URLSession Code Review
Quick Reference
request-building.md |
| Errors |
error-handling.md |
| Caching |
caching.md |
Review Checklist
Response Validation
- - [ ] HTTP status codes validated - URLSession does NOT throw on 404/500
- [ ] Response cast to HTTPURLResponse before checking status
- [ ] Both transport errors (URLError) and HTTP errors handled
Memory & Resources
- - [ ] Downloaded files moved/deleted (async API doesn't auto-delete)
- [ ] Sessions with delegates call �INLINECODE0
- [ ] Long-running tasks use �INLINECODE1
- [ ] Stored Task references cancelled when appropriate
Configuration
- - [ ]
timeoutIntervalForResource set (default is 7 days!) - [ ] URLCache sized adequately (default 512KB too small)
- [ ] Sessions reused for connection pooling
Background Sessions
- - [ ] Unique identifier (especially with app extensions)
- [ ] File-based uploads (not data-based)
- [ ] Delegate methods used (not completion handlers)
Security
- - [ ] No hardcoded secrets (use Keychain)
- [ ] Header values sanitized for CRLF injection
- [ ] Query params via URLComponents (not string concat)
Output Format
CODEBLOCK0
URLSession 代码审查
快速参考
request-building.md |
| 错误 |
error-handling.md |
| 缓存 |
caching.md |
审查清单
响应验证
- - [ ] HTTP状态码已验证 - URLSession 不会在 404/500 时抛出异常
- [ ] 在检查状态前将响应转换为 HTTPURLResponse
- [ ] 同时处理传输错误(URLError)和 HTTP 错误
内存与资源
- - [ ] 下载的文件已移动/删除(异步 API 不会自动删除)
- [ ] 带有委托的会话调用 finishTasksAndInvalidate()
- [ ] 长时间运行的任务使用 [weak self]
- [ ] 存储的任务引用在适当时取消
配置
- - [ ] 设置了 timeoutIntervalForResource(默认值为 7 天!)
- [ ] URLCache 大小设置适当(默认 512KB 太小)
- [ ] 会话被重用以实现连接池
后台会话
- - [ ] 唯一标识符(特别是使用应用扩展时)
- [ ] 基于文件的上传(而非基于数据)
- [ ] 使用委托方法(而非完成处理程序)
安全
- - [ ] 没有硬编码的密钥(使用钥匙串)
- [ ] 对头部值进行清理以防止 CRLF 注入
- [ ] 通过 URLComponents 设置查询参数(而非字符串拼接)
输出格式
markdown
关键问题
- 1. [FILE:LINE] 缺少 HTTP 状态验证
- 问题:404/500 响应未被视为错误
- 修复:检查 httpResponse.statusCode 是否为 200-299
