Skip to content

Consider relaxing wildcard validation strictness in WildcardListHeader for parsing #160

New issue
New issue
Open
Open
Consider relaxing wildcard validation strictness in WildcardListHeader for parsing#160
Labels
area: headersIssues related to headers.enhancementNew feature or request
Milestone
Post 1.0 Release
@coderabbitai

Description

@coderabbitai
coderabbitai
bot
opened on Sep 9, 2025

Problem

The current WildcardListHeader<T> implementation strictly rejects mixing * with other values during both parsing and generation:

if (splitValues.length > 1 && splitValues.contains('*')) {
  throw const FormatException('Wildcard (*) cannot be used with other values');
}

While this prevents semantically meaningless combinations (e.g., Access-Control-Allow-Headers: *, Content-Type), it may be too strict for parsing headers from external sources.

Design Tension

Generation: We want to prevent creating semantically contradictory headers
Parsing: We want to handle syntactically valid but semantically questionable input gracefully

This follows the "be liberal in what you accept, conservative in what you send" principle.

Potential Solutions

  1. Separate validation paths: Allow mixed wildcards during parsing but prevent them during construction
  2. Parse permissively, expose conservatively: Parse everything but provide methods to detect/handle semantic issues
  3. Configuration-based: Make wildcard strictness configurable per header type
  4. Current approach: Stay strict on both sides (status quo)

Context

Discussion originated in PR #159 regarding the base class design for wildcard-enabled headers.

Backlinks:

Metadata

Metadata

Assignees

No one assigned

    Labels

    area: headersIssues related to headers.enhancementNew feature or request

    Type

    No type

    Projects

    Serverpod Frameworks

    Status

    Backlog 🗂️

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions