From 01302e6d2b2629cca4ad9327abe0f7a317f8399f Mon Sep 17 00:00:00 2001
From: Khafra <42794878+KhafraDev@users.noreply.github.com>
Date: Tue, 4 Jan 2022 08:13:39 -0500
Subject: [PATCH] fetch: fix small spec inconsistency (#1158)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This condition is not *yet* possible to meet so I couldn't add a test
(sorry!). The responseTainting is always set here or a network error is
returned (.status = 0 is a network error which makes the check never
pass):
https://github.com/nodejs/undici/blob/main/lib/fetch/index.js#L529 and
the condition is always met because response is never set
https://github.com/nodejs/undici/blob/main/lib/fetch/index.js#L475

The spec says that "[a] basic filtered response is a filtered response
whose type is "basic" and header list excludes any headers in internal
response’s header list whose name is a forbidden response-header name."
The library was incorrectly excluding valid headers.

If `data:`, `blob:`, `about:`, or `file:` URIs are ever supported, this
change will be needed.
---
 lib/fetch/constants.js | 1 +
 lib/fetch/response.js  | 5 +++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/fetch/constants.js b/lib/fetch/constants.js
index f3779486d4b..2eff7596968 100644
--- a/lib/fetch/constants.js
+++ b/lib/fetch/constants.js
@@ -58,6 +58,7 @@ const requestCache = [
   'only-if-cached'
 ]
 
+// https://fetch.spec.whatwg.org/#forbidden-response-header-name
 const forbiddenResponseHeaderNames = ['set-cookie', 'set-cookie2']
 
 const requestBodyHeader = [
diff --git a/lib/fetch/response.js b/lib/fetch/response.js
index b7c673754cc..4449d364005 100644
--- a/lib/fetch/response.js
+++ b/lib/fetch/response.js
@@ -8,7 +8,7 @@ const { responseURL, isValidReasonPhrase, toUSVString } = require('./util')
 const {
   redirectStatus,
   nullBodyStatus,
-  forbiddenHeaderNames
+  forbiddenResponseHeaderNames
 } = require('./constants')
 const { kState, kHeaders, kGuard, kRealm } = require('./symbols')
 const { kHeadersList } = require('../core/symbols')
@@ -366,6 +366,7 @@ function makeNetworkError (reason) {
   })
 }
 
+// https://fetch.spec.whatwg.org/#concept-filtered-response
 function filterResponse (response, type) {
   // Set response to the following filtered response with response as its
   // internal response, depending on request’s response tainting:
@@ -376,7 +377,7 @@ function filterResponse (response, type) {
 
     const headers = []
     for (let n = 0; n < response.headersList.length; n += 2) {
-      if (!forbiddenHeaderNames.includes(response.headersList[n])) {
+      if (!forbiddenResponseHeaderNames.includes(response.headersList[n])) {
         headers.push(response.headersList[n + 0], response.headersList[n + 1])
       }
     }