fetch: implement whatwg/fetch#1544

KhafraDev · Nov 21, 2022 · 6532881 · 6532881
1 parent 80700c6
commit 6532881
Showing 1 changed file with 18 additions and 9 deletions.
diff --git a/lib/fetch/index.js b/lib/fetch/index.js
@@ -1135,12 +1135,12 @@ async function httpRedirectFetch (fetchParams, response) {
     return makeNetworkError('URL scheme must be a HTTP(S) scheme')
   }
 
-  // 7. If request’s redirect count is twenty, return a network error.
+  // 7. If request’s redirect count is 20, then return a network error.
   if (request.redirectCount === 20) {
     return makeNetworkError('redirect count exceeded')
   }
 
-  // 8. Increase request’s redirect count by one.
+  // 8. Increase request’s redirect count by 1.
   request.redirectCount += 1
 
   // 9. If request’s mode is "cors", locationURL includes credentials, and
@@ -1195,36 +1195,45 @@ async function httpRedirectFetch (fetchParams, response) {
     }
   }
 
-  // 13. If request’s body is non-null, then set request’s body to the first return
+  // 13. If request’s current URL’s origin is not same origin with locationURL’s
+  //     origin, then for each headerName of CORS non-wildcard request-header name,
+  //     delete headerName from request’s header list.
+  if (!sameOrigin(requestCurrentURL(request), locationURL)) {
+    // TODO: update url
+    // https://whatpr.org/fetch/1544/3cafbdf...eaa1d3b.html#cors-non-wildcard-request-header-name
+    request.headersList.delete('authorization')
+  }
+
+  // 14. If request’s body is non-null, then set request’s body to the first return
   // value of safely extracting request’s body’s source.
   if (request.body != null) {
     assert(request.body.source)
     request.body = safelyExtractBody(request.body.source)[0]
   }
 
-  // 14. Let timingInfo be fetchParams’s timing info.
+  // 15. Let timingInfo be fetchParams’s timing info.
   const timingInfo = fetchParams.timingInfo
 
-  // 15. Set timingInfo’s redirect end time and post-redirect start time to the
+  // 16. Set timingInfo’s redirect end time and post-redirect start time to the
   // coarsened shared current time given fetchParams’s cross-origin isolated
   // capability.
   timingInfo.redirectEndTime = timingInfo.postRedirectStartTime =
     coarsenedSharedCurrentTime(fetchParams.crossOriginIsolatedCapability)
 
-  // 16. If timingInfo’s redirect start time is 0, then set timingInfo’s
+  // 17. If timingInfo’s redirect start time is 0, then set timingInfo’s
   //  redirect start time to timingInfo’s start time.
   if (timingInfo.redirectStartTime === 0) {
     timingInfo.redirectStartTime = timingInfo.startTime
   }
 
-  // 17. Append locationURL to request’s URL list.
+  // 18. Append locationURL to request’s URL list.
   request.urlList.push(locationURL)
 
-  // 18. Invoke set request’s referrer policy on redirect on request and
+  // 19. Invoke set request’s referrer policy on redirect on request and
   // actualResponse.
   setRequestReferrerPolicyOnRedirect(request, actualResponse)
 
-  // 19. Return the result of running main fetch given fetchParams and true.
+  // 20. Return the result of running main fetch given fetchParams and true.
   return mainFetch(fetchParams, true)
 }