bxo 0.0.5-dev.62 → 0.0.5-dev.64

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "bxo",
   "module": "index.ts",
-  "version": "0.0.5-dev.62",
+  "version": "0.0.5-dev.64",
   "description": "A simple and lightweight web framework for Bun",
   "type": "module",
   "exports": {

package/src/utils/index.ts

@@ -271,6 +271,47 @@ export function cookiesToHeaders(cookies: InternalCookie[]): string[] {
   });
 }
 
+// Special cases for HTTP headers that need specific casing
+const HEADER_CASING_SPECIAL_CASES: Record<string, string> = {
+  'www-authenticate': 'WWW-Authenticate',
+  'content-md5': 'Content-MD5',
+  'dnt': 'DNT',
+  'etag': 'ETag',
+  'te': 'TE',
+  'trailer': 'Trailer',
+  'transfer-encoding': 'Transfer-Encoding',
+  'upgrade': 'Upgrade',
+  'x-forwarded-for': 'X-Forwarded-For',
+  'x-forwarded-proto': 'X-Forwarded-Proto',
+  'x-forwarded-host': 'X-Forwarded-Host',
+  'x-real-ip': 'X-Real-IP',
+  'x-requested-with': 'X-Requested-With',
+  'x-csrf-token': 'X-CSRF-Token',
+  'x-frame-options': 'X-Frame-Options',
+  'x-content-type-options': 'X-Content-Type-Options',
+  'x-xss-protection': 'X-XSS-Protection',
+  'strict-transport-security': 'Strict-Transport-Security',
+  'content-security-policy': 'Content-Security-Policy',
+  'referrer-policy': 'Referrer-Policy',
+  'permissions-policy': 'Permissions-Policy'
+};
+
+// Helper function to normalize header casing while preserving special cases
+function normalizeHeaderCase(headerKey: string): string {
+  const lowerKey = headerKey.toLowerCase();
+  return HEADER_CASING_SPECIAL_CASES[lowerKey] || headerKey;
+}
+
+// Helper function to convert Headers object back to plain object while preserving casing
+export function headersToPlainObject(headers: Headers): Record<string, string> {
+  const result: Record<string, string> = {};
+  headers.forEach((value, key) => {
+    // Preserve the original casing from the Headers object
+    result[key] = value;
+  });
+  return result;
+}
+
 // Merge headers with cookies
 export function mergeHeadersWithCookies(
   headers: Record<string, string>, 
@@ -278,9 +319,10 @@ export function mergeHeadersWithCookies(
 ): Headers {
   const newHeaders = new Headers();
   
-  // Add regular headers
+  // Add regular headers with proper casing
   Object.entries(headers).forEach(([key, value]) => {
-    newHeaders.set(key, value);
+    const normalizedKey = normalizeHeaderCase(key);
+    newHeaders.set(normalizedKey, value);
   });
   
   // Add Set-Cookie headers
@@ -292,6 +334,35 @@ export function mergeHeadersWithCookies(
   return newHeaders;
 }
 
+// Alternative function that returns headers with preserved casing
+export function mergeHeadersWithCookiesPreserveCasing(
+  headers: Record<string, string>, 
+  cookies: InternalCookie[]
+): Record<string, string> {
+  const result: Record<string, string> = { ...headers };
+  
+  // Apply special casing rules
+  Object.keys(result).forEach(key => {
+    const normalizedKey = normalizeHeaderCase(key);
+    if (normalizedKey !== key) {
+      result[normalizedKey] = result[key] || '';
+      delete result[key];
+    }
+  });
+  
+  // Add Set-Cookie headers
+  if (cookies.length > 0) {
+    const cookieHeaders = cookiesToHeaders(cookies);
+    // Set-Cookie headers should be separate entries, not joined
+    cookieHeaders.forEach((cookieHeader, index) => {
+      const key = index === 0 ? 'Set-Cookie' : `Set-Cookie-${index + 1}`;
+      result[key] = cookieHeader;
+    });
+  }
+  
+  return result;
+}
+
 // Create a redirect response
 export function createRedirectResponse(
   location: string, 

package/src/utils/response-handler.ts

@@ -1,5 +1,5 @@
 import type { Context, InternalCookie } from '../types';
-import { validateResponse, mergeHeadersWithCookies } from './index';
+import { validateResponse, mergeHeadersWithCookies, mergeHeadersWithCookiesPreserveCasing } from './index';
 
 // Process and format the response from a route handler
 export function processResponse(
@@ -28,12 +28,7 @@ export function processResponse(
 
       // Handle cookies if any are set
       if (internalCookies.length > 0) {
-        const headers = mergeHeadersWithCookies(responseHeaders, internalCookies);
-        const finalHeaders: Record<string, string> = {};
-        headers.forEach((value, key) => {
-          finalHeaders[key] = value;
-        });
-        responseHeaders = finalHeaders;
+        responseHeaders = mergeHeadersWithCookiesPreserveCasing(responseHeaders, internalCookies);
       }
 
       return new Response(null, {
@@ -77,7 +72,7 @@ export function processResponse(
   if (response instanceof Response) {
     // If there are headers set via ctx.set.headers, merge them with the Response headers
     if (ctx.set.headers && Object.keys(ctx.set.headers).length > 0) {
-      const newHeaders = mergeHeadersWithCookies(ctx.set.headers, internalCookies);
+      const newHeaders = mergeHeadersWithCookiesPreserveCasing(ctx.set.headers, internalCookies);
 
       // Create new Response with merged headers
       return new Response(response.body, {
@@ -124,10 +119,13 @@ export function processResponse(
 
   // Handle cookies if any are set
   if (internalCookies.length > 0) {
-    const headers = mergeHeadersWithCookies(responseHeaders, internalCookies);
+    const headers = mergeHeadersWithCookiesPreserveCasing(responseHeaders, internalCookies);
 
     if (typeof response === 'string') {
-      headers.set('Content-Type', 'text/plain');
+      // Only set Content-Type to text/plain if not already set
+      if (!headers['Content-Type']) {
+        headers['Content-Type'] = 'text/plain';
+      }
       return new Response(response, {
         status: ctx.set.status || 200,
         headers: headers
@@ -161,14 +159,14 @@ export function processResponse(
         return value;
       }));
       
-      headers.set('Content-Type', 'application/json');
+      headers['Content-Type'] = 'application/json';
       return new Response(JSON.stringify(serializableResponse), {
         status: ctx.set.status || 200,
         headers: headers
       });
     }
 
-    headers.set('Content-Type', 'application/json');
+    headers['Content-Type'] = 'application/json';
     return new Response(JSON.stringify(response), {
       status: ctx.set.status || 200,
       headers: headers
@@ -182,12 +180,20 @@ export function processResponse(
   };
 
   if (typeof response === 'string') {
+    const finalHeaders: Record<string, string> = {};
+    // Copy existing headers if they exist
+    if (responseInit.headers) {
+      if (typeof responseInit.headers === 'object' && !Array.isArray(responseInit.headers)) {
+        Object.assign(finalHeaders, responseInit.headers);
+      }
+    }
+    // Only set Content-Type to text/plain if not already set
+    if (!finalHeaders['Content-Type']) {
+      finalHeaders['Content-Type'] = 'text/plain';
+    }
     return new Response(response, {
       ...responseInit,
-      headers: {
-        'Content-Type': 'text/plain',
-        ...responseInit.headers
-      }
+      headers: finalHeaders
     });
   }
 
@@ -284,3 +290,4 @@ export function createValidationErrorResponse(
 
   return createErrorResponse(errorMessage, status, validationDetails);
 }
+

package/tests/integration/bxo.test.ts

@@ -426,6 +426,24 @@ describe('BXO Framework Integration', () => {
       expect(text).toBe('Custom response');
       expect(response.headers.get('x-custom')).toBe('value');
     });
+
+    it('should handle HTML responses with custom Content-Type', async () => {
+      app.get('/html', (ctx) => {
+        ctx.set.headers['Content-Type'] = 'text/html';
+        return `
+          <script src="/dist/injected/frontend.js"></script>
+          <html><body>Hello World</body></html>
+        `;
+      });
+
+      const response = await fetch(`${baseUrl}/html`);
+      const text = await response.text();
+
+      expect(response.status).toBe(200);
+      expect(response.headers.get('content-type')).toBe('text/html');
+      expect(text).toContain('<script src="/dist/injected/frontend.js"></script>');
+      expect(text).toContain('<html><body>Hello World</body></html>');
+    });
   });
 
   describe('Status and Headers', () => {

package/tests/unit/response-handler.test.ts

@@ -129,6 +129,32 @@ describe('Response Handler', () => {
       expect(await result.text()).toBe('Hello World');
     });
 
+    it('should preserve custom Content-Type for string responses', async () => {
+      mockContext.set.headers = { 'Content-Type': 'text/html' };
+      const result = processResponse('<html><body>Hello World</body></html>', mockContext, mockInternalCookies, true);
+
+      expect(result.status).toBe(200);
+      expect(result.headers.get('content-type')).toBe('text/html');
+      expect(await result.text()).toBe('<html><body>Hello World</body></html>');
+    });
+
+    it('should preserve custom Content-Type for string responses without cookies', async () => {
+      mockContext.set.headers = { 'Content-Type': 'text/html' };
+      const result = processResponse('<html><body>Hello World</body></html>', mockContext, [], true);
+
+      expect(result.status).toBe(200);
+      expect(result.headers.get('content-type')).toBe('text/html');
+      expect(await result.text()).toBe('<html><body>Hello World</body></html>');
+    });
+
+    it('should default to text/plain when no Content-Type is set for string responses', async () => {
+      const result = processResponse('Hello World', mockContext, [], true);
+
+      expect(result.status).toBe(200);
+      expect(result.headers.get('content-type')).toBe('text/plain');
+      expect(await result.text()).toBe('Hello World');
+    });
+
     it('should handle object responses', async () => {
       const result = processResponse({ message: 'success' }, mockContext, mockInternalCookies, true);
 

package/tests/unit/utils.test.ts

@@ -8,6 +8,7 @@ import {
   parseRequestBody,
   cookiesToHeaders,
   mergeHeadersWithCookies,
+  headersToPlainObject,
   createRedirectResponse,
   isFileUpload,
   getFileFromUpload,
@@ -178,6 +179,47 @@ describe('Utility Functions', () => {
       expect(result.get('content-type')).toBe('application/json');
       expect(result.get('set-cookie')).toBe('session=abc123');
     });
+
+    it('should preserve special header casing', () => {
+      const headers = {
+        'www-authenticate': 'Basic realm="example"',
+        'x-frame-options': 'DENY',
+        'content-type': 'application/json'
+      };
+
+      const result = mergeHeadersWithCookies(headers, []);
+
+      // Check that special headers maintain their casing
+      expect(result.get('WWW-Authenticate')).toBe('Basic realm="example"');
+      expect(result.get('X-Frame-Options')).toBe('DENY');
+      // Regular headers should keep their original casing
+      expect(result.get('content-type')).toBe('application/json');
+    });
+  });
+
+  describe('headersToPlainObject', () => {
+    it('should convert Headers object to plain object', () => {
+      const headers = new Headers();
+      headers.set('www-authenticate', 'Basic realm="example"');
+      headers.set('x-frame-options', 'DENY');
+      headers.set('content-type', 'application/json');
+
+      const result = headersToPlainObject(headers);
+
+      // Note: Headers object normalizes keys to lowercase
+      expect(result).toEqual({
+        'www-authenticate': 'Basic realm="example"',
+        'x-frame-options': 'DENY',
+        'content-type': 'application/json'
+      });
+    });
+
+    it('should handle empty Headers object', () => {
+      const headers = new Headers();
+      const result = headersToPlainObject(headers);
+
+      expect(result).toEqual({});
+    });
   });
 
   describe('createRedirectResponse', () => {