From 6532881dcae7324d7020802c7880a428bb09e8b3 Mon Sep 17 00:00:00 2001 From: Khafra <42794878+KhafraDev@users.noreply.github.com> Date: Mon, 21 Nov 2022 15:04:48 -0500 Subject: [PATCH] fetch: implement https://github.com/whatwg/fetch/pull/1544 --- lib/fetch/index.js | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/lib/fetch/index.js b/lib/fetch/index.js index 94f2d1e0aca..8a125327f05 100644 --- a/lib/fetch/index.js +++ b/lib/fetch/index.js @@ -1135,12 +1135,12 @@ async function httpRedirectFetch (fetchParams, response) { return makeNetworkError('URL scheme must be a HTTP(S) scheme') } - // 7. If request’s redirect count is twenty, return a network error. + // 7. If request’s redirect count is 20, then return a network error. if (request.redirectCount === 20) { return makeNetworkError('redirect count exceeded') } - // 8. Increase request’s redirect count by one. + // 8. Increase request’s redirect count by 1. request.redirectCount += 1 // 9. If request’s mode is "cors", locationURL includes credentials, and @@ -1195,36 +1195,45 @@ async function httpRedirectFetch (fetchParams, response) { } } - // 13. If request’s body is non-null, then set request’s body to the first return + // 13. If request’s current URL’s origin is not same origin with locationURL’s + // origin, then for each headerName of CORS non-wildcard request-header name, + // delete headerName from request’s header list. + if (!sameOrigin(requestCurrentURL(request), locationURL)) { + // TODO: update url + // https://whatpr.org/fetch/1544/3cafbdf...eaa1d3b.html#cors-non-wildcard-request-header-name + request.headersList.delete('authorization') + } + + // 14. If request’s body is non-null, then set request’s body to the first return // value of safely extracting request’s body’s source. if (request.body != null) { assert(request.body.source) request.body = safelyExtractBody(request.body.source)[0] } - // 14. Let timingInfo be fetchParams’s timing info. + // 15. Let timingInfo be fetchParams’s timing info. const timingInfo = fetchParams.timingInfo - // 15. Set timingInfo’s redirect end time and post-redirect start time to the + // 16. Set timingInfo’s redirect end time and post-redirect start time to the // coarsened shared current time given fetchParams’s cross-origin isolated // capability. timingInfo.redirectEndTime = timingInfo.postRedirectStartTime = coarsenedSharedCurrentTime(fetchParams.crossOriginIsolatedCapability) - // 16. If timingInfo’s redirect start time is 0, then set timingInfo’s + // 17. If timingInfo’s redirect start time is 0, then set timingInfo’s // redirect start time to timingInfo’s start time. if (timingInfo.redirectStartTime === 0) { timingInfo.redirectStartTime = timingInfo.startTime } - // 17. Append locationURL to request’s URL list. + // 18. Append locationURL to request’s URL list. request.urlList.push(locationURL) - // 18. Invoke set request’s referrer policy on redirect on request and + // 19. Invoke set request’s referrer policy on redirect on request and // actualResponse. setRequestReferrerPolicyOnRedirect(request, actualResponse) - // 19. Return the result of running main fetch given fetchParams and true. + // 20. Return the result of running main fetch given fetchParams and true. return mainFetch(fetchParams, true) }