This site uses cookies for analytics. By continuing to browse this site, you agree to this use.
A JS Foundation Project

Avoid HTTP redirects in requests

Avoid HTTP redirects in requests (@sonarwhal/rule-no-http-redirects)

no-http-redirects checks if there are any HTTP redirects in the page sonarwhal is analyzing.

Why is this important?

Consider the following simplified desription of what happens when a user requests a URL within a browser:

  1. DNS Lookup: Translate the server domain to an IP. If the browser doesn’t know it, it asks a DNS server which in some cases involves multiple queries until the final IP is obtained.
  2. Open a TCP connection to the server IP address requesting the URL.
  3. The server responds to that request by sending some content over the TCP connection. If the resource uses SSL, then TLS negotation(s) happens as well.

When a redirect occurs, 3. contains the new URL the browser needs to request, repeating the whole sequence of steps. DNS Lookup isn’t cheap, neither is creating a TCP connection. The impact of redirects is felt even more by mobile users, where the network latency is usually higher. As a rule of thumb, the more you can avoid redirects the better.

What does the rule check?

This rule checks:

  • If the target URL passed to sonarwhal has any redirect. E.g.: http://www.example.com --> http://example.com
  • If any resource in the page has any redirect. E.g.: http://example.com/script.js --> https://example.com/script.js

and alerts if at least one is found.

Examples that trigger the rule

  • Any URL passed to sonarwhal that redirects to another one
  • Any page with a resource (script, css, image) behind a redirect

Examples that pass the rule

  • No redirect for resources nor the target URL.

Can the rule be configured?

By default no redirects are allowed but you can change this behavior.

The following rule configuration used in the .sonarwhalrc file will allow 3 redirects for resources and 1 for the main URL:

{
"connector": {...},
"formatters": [...],
"rules": {
"no-http-redirects": ["error", {
"max-resource-redirects": 3,
"max-html-redirects": 1
}],
...
},
...
}

How to use this rule?

To use it you will have to install it via npm:

npm install @sonarwhal/rule-no-http-redirects

Note: You can make npm install it as a devDependency using the --save-dev parameter, or to install it globally, you can use the -g parameter. For other options see npm's documentation.

And then activate it via the .sonarwhalrc configuration file:

{
"connector": {...},
"formatters": [...],
"parsers": [...],
"rules": {
"no-http-redirects": "error"
},
...
}

Further Reading