Back to Details

urlsession-code-review

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

URLSession Code Review

URLSession 代码评审

Quick Reference

快速参考

TopicReference
Async/Awaitasync-networking.md
Requestsrequest-building.md
Errorserror-handling.md
Cachingcaching.md
主题参考链接
Async/Awaitasync-networking.md
请求构建request-building.md
错误处理error-handling.md
缓存caching.md

Review Checklist

评审检查清单

Response Validation

响应验证

  • HTTP status codes validated - URLSession does NOT throw on 404/500
  • Response cast to HTTPURLResponse before checking status
  • Both transport errors (URLError) and HTTP errors handled
  • 验证HTTP状态码 - URLSession不会在404/500时抛出错误
  • 在检查状态前将响应转换为HTTPURLResponse
  • 同时处理传输错误(URLError)和HTTP错误

Memory & Resources

内存与资源

  • Downloaded files moved/deleted (async API doesn't auto-delete)
  • Sessions with delegates call 
    finishTasksAndInvalidate()
  • Long-running tasks use 
    [weak self]
  • Stored Task references cancelled when appropriate
  • 已移动/删除下载的文件(异步API不会自动删除)
  • 使用代理的会话调用
    finishTasksAndInvalidate()
  • 长时间运行的任务使用
    [weak self]
  • 在合适的时机取消已存储的Task引用

Configuration

配置

  • timeoutIntervalForResource
    set (default is 7 days!)
  • URLCache sized adequately (default 512KB too small)
  • Sessions reused for connection pooling
  • 设置了
    timeoutIntervalForResource
    (默认值是7天!)
  • URLCache的大小设置合理(默认512KB太小)
  • 会话被复用以实现连接池

Background Sessions

后台会话

  • Unique identifier (especially with app extensions)
  • File-based uploads (not data-based)
  • Delegate methods used (not completion handlers)
  • 唯一标识符(尤其在使用App扩展时)
  • 基于文件的上传(而非基于数据)
  • 使用代理方法(而非完成处理程序)

Security

安全性

  • No hardcoded secrets (use Keychain)
  • Header values sanitized for CRLF injection
  • Query params via URLComponents (not string concat)
  • 没有硬编码的密钥(使用Keychain)
  • 对Header值进行清理以防止CRLF注入
  • 通过URLComponents设置查询参数(而非字符串拼接)

Output Format

输出格式

markdown
undefined
markdown
undefined

Critical

Critical

  1. [FILE:LINE] Missing HTTP status validation
    • Issue: 404/500 responses not treated as errors
    • Fix: Check 
      httpResponse.statusCode
      is 200-299
undefined
  1. [FILE:LINE] Missing HTTP status validation
    • Issue: 404/500 responses not treated as errors
    • Fix: Check 
      httpResponse.statusCode
      is 200-299
undefined