class="p">);</span> <span class="c1">// @ts-ignore</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">liz</span><span class="p">.</span><span class="nx">age</span><span class="p">);</span> </code></pre> </div> <p>Without <strong>// @ts-ignore</strong>, accessing liz.age <strong>throws an error only in TypeScript</strong>, yet after the compilation you end up with the following JavaScript code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="dl">"</span><span class="s2">use strict</span><span class="dl">"</span><span class="p">;</span> <span class="kd">var</span> <span class="nx">Person</span> <span class="o">=</span> <span class="cm">/** @class */</span> <span class="p">(</span><span class="kd">function</span> <span class="p">()</span> <span class="p">{</span> <span class="kd">function</span> <span class="nx">Person</span><span class="p">(</span><span class="nx">name</span><span class="p">,</span> <span class="nx">surname</span><span class="p">,</span> <span class="nx">age</span><span class="p">)</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">name</span> <span class="o">=</span> <span class="nx">name</span><span class="p">;</span> <span class="k">this</span><span class="p">.</span><span class="nx">surname</span> <span class="o">=</span> <span class="nx">surname</span><span class="p">;</span> <span class="k">this</span><span class="p">.</span><span class="nx">age</span> <span class="o">=</span> <span class="nx">age</span><span class="p">;</span> <span class="p">}</span> <span class="nx">Person</span><span class="p">.</span><span class="nx">prototype</span><span class="p">.</span><span class="nx">getFullName</span> <span class="o">=</span> <span class="kd">function</span> <span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="k">this</span><span class="p">.</span><span class="nx">name</span> <span class="o">+</span> <span class="dl">"</span><span class="s2"> + </span><span class="dl">"</span> <span class="o">+</span> <span class="k">this</span><span class="p">.</span><span class="nx">surname</span><span class="p">;</span> <span class="p">};</span> <span class="k">return</span> <span class="nx">Person</span><span class="p">;</span> <span class="p">}());</span> <span class="kd">var</span> <span class="nx">liz</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">Person</span><span class="p">(</span><span class="dl">"</span><span class="s2">Liz</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Cantrill</span><span class="dl">"</span><span class="p">,</span> <span class="mi">31</span><span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">liz</span><span class="p">.</span><span class="nx">age</span><span class="p">);</span> <span class="c1">// 31</span> </code></pre> </div> <p>As expected we're free to print liz.age. <strong>The main take here is that private in TypeScript is not so private</strong>, and it feels convenient only at the TypeScript level, not for "real privacy".</p> <p>And now let's get to the point: <strong>"native" private class fields in TypeScript</strong>.</p> <h2> Private class fields in TypeScript </h2> <p><strong>TypeScript 3.8 will support ECMAScript private fields</strong>, not to be confused with the <strong>TypeScript private modifier</strong>.</p> <p>Here's a class with private class fields in TypeScript:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">class</span> <span class="nx">Person</span> <span class="p">{</span> <span class="err">#</span><span class="nx">age</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="err">#</span><span class="nx">name</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="err">#</span><span class="nx">surname</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="kd">constructor</span><span class="p">(</span><span class="nx">name</span><span class="p">:</span><span class="kr">string</span><span class="p">,</span> <span class="nx">surname</span><span class="p">:</span><span class="kr">string</span><span class="p">,</span> <span class="nx">age</span><span class="p">:</span><span class="kr">number</span><span class="p">)</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="err">#</span><span class="nx">name</span> <span class="o">=</span> <span class="nx">name</span><span class="p">;</span> <span class="k">this</span><span class="p">.</span><span class="err">#</span><span class="nx">surname</span> <span class="o">=</span> <span class="nx">surname</span><span class="p">;</span> <span class="k">this</span><span class="p">.</span><span class="err">#</span><span class="nx">age</span> <span class="o">=</span> <span class="nx">age</span><span class="p">;</span> <span class="p">}</span> <span class="nx">getFullName</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="s2">`</span><span class="p">${</span><span class="k">this</span><span class="p">.</span><span class="err">#</span><span class="nx">name</span><span class="p">}</span><span class="s2"> + </span><span class="p">${</span><span class="k">this</span><span class="p">.</span><span class="err">#</span><span class="nx">surname</span><span class="p">}</span><span class="s2">`</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Not so different from vanilla JavaScript, besides type annotations. Members cannot be accessed from the outside. But the <strong>real problem with private fields in TypeScript is that they use WeakMap</strong> under the hood. </p> <p>To compile this code we need to adjust the target compilation version in tsconfig.json, which must be at least <strong>ECMAScript 2015</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"compilerOptions"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"target"</span><span class="p">:</span><span class="w"> </span><span class="s2">"es2015"</span><span class="p">,</span><span class="w"> </span><span class="nl">"strict"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"lib"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"dom"</span><span class="p">,</span><span class="s2">"es2015"</span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>This could be a problem depending on the target browser, unless you intend to ship a <strong>polyfill for WeakMap, which at that point becomes too much work if it's just for the sake of writing fancy new syntax</strong>.</p> <p>There is always this tension in JavaScript, where you really want to use the new syntax, but on the other hand you don't want to let the UX down with a gazillion polyfills.</p> <p>On the flip side I don't think you should worry too much about private class fields, even if you want to ship to newer browsers. At least for now. The <strong><a href="https://caniuse.com/#search=private%20class">support for private fields is almost non-existent</a></strong>. Not even Firefox has implemented the proposal.</p> <p>Let's see what the future holds.</p> <h2> Conclusions </h2> <p>Still a proposal at the time of writing, <a href="https://github.com/tc39/proposal-class-fields">JavaScript class fields</a> are interesting, but the support among browser vendors is poor. <strong>What's your take on this feature</strong>?</p> <p>Here's mine:</p> <ul> <li>I like ES private class fields (though I dislike the #)</li> <li>I <strong>never relied to much on private in TypeScript</strong>, useful only at the TS level</li> <li>I'll wait until private class fields land in browsers</li> <li>I wouldn't use private class fields in TS today</li> </ul> <p>To learn more about <a href="https://www.typescriptlang.org/docs/handbook/classes.html">TypeScript classes check this out</a>. </p> <p>The <a href="https://devblogs.microsoft.com/typescript/announcing-typescript-3-8-beta/#ecmascript-private-fields">official announcement for TypeScript 3.8 private fields</a>.</p> javascript typescript webdev Valentino Gagliardi Tue, 14 Jan 2020 08:29:14 +0000 https://dev.to/valentinogagliardi/video-asynchronous-tasks-in-django-with-django-q-part-3-1knf https://dev.to/valentinogagliardi/video-asynchronous-tasks-in-django-with-django-q-part-3-1knf <p><strong>Django Q</strong> is a scheduler and a task queue for Django. In this series you'll learn how to use Django Q in your Django applications for queuing long-running tasks.</p> <p>In this episode:</p> <ul> <li>hands on Django Q</li> <li>using async_task</li> </ul> <p>Enjoy!</p> <p><iframe width="710" height="399" src="https://www.youtube.com/embed/DplCLxOEdyQ"> </iframe> </p> django python webdev redis Valentino Gagliardi Fri, 10 Jan 2020 09:31:38 +0000 https://dev.to/valentinogagliardi/formdata-the-new-formdata-event-and-html-forms-ble https://dev.to/valentinogagliardi/formdata-the-new-formdata-event-and-html-forms-ble <p>Have you heard about the new formdata event? It's just a new DOM event, but every new addition to the web platform makes me always excited.</p> <h2> What is FormData? </h2> <p>Let's clarify <strong>what is FormData</strong> before getting into more detail. For those new to web development, <strong>HTML forms are able to <a href="https://www.valentinog.com/blog/event/" rel="noopener noreferrer">emit events</a></strong>. This is a feature of almost any HTML element.</p> <p>Consider the following form:</p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code> <span class="cp">&lt;!DOCTYPE html&gt;</span> <span class="nt">&lt;html</span> <span class="na">lang=</span><span class="s">"en"</span><span class="nt">&gt;</span> <span class="nt">&lt;head&gt;</span> <span class="nt">&lt;meta</span> <span class="na">charset=</span><span class="s">"UTF-8"</span><span class="nt">&gt;</span> <span class="nt">&lt;title&gt;</span>HTML forms and JavaScript<span class="nt">&lt;/title&gt;</span> <span class="nt">&lt;/head&gt;</span> <span class="nt">&lt;body&gt;</span> <span class="nt">&lt;form&gt;</span> <span class="nt">&lt;label</span> <span class="na">for=</span><span class="s">"name"</span><span class="nt">&gt;</span>Name<span class="nt">&lt;/label&gt;</span> <span class="nt">&lt;input</span> <span class="na">type=</span><span class="s">"text"</span> <span class="na">id=</span><span class="s">"name"</span> <span class="na">name=</span><span class="s">"name"</span> <span class="na">required</span><span class="nt">&gt;</span> <span class="nt">&lt;label</span> <span class="na">for=</span><span class="s">"description"</span><span class="nt">&gt;</span>Short description<span class="nt">&lt;/label&gt;</span> <span class="nt">&lt;input</span> <span class="na">type=</span><span class="s">"text"</span> <span class="na">id=</span><span class="s">"description"</span> <span class="na">name=</span><span class="s">"description"</span> <span class="na">required</span><span class="nt">&gt;</span> <span class="nt">&lt;label</span> <span class="na">for=</span><span class="s">"task"</span><span class="nt">&gt;</span>Task<span class="nt">&lt;/label&gt;</span> <span class="nt">&lt;textarea</span> <span class="na">id=</span><span class="s">"task"</span> <span class="na">name=</span><span class="s">"task"</span> <span class="na">required</span><span class="nt">&gt;&lt;/textarea&gt;</span> <span class="nt">&lt;button</span> <span class="na">type=</span><span class="s">"submit"</span><span class="nt">&gt;</span>Submit<span class="nt">&lt;/button&gt;</span> <span class="nt">&lt;/form&gt;</span> <span class="nt">&lt;/body&gt;</span> <span class="nt">&lt;script </span><span class="na">src=</span><span class="s">"form.js"</span><span class="nt">&gt;&lt;/script&gt;</span> <span class="nt">&lt;/html&gt;</span> </code></pre> </div> <p>To follow along you can create an HTML file, copy over my example. When the <strong>form is submitted</strong>, that is, when the user fills the fields and clicks the "Submit" button, an event named <strong>submit</strong> is dispatched.</p> <p>That means we can <strong>listen to the submit event with an event listener</strong>:</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="c1">// form.js</span> <span class="kd">const</span> <span class="nx">form</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nx">forms</span><span class="p">[</span><span class="mi">0</span><span class="p">];</span> <span class="nx">form</span><span class="p">.</span><span class="nf">addEventListener</span><span class="p">(</span><span class="dl">"</span><span class="s2">submit</span><span class="dl">"</span><span class="p">,</span> <span class="kd">function</span><span class="p">(</span><span class="nx">event</span><span class="p">)</span> <span class="p">{</span> <span class="nx">event</span><span class="p">.</span><span class="nf">preventDefault</span><span class="p">();</span> <span class="p">});</span> </code></pre> </div> <p>Calling preventDefault() prevents a page refresh, convenient when you don't want to send the form fields on the backend.</p> <p>Now, there are a couple ways to get the actual data from the form. You could inspect <strong>event.target.elements</strong> which in this case yields all the form elements.</p> <p>Or <strong>even better</strong> you can use <strong>FormData</strong>, a DOM interface, as a constructor. It needs the form as an argument:</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="kd">const</span> <span class="nx">form</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nx">forms</span><span class="p">[</span><span class="mi">0</span><span class="p">];</span> <span class="nx">form</span><span class="p">.</span><span class="nf">addEventListener</span><span class="p">(</span><span class="dl">"</span><span class="s2">submit</span><span class="dl">"</span><span class="p">,</span> <span class="kd">function</span><span class="p">(</span><span class="nx">event</span><span class="p">)</span> <span class="p">{</span> <span class="nx">event</span><span class="p">.</span><span class="nf">preventDefault</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">FormData</span><span class="p">(</span><span class="nx">form</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>From now on you can do all sort of things on the FormData object. More on this later. Now let's <strong>explore the formdata event</strong>.</p> <h2> Getting to know the formdata event </h2> <p>The <strong>formdata event</strong> is a newer, nice addition to the web platform. As a boost to FormData <strong>the event is fired any time you call new FormData()</strong>. Now consider the following example:</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="kd">const</span> <span class="nx">form</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nx">forms</span><span class="p">[</span><span class="mi">0</span><span class="p">];</span> <span class="nx">form</span><span class="p">.</span><span class="nf">addEventListener</span><span class="p">(</span><span class="dl">"</span><span class="s2">submit</span><span class="dl">"</span><span class="p">,</span> <span class="kd">function</span><span class="p">(</span><span class="nx">event</span><span class="p">)</span> <span class="p">{</span> <span class="nx">event</span><span class="p">.</span><span class="nf">preventDefault</span><span class="p">();</span> <span class="k">new</span> <span class="nc">FormData</span><span class="p">(</span><span class="nx">form</span><span class="p">);</span> <span class="p">});</span> <span class="nx">form</span><span class="p">.</span><span class="nf">addEventListener</span><span class="p">(</span><span class="dl">"</span><span class="s2">formdata</span><span class="dl">"</span><span class="p">,</span> <span class="nx">event</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// event.formData grabs the object</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">event</span><span class="p">.</span><span class="nx">formData</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>In the <strong>first event listener</strong> we build a new FormData from the form. This time there's no need to save the result in a variable.</p> <p>In response to this call the <strong>new object fires up the formdata event</strong>, on which we register another listener.</p> <p>In this <strong>second listener we can grab the actual data from event.formData</strong>. </p> <p><strong>This pattern helps decoupling the first event listeners from any other callback that was supposed to handle the actual form data</strong> (making API calls and stuff). </p> <p>In the next section we'll see <strong>how to get data from a FormData object</strong>.</p> <h2> Grabbing data from a FormData object </h2> <p>If you want to snitch into a FormData object visit the example HTML form in a browser and place a breakpoint on <strong>console.log(event.formData)</strong>.</p> <p>Fill and submit the form with the browser's console opened and save the object as a global variable:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2F7qy02kyz38lsmi6gjace.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2F7qy02kyz38lsmi6gjace.png" alt="formData"></a></p> <p>You should be able to access the object (temp1) in Chrome:</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">temp1</span><span class="p">)</span> <span class="c1">// FormData {append: ƒ, delete: ƒ, get: ƒ, getAll: ƒ, has: ƒ, …}</span> </code></pre> </div> <p>As you can see it has a bunch of methods. To extract an <strong>array of values</strong> run:</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="kd">const</span> <span class="nx">values</span> <span class="o">=</span> <span class="p">[...</span><span class="nx">temp1</span><span class="p">.</span><span class="nf">values</span><span class="p">()]</span> <span class="c1">// sample output</span> <span class="c1">// ["Liz", "Trip to London", "Trip to London"]</span> </code></pre> </div> <p>To extract an array of entries run:</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="kd">const</span> <span class="nx">entries</span> <span class="o">=</span> <span class="p">[...</span><span class="nx">temp1</span><span class="p">.</span><span class="nf">entries</span><span class="p">()]</span> </code></pre> </div> <p>In our example we can get all the data in various shapes from the FormData object:</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="kd">const</span> <span class="nx">form</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nx">forms</span><span class="p">[</span><span class="mi">0</span><span class="p">];</span> <span class="nx">form</span><span class="p">.</span><span class="nf">addEventListener</span><span class="p">(</span><span class="dl">"</span><span class="s2">submit</span><span class="dl">"</span><span class="p">,</span> <span class="kd">function</span><span class="p">(</span><span class="nx">event</span><span class="p">)</span> <span class="p">{</span> <span class="nx">event</span><span class="p">.</span><span class="nf">preventDefault</span><span class="p">();</span> <span class="k">new</span> <span class="nc">FormData</span><span class="p">(</span><span class="nx">form</span><span class="p">);</span> <span class="p">});</span> <span class="nx">form</span><span class="p">.</span><span class="nf">addEventListener</span><span class="p">(</span><span class="dl">"</span><span class="s2">formdata</span><span class="dl">"</span><span class="p">,</span> <span class="nx">event</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="nx">event</span><span class="p">.</span><span class="nx">formData</span><span class="p">;</span> <span class="c1">// get the data</span> <span class="kd">const</span> <span class="nx">entries</span> <span class="o">=</span> <span class="p">[...</span><span class="nx">data</span><span class="p">.</span><span class="nf">entries</span><span class="p">()];</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">entries</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">values</span> <span class="o">=</span> <span class="p">[...</span><span class="nx">data</span><span class="p">.</span><span class="nf">values</span><span class="p">()];</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">values</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>A word of warning: <strong>FormData relies on form fields name attributes</strong> to build the mapping between fields and values. That means the following elements won't yield anything:</p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code> <span class="c">&lt;!-- bad --&gt;</span> <span class="nt">&lt;input</span> <span class="na">type=</span><span class="s">"text"</span> <span class="na">id=</span><span class="s">"name"</span> <span class="na">required</span><span class="nt">&gt;</span> <span class="nt">&lt;input</span> <span class="na">type=</span><span class="s">"text"</span> <span class="na">id=</span><span class="s">"description"</span> <span class="na">required</span><span class="nt">&gt;</span> </code></pre> </div> <p>Always provide a name for your fields:</p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code> <span class="c">&lt;!-- good --&gt;</span> <span class="nt">&lt;input</span> <span class="na">type=</span><span class="s">"text"</span> <span class="na">id=</span><span class="s">"name"</span> <span class="na">name=</span><span class="s">"name"</span> <span class="na">required</span><span class="nt">&gt;</span> <span class="nt">&lt;input</span> <span class="na">type=</span><span class="s">"text"</span> <span class="na">id=</span><span class="s">"description"</span> <span class="na">name=</span><span class="s">"description"</span> <span class="na">required</span><span class="nt">&gt;</span> </code></pre> </div> <h2> Adding data to a FormData object </h2> <p>It's common practice to have hidden inputs in HTML forms for saving additional data in the submission phase:</p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code> <span class="c">&lt;!-- no more hidden fields --&gt;</span> <span class="nt">&lt;input</span> <span class="na">type=</span><span class="s">"hidden"</span> <span class="na">id=</span><span class="s">"someInfo"</span> <span class="na">name=</span><span class="s">"someSecretInfo"</span> <span class="na">value=</span><span class="s">"someSecreteInfo"</span><span class="nt">&gt;</span> </code></pre> </div> <p>Hidden inputs don't show up in the rendered HTML (but are still accessible from the developer console).</p> <p>In addition to reading form fields from a FormData object, it's also possible to <strong>add new key/value pair</strong> with append:</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="c1">// omitted for brevity</span> <span class="nx">form</span><span class="p">.</span><span class="nf">addEventListener</span><span class="p">(</span><span class="dl">"</span><span class="s2">formdata</span><span class="dl">"</span><span class="p">,</span> <span class="nx">event</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="nx">event</span><span class="p">.</span><span class="nx">formData</span><span class="p">;</span> <span class="c1">// append more fields</span> <span class="nx">data</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="dl">"</span><span class="s2">anHiddenKeyA</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">anHiddenValueA</span><span class="dl">"</span><span class="p">);</span> <span class="nx">data</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="dl">"</span><span class="s2">anHiddenKeyB</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">anHiddenValueB</span><span class="dl">"</span><span class="p">);</span> <span class="c1">// get the data</span> <span class="kd">const</span> <span class="nx">entries</span> <span class="o">=</span> <span class="p">[...</span><span class="nx">data</span><span class="p">.</span><span class="nf">entries</span><span class="p">()];</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">entries</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">values</span> <span class="o">=</span> <span class="p">[...</span><span class="nx">data</span><span class="p">.</span><span class="nf">values</span><span class="p">()];</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">values</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>This is convenient for <strong>avoiding hidden input fields in HTML forms</strong>. </p> <p>Being a newer addition to the platform <strong>the formdata event is not available in older browsers</strong>, use it with caution.</p> <p>Thanks for reading and stay tuned for more!</p> <h2> Resources </h2> <p><a href="https://developer.mozilla.org/en-US/docs/Web/API/FormData/Using_FormData_Objects" rel="noopener noreferrer">FormData objects on MDN</a></p> javascript html webdev