@common.js/node-fetch 3.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,272 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", {
3
+ value: true
4
+ });
5
+ function _export(target, all) {
6
+ for(var name in all)Object.defineProperty(target, name, {
7
+ enumerable: true,
8
+ get: all[name]
9
+ });
10
+ }
11
+ _export(exports, {
12
+ stripURLForUseAsAReferrer: function() {
13
+ return stripURLForUseAsAReferrer;
14
+ },
15
+ ReferrerPolicy: function() {
16
+ return ReferrerPolicy;
17
+ },
18
+ DEFAULT_REFERRER_POLICY: function() {
19
+ return DEFAULT_REFERRER_POLICY;
20
+ },
21
+ validateReferrerPolicy: function() {
22
+ return validateReferrerPolicy;
23
+ },
24
+ isOriginPotentiallyTrustworthy: function() {
25
+ return isOriginPotentiallyTrustworthy;
26
+ },
27
+ isUrlPotentiallyTrustworthy: function() {
28
+ return isUrlPotentiallyTrustworthy;
29
+ },
30
+ determineRequestsReferrer: function() {
31
+ return determineRequestsReferrer;
32
+ },
33
+ parseReferrerPolicyFromHeader: function() {
34
+ return parseReferrerPolicyFromHeader;
35
+ }
36
+ });
37
+ var _nodeNet = require("node:net");
38
+ function stripURLForUseAsAReferrer(url) {
39
+ var originOnly = arguments.length > 1 && arguments[1] !== void 0 ? arguments[1] : false;
40
+ // 1. If url is null, return no referrer.
41
+ if (url == null) {
42
+ return "no-referrer";
43
+ }
44
+ url = new URL(url);
45
+ // 2. If url's scheme is a local scheme, then return no referrer.
46
+ if (/^(about|blob|data):$/.test(url.protocol)) {
47
+ return "no-referrer";
48
+ }
49
+ // 3. Set url's username to the empty string.
50
+ url.username = "";
51
+ // 4. Set url's password to null.
52
+ // Note: `null` appears to be a mistake as this actually results in the password being `"null"`.
53
+ url.password = "";
54
+ // 5. Set url's fragment to null.
55
+ // Note: `null` appears to be a mistake as this actually results in the fragment being `"#null"`.
56
+ url.hash = "";
57
+ // 6. If the origin-only flag is true, then:
58
+ if (originOnly) {
59
+ // 6.1. Set url's path to null.
60
+ // Note: `null` appears to be a mistake as this actually results in the path being `"/null"`.
61
+ url.pathname = "";
62
+ // 6.2. Set url's query to null.
63
+ // Note: `null` appears to be a mistake as this actually results in the query being `"?null"`.
64
+ url.search = "";
65
+ }
66
+ // 7. Return url.
67
+ return url;
68
+ }
69
+ var ReferrerPolicy = new Set([
70
+ "",
71
+ "no-referrer",
72
+ "no-referrer-when-downgrade",
73
+ "same-origin",
74
+ "origin",
75
+ "strict-origin",
76
+ "origin-when-cross-origin",
77
+ "strict-origin-when-cross-origin",
78
+ "unsafe-url"
79
+ ]);
80
+ var DEFAULT_REFERRER_POLICY = "strict-origin-when-cross-origin";
81
+ function validateReferrerPolicy(referrerPolicy) {
82
+ if (!ReferrerPolicy.has(referrerPolicy)) {
83
+ throw new TypeError("Invalid referrerPolicy: ".concat(referrerPolicy));
84
+ }
85
+ return referrerPolicy;
86
+ }
87
+ function isOriginPotentiallyTrustworthy(url) {
88
+ // 1. If origin is an opaque origin, return "Not Trustworthy".
89
+ // Not applicable
90
+ // 2. Assert: origin is a tuple origin.
91
+ // Not for implementations
92
+ // 3. If origin's scheme is either "https" or "wss", return "Potentially Trustworthy".
93
+ if (/^(http|ws)s:$/.test(url.protocol)) {
94
+ return true;
95
+ }
96
+ // 4. If origin's host component matches one of the CIDR notations 127.0.0.0/8 or ::1/128 [RFC4632], return "Potentially Trustworthy".
97
+ var hostIp = url.host.replace(/(^\[)|(]$)/g, "");
98
+ var hostIPVersion = (0, _nodeNet.isIP)(hostIp);
99
+ if (hostIPVersion === 4 && /^127\./.test(hostIp)) {
100
+ return true;
101
+ }
102
+ if (hostIPVersion === 6 && /^(((0+:){7})|(::(0+:){0,6}))0*1$/.test(hostIp)) {
103
+ return true;
104
+ }
105
+ // 5. If origin's host component is "localhost" or falls within ".localhost", and the user agent conforms to the name resolution rules in [let-localhost-be-localhost], return "Potentially Trustworthy".
106
+ // We are returning FALSE here because we cannot ensure conformance to
107
+ // let-localhost-be-loalhost (https://tools.ietf.org/html/draft-west-let-localhost-be-localhost)
108
+ if (url.host === "localhost" || url.host.endsWith(".localhost")) {
109
+ return false;
110
+ }
111
+ // 6. If origin's scheme component is file, return "Potentially Trustworthy".
112
+ if (url.protocol === "file:") {
113
+ return true;
114
+ }
115
+ // 7. If origin's scheme component is one which the user agent considers to be authenticated, return "Potentially Trustworthy".
116
+ // Not supported
117
+ // 8. If origin has been configured as a trustworthy origin, return "Potentially Trustworthy".
118
+ // Not supported
119
+ // 9. Return "Not Trustworthy".
120
+ return false;
121
+ }
122
+ function isUrlPotentiallyTrustworthy(url) {
123
+ // 1. If url is "about:blank" or "about:srcdoc", return "Potentially Trustworthy".
124
+ if (/^about:(blank|srcdoc)$/.test(url)) {
125
+ return true;
126
+ }
127
+ // 2. If url's scheme is "data", return "Potentially Trustworthy".
128
+ if (url.protocol === "data:") {
129
+ return true;
130
+ }
131
+ // Note: The origin of blob: and filesystem: URLs is the origin of the context in which they were
132
+ // created. Therefore, blobs created in a trustworthy origin will themselves be potentially
133
+ // trustworthy.
134
+ if (/^(blob|filesystem):$/.test(url.protocol)) {
135
+ return true;
136
+ }
137
+ // 3. Return the result of executing §3.2 Is origin potentially trustworthy? on url's origin.
138
+ return isOriginPotentiallyTrustworthy(url);
139
+ }
140
+ function determineRequestsReferrer(request) {
141
+ var ref = arguments.length > 1 && arguments[1] !== void 0 ? arguments[1] : {}, referrerURLCallback = ref.referrerURLCallback, referrerOriginCallback = ref.referrerOriginCallback;
142
+ // There are 2 notes in the specification about invalid pre-conditions. We return null, here, for
143
+ // these cases:
144
+ // > Note: If request's referrer is "no-referrer", Fetch will not call into this algorithm.
145
+ // > Note: If request's referrer policy is the empty string, Fetch will not call into this
146
+ // > algorithm.
147
+ if (request.referrer === "no-referrer" || request.referrerPolicy === "") {
148
+ return null;
149
+ }
150
+ // 1. Let policy be request's associated referrer policy.
151
+ var policy = request.referrerPolicy;
152
+ // 2. Let environment be request's client.
153
+ // not applicable to node.js
154
+ // 3. Switch on request's referrer:
155
+ if (request.referrer === "about:client") {
156
+ return "no-referrer";
157
+ }
158
+ // "a URL": Let referrerSource be request's referrer.
159
+ var referrerSource = request.referrer;
160
+ // 4. Let request's referrerURL be the result of stripping referrerSource for use as a referrer.
161
+ var referrerURL = stripURLForUseAsAReferrer(referrerSource);
162
+ // 5. Let referrerOrigin be the result of stripping referrerSource for use as a referrer, with the
163
+ // origin-only flag set to true.
164
+ var referrerOrigin = stripURLForUseAsAReferrer(referrerSource, true);
165
+ // 6. If the result of serializing referrerURL is a string whose length is greater than 4096, set
166
+ // referrerURL to referrerOrigin.
167
+ if (referrerURL.toString().length > 4096) {
168
+ referrerURL = referrerOrigin;
169
+ }
170
+ // 7. The user agent MAY alter referrerURL or referrerOrigin at this point to enforce arbitrary
171
+ // policy considerations in the interests of minimizing data leakage. For example, the user
172
+ // agent could strip the URL down to an origin, modify its host, replace it with an empty
173
+ // string, etc.
174
+ if (referrerURLCallback) {
175
+ referrerURL = referrerURLCallback(referrerURL);
176
+ }
177
+ if (referrerOriginCallback) {
178
+ referrerOrigin = referrerOriginCallback(referrerOrigin);
179
+ }
180
+ // 8.Execute the statements corresponding to the value of policy:
181
+ var currentURL = new URL(request.url);
182
+ switch(policy){
183
+ case "no-referrer":
184
+ return "no-referrer";
185
+ case "origin":
186
+ return referrerOrigin;
187
+ case "unsafe-url":
188
+ return referrerURL;
189
+ case "strict-origin":
190
+ // 1. If referrerURL is a potentially trustworthy URL and request's current URL is not a
191
+ // potentially trustworthy URL, then return no referrer.
192
+ if (isUrlPotentiallyTrustworthy(referrerURL) && !isUrlPotentiallyTrustworthy(currentURL)) {
193
+ return "no-referrer";
194
+ }
195
+ // 2. Return referrerOrigin.
196
+ return referrerOrigin.toString();
197
+ case "strict-origin-when-cross-origin":
198
+ // 1. If the origin of referrerURL and the origin of request's current URL are the same, then
199
+ // return referrerURL.
200
+ if (referrerURL.origin === currentURL.origin) {
201
+ return referrerURL;
202
+ }
203
+ // 2. If referrerURL is a potentially trustworthy URL and request's current URL is not a
204
+ // potentially trustworthy URL, then return no referrer.
205
+ if (isUrlPotentiallyTrustworthy(referrerURL) && !isUrlPotentiallyTrustworthy(currentURL)) {
206
+ return "no-referrer";
207
+ }
208
+ // 3. Return referrerOrigin.
209
+ return referrerOrigin;
210
+ case "same-origin":
211
+ // 1. If the origin of referrerURL and the origin of request's current URL are the same, then
212
+ // return referrerURL.
213
+ if (referrerURL.origin === currentURL.origin) {
214
+ return referrerURL;
215
+ }
216
+ // 2. Return no referrer.
217
+ return "no-referrer";
218
+ case "origin-when-cross-origin":
219
+ // 1. If the origin of referrerURL and the origin of request's current URL are the same, then
220
+ // return referrerURL.
221
+ if (referrerURL.origin === currentURL.origin) {
222
+ return referrerURL;
223
+ }
224
+ // Return referrerOrigin.
225
+ return referrerOrigin;
226
+ case "no-referrer-when-downgrade":
227
+ // 1. If referrerURL is a potentially trustworthy URL and request's current URL is not a
228
+ // potentially trustworthy URL, then return no referrer.
229
+ if (isUrlPotentiallyTrustworthy(referrerURL) && !isUrlPotentiallyTrustworthy(currentURL)) {
230
+ return "no-referrer";
231
+ }
232
+ // 2. Return referrerURL.
233
+ return referrerURL;
234
+ default:
235
+ throw new TypeError("Invalid referrerPolicy: ".concat(policy));
236
+ }
237
+ }
238
+ function parseReferrerPolicyFromHeader(headers) {
239
+ // 1. Let policy-tokens be the result of extracting header list values given `Referrer-Policy`
240
+ // and response’s header list.
241
+ var policyTokens = (headers.get("referrer-policy") || "").split(/[,\s]+/);
242
+ // 2. Let policy be the empty string.
243
+ var policy = "";
244
+ var _iteratorNormalCompletion = true, _didIteratorError = false, _iteratorError = undefined;
245
+ try {
246
+ // 3. For each token in policy-tokens, if token is a referrer policy and token is not the empty
247
+ // string, then set policy to token.
248
+ // Note: This algorithm loops over multiple policy values to allow deployment of new policy
249
+ // values with fallbacks for older user agents, as described in § 11.1 Unknown Policy Values.
250
+ for(var _iterator = policyTokens[Symbol.iterator](), _step; !(_iteratorNormalCompletion = (_step = _iterator.next()).done); _iteratorNormalCompletion = true){
251
+ var token = _step.value;
252
+ if (token && ReferrerPolicy.has(token)) {
253
+ policy = token;
254
+ }
255
+ }
256
+ } catch (err) {
257
+ _didIteratorError = true;
258
+ _iteratorError = err;
259
+ } finally{
260
+ try {
261
+ if (!_iteratorNormalCompletion && _iterator.return != null) {
262
+ _iterator.return();
263
+ }
264
+ } finally{
265
+ if (_didIteratorError) {
266
+ throw _iteratorError;
267
+ }
268
+ }
269
+ }
270
+ // 4. Return policy.
271
+ return policy;
272
+ }