Show HN: Lint for HTTP (opens in new tab)

I wonder how hard it'd be to add support for SAZ files? [1]

As a Windows web dev, Fiddler [2] is pretty much invaluable, especially if I'm dealing with black-box services (I'm looking at you, Cisco).

1: http://fiddler.wikidot.com/saz-files

2: http://www.telerik.com/fiddler

This is great.

I'm curious to know if anyone has tested it against popular web frameworks yet?

This is beautiful! I need integrate this into our pre-production environments like yesterday! I have long wanted something like this; some of our internal APIs abuse HTTP response codes and one of our mobile app sends an invalid User-Agent string. Pointing folks at the relevant standards passages and trying to explain what they're doing wrong, and why it affects other real-world applications seems to get acknowledgement, but often no change because by the time we've caught it, it is out in the wild.

The report format is beautiful too — I love that hovering highlights the relevant portions of the request, and thank you for the explain link; I loathe linters that offer no rationale.

Also, I love that the example taught me something too; I did not know some of these.

Also, very interesting that one of your examples is the Pragma header. I did not know that it was defined for requests only (and your explain link explains its rationale clearly enough that I now agree with it). I just implemented an OAuth client, and that standard requires it on responses:

> The authorization server MUST include the HTTP "Cache-Control" response header field [RFC2616] with a value of "no-store" in any response containing tokens, credentials, or other sensitive information, as well as the "Pragma" response header field [RFC2616] with a value of "no-cache".

The very RFC it cites even notes that this is unspecified!

The inclusion of the explanations is fantastic. This is a wonderful tool, and a very useful one.

Spectacular project - nice work.