h3 1.13.1 → 1.15.0

package/dist/index.cjs

@@ -8,7 +8,7 @@ const destr = require('destr');
 const defu = require('defu');
 const crypto = require('uncrypto');
 const ironWebcrypto = require('iron-webcrypto');
-const index = require('unenv/runtime/node/http/index');
+const nodeMockHttp = require('node-mock-http');
 
 function _interopDefaultCompat (e) { return e && typeof e === 'object' && 'default' in e ? e.default : e; }
 
@@ -63,7 +63,7 @@ class H3Error extends Error {
     if (this.statusMessage) {
       obj.statusMessage = sanitizeStatusMessage(this.statusMessage);
     }
-    if (this.data !== void 0) {
+    if (this.data !== undefined) {
       obj.data = this.data;
     }
     return obj;
@@ -115,10 +115,10 @@ function createError(input) {
       );
     }
   }
-  if (input.fatal !== void 0) {
+  if (input.fatal !== undefined) {
     err.fatal = input.fatal;
   }
-  if (input.unhandled !== void 0) {
+  if (input.unhandled !== undefined) {
     err.unhandled = input.unhandled;
   }
   return err;
@@ -143,7 +143,7 @@ function sendError(event, error, debug) {
   const _code = Number.parseInt(h3Error.statusCode);
   setResponseStatus(event, _code, h3Error.statusMessage);
   event.node.res.setHeader("content-type", MIMES.json);
-  event.node.res.end(JSON.stringify(responseBody, void 0, 2));
+  event.node.res.end(JSON.stringify(responseBody, undefined, 2));
 }
 function isError(input) {
   return input?.constructor?.__h3_error__ === true;
@@ -416,7 +416,7 @@ function readRawBody(event, encoding = "utf8") {
     return encoding ? promise2.then((buff) => buff.toString(encoding)) : promise2;
   }
   if (!Number.parseInt(event.node.req.headers["content-length"] || "") && !String(event.node.req.headers["transfer-encoding"] ?? "").split(",").map((e) => e.trim()).filter(Boolean).includes("chunked")) {
-    return Promise.resolve(void 0);
+    return Promise.resolve(undefined);
   }
   const promise = event.node.req[RawBodySymbol] = new Promise(
     (resolve, reject) => {
@@ -511,7 +511,7 @@ function getRequestWebStream(event) {
 }
 function _parseJSON(body = "", strict) {
   if (!body) {
-    return void 0;
+    return undefined;
   }
   try {
     return destr__default(body, { strict });
@@ -542,7 +542,7 @@ function _parseURLEncodedBody(body) {
 function handleCacheHeaders(event, opts) {
   const cacheControls = ["public", ...opts.cacheControls || []];
   let cacheMatched = false;
-  if (opts.maxAge !== void 0) {
+  if (opts.maxAge !== undefined) {
     cacheControls.push(`max-age=${+opts.maxAge}`, `s-maxage=${+opts.maxAge}`);
   }
   if (opts.modifiedTime) {
@@ -687,7 +687,7 @@ function serializeIterableValue(value) {
     }
     case "function":
     case "undefined": {
-      return void 0;
+      return undefined;
     }
     case "object": {
       if (value instanceof Uint8Array) {
@@ -960,9 +960,9 @@ function sendIterable(event, iterable, options) {
     new ReadableStream({
       async pull(controller) {
         const { value, done } = await iterator.next();
-        if (value !== void 0) {
+        if (value !== undefined) {
           const chunk = serializer(value);
-          if (chunk !== void 0) {
+          if (chunk !== undefined) {
             controller.enqueue(chunk);
           }
         }
@@ -1140,7 +1140,7 @@ async function proxyRequest(event, target, opts = {}) {
       body = getRequestWebStream(event);
       duplex = "half";
     } else {
-      body = await readRawBody(event, false).catch(() => void 0);
+      body = await readRawBody(event, false).catch(() => undefined);
     }
   }
   const method = opts.fetchOptions?.method || event.method;
@@ -1220,7 +1220,7 @@ async function sendProxy(event, target, opts = {}) {
   if (opts.onResponse) {
     await opts.onResponse(event, response);
   }
-  if (response._data !== void 0) {
+  if (response._data !== undefined) {
     return response._data;
   }
   if (event.handled) {
@@ -1295,7 +1295,7 @@ function mergeHeaders(defaults, ...inputs) {
   const merged = new Headers(defaults);
   for (const input of _inputs) {
     for (const [key, value] of Object.entries(input)) {
-      if (value !== void 0) {
+      if (value !== undefined) {
         merged.set(key, value);
       }
     }
@@ -1321,10 +1321,16 @@ async function useSession(event, config) {
       return event.context.sessions?.[sessionName]?.data || {};
     },
     update: async (update) => {
+      if (!isEvent(event)) {
+        throw new Error("[h3] Cannot update read-only session.");
+      }
       await updateSession(event, config, update);
       return sessionManager;
     },
     clear: () => {
+      if (!isEvent(event)) {
+        throw new Error("[h3] Cannot clear read-only session.");
+      }
       clearSession(event, config);
       return Promise.resolve(sessionManager);
     }
@@ -1349,13 +1355,16 @@ async function getSession(event, config) {
   let sealedSession;
   if (config.sessionHeader !== false) {
     const headerName = typeof config.sessionHeader === "string" ? config.sessionHeader.toLowerCase() : `x-${sessionName.toLowerCase()}-session`;
-    const headerValue = event.node.req.headers[headerName];
+    const headerValue = _getReqHeader(event, headerName);
     if (typeof headerValue === "string") {
       sealedSession = headerValue;
     }
   }
   if (!sealedSession) {
-    sealedSession = getCookie(event, sessionName);
+    const cookieHeader = _getReqHeader(event, "cookie");
+    if (cookieHeader) {
+      sealedSession = cookieEs.parse(cookieHeader + "")[sessionName];
+    }
   }
   if (sealedSession) {
     const promise = unsealSession(event, config, sealedSession).catch(() => {
@@ -1368,12 +1377,28 @@ async function getSession(event, config) {
     await promise;
   }
   if (!session.id) {
+    if (!isEvent(event)) {
+      throw new Error(
+        "Cannot initialize a new session. Make sure using `useSession(event)` in main handler."
+      );
+    }
     session.id = config.generateId?.() ?? (config.crypto || crypto__default).randomUUID();
     session.createdAt = Date.now();
     await updateSession(event, config);
   }
   return session;
 }
+function _getReqHeader(event, name) {
+  if (event.node) {
+    return event.node?.req.headers[name];
+  }
+  if (event.request) {
+    return event.request.headers?.get(name);
+  }
+  if (event.headers) {
+    return event.headers.get(name);
+  }
+}
 async function updateSession(event, config, update) {
   const sessionName = config.name || DEFAULT_NAME;
   const session = event.context.sessions?.[sessionName] || await getSession(event, config);
@@ -1387,7 +1412,7 @@ async function updateSession(event, config, update) {
     const sealed = await sealSession(event, config);
     setCookie(event, sessionName, sealed, {
       ...DEFAULT_COOKIE,
-      expires: config.maxAge ? new Date(session.createdAt + config.maxAge * 1e3) : void 0,
+      expires: config.maxAge ? new Date(session.createdAt + config.maxAge * 1e3) : undefined,
       ...config.cookie
     });
   }
@@ -1473,7 +1498,7 @@ function setEventStreamHeaders(event) {
   setResponseHeaders(event, headers);
 }
 function isHttp2Request(event) {
-  return getHeader(event, ":path") !== void 0 && getHeader(event, ":method") !== void 0;
+  return getHeader(event, ":path") !== undefined && getHeader(event, ":method") !== undefined;
 }
 
 class EventStream {
@@ -1563,7 +1588,7 @@ class EventStream {
     }
     if (this._unsentData?.length) {
       await this._writer.write(this._encoder.encode(this._unsentData));
-      this._unsentData = void 0;
+      this._unsentData = undefined;
     }
   }
   /**
@@ -1673,7 +1698,7 @@ async function serveStatic(event, options) {
   if (meta.encoding && !getResponseHeader(event, "content-encoding")) {
     setResponseHeader(event, "content-encoding", meta.encoding);
   }
-  if (meta.size !== void 0 && meta.size > 0 && !getResponseHeader(event, "content-length")) {
+  if (meta.size !== undefined && meta.size > 0 && !getResponseHeader(event, "content-length")) {
     setResponseHeader(event, "content-length", meta.size);
   }
   if (event.method === "HEAD") {
@@ -1815,7 +1840,7 @@ function defineEventHandler(handler) {
   return _handler;
 }
 function _normalizeArray(input) {
-  return input ? Array.isArray(input) ? input : [input] : void 0;
+  return input ? Array.isArray(input) ? input : [input] : undefined;
 }
 async function _callHandler(event, handler, hooks) {
   if (hooks.onRequest) {
@@ -1945,7 +1970,7 @@ function use(app, arg1, arg2, arg3) {
   return app;
 }
 function createAppEventHandler(stack, options) {
-  const spacing = options.debug ? 2 : void 0;
+  const spacing = options.debug ? 2 : undefined;
   return eventHandler(async (event) => {
     event.node.req.originalUrl = event.node.req.originalUrl || event.node.req.url || "/";
     const _reqPath = event._path || event.node.req.url || "/";
@@ -1968,8 +1993,8 @@ function createAppEventHandler(stack, options) {
       event._path = _layerPath;
       event.node.req.url = _layerPath;
       const val = await layer.handler(event);
-      const _body = val === void 0 ? void 0 : await val;
-      if (_body !== void 0) {
+      const _body = val === undefined ? undefined : await val;
+      if (_body !== undefined) {
         const _response = { body: _body };
         if (options.onBeforeResponse) {
           event._onBeforeResponseCalled = true;
@@ -1985,7 +2010,7 @@ function createAppEventHandler(stack, options) {
       if (event.handled) {
         if (options.onAfterResponse) {
           event._onAfterResponseCalled = true;
-          await options.onAfterResponse(event, void 0);
+          await options.onAfterResponse(event, undefined);
         }
         return;
       }
@@ -1998,7 +2023,7 @@ function createAppEventHandler(stack, options) {
     }
     if (options.onAfterResponse) {
       event._onAfterResponseCalled = true;
-      await options.onAfterResponse(event, void 0);
+      await options.onAfterResponse(event, undefined);
     }
   });
 }
@@ -2013,7 +2038,7 @@ function createResolver(stack) {
         continue;
       }
       _layerPath = path.slice(layer.route.length) || "/";
-      if (layer.match && !layer.match(_layerPath, void 0)) {
+      if (layer.match && !layer.match(_layerPath, undefined)) {
         continue;
       }
       let res = { route: layer.route, handler: layer.handler };
@@ -2040,7 +2065,7 @@ function normalizeLayer(input) {
   if (input.lazy) {
     handler = lazyEventHandler(handler);
   } else if (!isEventHandler(handler)) {
-    handler = toEventHandler(handler, void 0, input.route);
+    handler = toEventHandler(handler, undefined, input.route);
   }
   return {
     route: ufo.withoutTrailingSlash(input.route),
@@ -2079,7 +2104,7 @@ function handleHandlerResponse(event, val, jsonSpace) {
     return send(event, val, MIMES.html);
   }
   if (valType === "object" || valType === "boolean" || valType === "number") {
-    return send(event, JSON.stringify(val, void 0, jsonSpace), MIMES.json);
+    return send(event, JSON.stringify(val, undefined, jsonSpace), MIMES.json);
   }
   if (valType === "bigint") {
     return send(event, val.toString(), MIMES.json);
@@ -2137,7 +2162,7 @@ function createRouter(opts = {}) {
         addRoute(path, handler, m);
       }
     } else {
-      route.handlers[method] = toEventHandler(handler, void 0, path);
+      route.handlers[method] = toEventHandler(handler, undefined, path);
     }
     return router;
   };
@@ -2207,7 +2232,7 @@ function createRouter(opts = {}) {
     const params = match.matched.params || {};
     event.context.params = params;
     return Promise.resolve(match.handler(event)).then((res) => {
-      if (res === void 0 && isPreemptive) {
+      if (res === undefined && isPreemptive) {
         return null;
       }
       return res;
@@ -2299,7 +2324,7 @@ function callNodeListener(handler, req, res) {
         res.off("close", next);
         res.off("error", next);
       }
-      return err ? reject(createError(err)) : resolve(void 0);
+      return err ? reject(createError(err)) : resolve(undefined);
     };
     try {
       const returned = handler(req, res, next);
@@ -2341,8 +2366,8 @@ async function _handlePlainRequest(app, request) {
   const path = request.path;
   const method = (request.method || "GET").toUpperCase();
   const headers = new Headers(request.headers);
-  const nodeReq = new index.IncomingMessage();
-  const nodeRes = new index.ServerResponse(nodeReq);
+  const nodeReq = new nodeMockHttp.IncomingMessage();
+  const nodeRes = new nodeMockHttp.ServerResponse(nodeReq);
   nodeReq.method = method;
   nodeReq.url = path;
   nodeReq.headers = Object.fromEntries(headers.entries());
@@ -2399,7 +2424,7 @@ function _normalizeUnenvHeaders(input) {
       for (const _value of value) {
         headers.push([key, _value]);
       }
-    } else if (value !== void 0) {
+    } else if (value !== undefined) {
       headers.push([key, String(value)]);
     }
   }

package/dist/index.d.cts

@@ -133,11 +133,20 @@ interface SessionConfig {
     /** Default is Crypto.randomUUID */
     generateId?: () => string;
 }
+type CompatEvent = {
+    request: {
+        headers: Headers;
+    };
+    context: any;
+} | {
+    headers: Headers;
+    context: any;
+};
 /**
  * Create a session manager for the current request.
  */
-declare function useSession<T extends SessionDataT = SessionDataT>(event: H3Event, config: SessionConfig): Promise<{
-    readonly id: string | undefined;
+declare function useSession<T extends SessionDataT = SessionDataT>(event: H3Event | CompatEvent, config: SessionConfig): Promise<{
+    readonly id: any;
     readonly data: T;
     update: (update: SessionUpdate<T>) => Promise</*elided*/ any>;
     clear: () => Promise</*elided*/ any>;
@@ -145,7 +154,7 @@ declare function useSession<T extends SessionDataT = SessionDataT>(event: H3Even
 /**
  * Get the session for the current request.
  */
-declare function getSession<T extends SessionDataT = SessionDataT>(event: H3Event, config: SessionConfig): Promise<Session<T>>;
+declare function getSession<T extends SessionDataT = SessionDataT>(event: H3Event | CompatEvent, config: SessionConfig): Promise<Session<T>>;
 type SessionUpdate<T extends SessionDataT = SessionDataT> = Partial<SessionData<T>> | ((oldData: SessionData<T>) => Partial<SessionData<T>> | undefined);
 /**
  * Update the session data for the current request.
@@ -154,11 +163,11 @@ declare function updateSession<T extends SessionDataT = SessionDataT>(event: H3E
 /**
  * Encrypt and sign the session data for the current request.
  */
-declare function sealSession<T extends SessionDataT = SessionDataT>(event: H3Event, config: SessionConfig): Promise<string>;
+declare function sealSession<T extends SessionDataT = SessionDataT>(event: H3Event | CompatEvent, config: SessionConfig): Promise<string>;
 /**
  * Decrypt and verify the session data for the current request.
  */
-declare function unsealSession(_event: H3Event, config: SessionConfig, sealed: string): Promise<Partial<Session<SessionDataT>>>;
+declare function unsealSession(_event: H3Event | CompatEvent, config: SessionConfig, sealed: string): Promise<Partial<Session<SessionDataT>>>;
 /**
  * Clear the session data for the current request.
  */
@@ -310,7 +319,6 @@ type LazyEventHandler = () => EventHandler | Promise<EventHandler>;
  * @property {boolean} unhandled - Indicates if the error was unhandled and auto captured.
  * @property {DataT} data - An extra data that will be included in the response.
  *                         This can be used to pass additional information about the error.
- * @property {boolean} internal - Setting this property to `true` will mark the error as an internal error.
  */
 declare class H3Error<DataT = unknown> extends Error {
     static __h3_error__: boolean;

package/dist/index.d.mts

@@ -133,11 +133,20 @@ interface SessionConfig {
     /** Default is Crypto.randomUUID */
     generateId?: () => string;
 }
+type CompatEvent = {
+    request: {
+        headers: Headers;
+    };
+    context: any;
+} | {
+    headers: Headers;
+    context: any;
+};
 /**
  * Create a session manager for the current request.
  */
-declare function useSession<T extends SessionDataT = SessionDataT>(event: H3Event, config: SessionConfig): Promise<{
-    readonly id: string | undefined;
+declare function useSession<T extends SessionDataT = SessionDataT>(event: H3Event | CompatEvent, config: SessionConfig): Promise<{
+    readonly id: any;
     readonly data: T;
     update: (update: SessionUpdate<T>) => Promise</*elided*/ any>;
     clear: () => Promise</*elided*/ any>;
@@ -145,7 +154,7 @@ declare function useSession<T extends SessionDataT = SessionDataT>(event: H3Even
 /**
  * Get the session for the current request.
  */
-declare function getSession<T extends SessionDataT = SessionDataT>(event: H3Event, config: SessionConfig): Promise<Session<T>>;
+declare function getSession<T extends SessionDataT = SessionDataT>(event: H3Event | CompatEvent, config: SessionConfig): Promise<Session<T>>;
 type SessionUpdate<T extends SessionDataT = SessionDataT> = Partial<SessionData<T>> | ((oldData: SessionData<T>) => Partial<SessionData<T>> | undefined);
 /**
  * Update the session data for the current request.
@@ -154,11 +163,11 @@ declare function updateSession<T extends SessionDataT = SessionDataT>(event: H3E
 /**
  * Encrypt and sign the session data for the current request.
  */
-declare function sealSession<T extends SessionDataT = SessionDataT>(event: H3Event, config: SessionConfig): Promise<string>;
+declare function sealSession<T extends SessionDataT = SessionDataT>(event: H3Event | CompatEvent, config: SessionConfig): Promise<string>;
 /**
  * Decrypt and verify the session data for the current request.
  */
-declare function unsealSession(_event: H3Event, config: SessionConfig, sealed: string): Promise<Partial<Session<SessionDataT>>>;
+declare function unsealSession(_event: H3Event | CompatEvent, config: SessionConfig, sealed: string): Promise<Partial<Session<SessionDataT>>>;
 /**
  * Clear the session data for the current request.
  */
@@ -310,7 +319,6 @@ type LazyEventHandler = () => EventHandler | Promise<EventHandler>;
  * @property {boolean} unhandled - Indicates if the error was unhandled and auto captured.
  * @property {DataT} data - An extra data that will be included in the response.
  *                         This can be used to pass additional information about the error.
- * @property {boolean} internal - Setting this property to `true` will mark the error as an internal error.
  */
 declare class H3Error<DataT = unknown> extends Error {
     static __h3_error__: boolean;

package/dist/index.d.ts

@@ -133,11 +133,20 @@ interface SessionConfig {
     /** Default is Crypto.randomUUID */
     generateId?: () => string;
 }
+type CompatEvent = {
+    request: {
+        headers: Headers;
+    };
+    context: any;
+} | {
+    headers: Headers;
+    context: any;
+};
 /**
  * Create a session manager for the current request.
  */
-declare function useSession<T extends SessionDataT = SessionDataT>(event: H3Event, config: SessionConfig): Promise<{
-    readonly id: string | undefined;
+declare function useSession<T extends SessionDataT = SessionDataT>(event: H3Event | CompatEvent, config: SessionConfig): Promise<{
+    readonly id: any;
     readonly data: T;
     update: (update: SessionUpdate<T>) => Promise</*elided*/ any>;
     clear: () => Promise</*elided*/ any>;
@@ -145,7 +154,7 @@ declare function useSession<T extends SessionDataT = SessionDataT>(event: H3Even
 /**
  * Get the session for the current request.
  */
-declare function getSession<T extends SessionDataT = SessionDataT>(event: H3Event, config: SessionConfig): Promise<Session<T>>;
+declare function getSession<T extends SessionDataT = SessionDataT>(event: H3Event | CompatEvent, config: SessionConfig): Promise<Session<T>>;
 type SessionUpdate<T extends SessionDataT = SessionDataT> = Partial<SessionData<T>> | ((oldData: SessionData<T>) => Partial<SessionData<T>> | undefined);
 /**
  * Update the session data for the current request.
@@ -154,11 +163,11 @@ declare function updateSession<T extends SessionDataT = SessionDataT>(event: H3E
 /**
  * Encrypt and sign the session data for the current request.
  */
-declare function sealSession<T extends SessionDataT = SessionDataT>(event: H3Event, config: SessionConfig): Promise<string>;
+declare function sealSession<T extends SessionDataT = SessionDataT>(event: H3Event | CompatEvent, config: SessionConfig): Promise<string>;
 /**
  * Decrypt and verify the session data for the current request.
  */
-declare function unsealSession(_event: H3Event, config: SessionConfig, sealed: string): Promise<Partial<Session<SessionDataT>>>;
+declare function unsealSession(_event: H3Event | CompatEvent, config: SessionConfig, sealed: string): Promise<Partial<Session<SessionDataT>>>;
 /**
  * Clear the session data for the current request.
  */
@@ -310,7 +319,6 @@ type LazyEventHandler = () => EventHandler | Promise<EventHandler>;
  * @property {boolean} unhandled - Indicates if the error was unhandled and auto captured.
  * @property {DataT} data - An extra data that will be included in the response.
  *                         This can be used to pass additional information about the error.
- * @property {boolean} internal - Setting this property to `true` will mark the error as an internal error.
  */
 declare class H3Error<DataT = unknown> extends Error {
     static __h3_error__: boolean;

package/dist/index.mjs

@@ -6,7 +6,7 @@ import destr from 'destr';
 import { defu } from 'defu';
 import crypto from 'uncrypto';
 import { seal, defaults, unseal } from 'iron-webcrypto';
-import { IncomingMessage, ServerResponse } from 'unenv/runtime/node/http/index';
+import { IncomingMessage, ServerResponse } from 'node-mock-http';
 
 function useBase(base, handler) {
   base = withoutTrailingSlash(base);
@@ -56,7 +56,7 @@ class H3Error extends Error {
     if (this.statusMessage) {
       obj.statusMessage = sanitizeStatusMessage(this.statusMessage);
     }
-    if (this.data !== void 0) {
+    if (this.data !== undefined) {
       obj.data = this.data;
     }
     return obj;
@@ -108,10 +108,10 @@ function createError(input) {
       );
     }
   }
-  if (input.fatal !== void 0) {
+  if (input.fatal !== undefined) {
     err.fatal = input.fatal;
   }
-  if (input.unhandled !== void 0) {
+  if (input.unhandled !== undefined) {
     err.unhandled = input.unhandled;
   }
   return err;
@@ -136,7 +136,7 @@ function sendError(event, error, debug) {
   const _code = Number.parseInt(h3Error.statusCode);
   setResponseStatus(event, _code, h3Error.statusMessage);
   event.node.res.setHeader("content-type", MIMES.json);
-  event.node.res.end(JSON.stringify(responseBody, void 0, 2));
+  event.node.res.end(JSON.stringify(responseBody, undefined, 2));
 }
 function isError(input) {
   return input?.constructor?.__h3_error__ === true;
@@ -409,7 +409,7 @@ function readRawBody(event, encoding = "utf8") {
     return encoding ? promise2.then((buff) => buff.toString(encoding)) : promise2;
   }
   if (!Number.parseInt(event.node.req.headers["content-length"] || "") && !String(event.node.req.headers["transfer-encoding"] ?? "").split(",").map((e) => e.trim()).filter(Boolean).includes("chunked")) {
-    return Promise.resolve(void 0);
+    return Promise.resolve(undefined);
   }
   const promise = event.node.req[RawBodySymbol] = new Promise(
     (resolve, reject) => {
@@ -504,7 +504,7 @@ function getRequestWebStream(event) {
 }
 function _parseJSON(body = "", strict) {
   if (!body) {
-    return void 0;
+    return undefined;
   }
   try {
     return destr(body, { strict });
@@ -535,7 +535,7 @@ function _parseURLEncodedBody(body) {
 function handleCacheHeaders(event, opts) {
   const cacheControls = ["public", ...opts.cacheControls || []];
   let cacheMatched = false;
-  if (opts.maxAge !== void 0) {
+  if (opts.maxAge !== undefined) {
     cacheControls.push(`max-age=${+opts.maxAge}`, `s-maxage=${+opts.maxAge}`);
   }
   if (opts.modifiedTime) {
@@ -680,7 +680,7 @@ function serializeIterableValue(value) {
     }
     case "function":
     case "undefined": {
-      return void 0;
+      return undefined;
     }
     case "object": {
       if (value instanceof Uint8Array) {
@@ -953,9 +953,9 @@ function sendIterable(event, iterable, options) {
     new ReadableStream({
       async pull(controller) {
         const { value, done } = await iterator.next();
-        if (value !== void 0) {
+        if (value !== undefined) {
           const chunk = serializer(value);
-          if (chunk !== void 0) {
+          if (chunk !== undefined) {
             controller.enqueue(chunk);
           }
         }
@@ -1133,7 +1133,7 @@ async function proxyRequest(event, target, opts = {}) {
       body = getRequestWebStream(event);
       duplex = "half";
     } else {
-      body = await readRawBody(event, false).catch(() => void 0);
+      body = await readRawBody(event, false).catch(() => undefined);
     }
   }
   const method = opts.fetchOptions?.method || event.method;
@@ -1213,7 +1213,7 @@ async function sendProxy(event, target, opts = {}) {
   if (opts.onResponse) {
     await opts.onResponse(event, response);
   }
-  if (response._data !== void 0) {
+  if (response._data !== undefined) {
     return response._data;
   }
   if (event.handled) {
@@ -1288,7 +1288,7 @@ function mergeHeaders(defaults, ...inputs) {
   const merged = new Headers(defaults);
   for (const input of _inputs) {
     for (const [key, value] of Object.entries(input)) {
-      if (value !== void 0) {
+      if (value !== undefined) {
         merged.set(key, value);
       }
     }
@@ -1314,10 +1314,16 @@ async function useSession(event, config) {
       return event.context.sessions?.[sessionName]?.data || {};
     },
     update: async (update) => {
+      if (!isEvent(event)) {
+        throw new Error("[h3] Cannot update read-only session.");
+      }
       await updateSession(event, config, update);
       return sessionManager;
     },
     clear: () => {
+      if (!isEvent(event)) {
+        throw new Error("[h3] Cannot clear read-only session.");
+      }
       clearSession(event, config);
       return Promise.resolve(sessionManager);
     }
@@ -1342,13 +1348,16 @@ async function getSession(event, config) {
   let sealedSession;
   if (config.sessionHeader !== false) {
     const headerName = typeof config.sessionHeader === "string" ? config.sessionHeader.toLowerCase() : `x-${sessionName.toLowerCase()}-session`;
-    const headerValue = event.node.req.headers[headerName];
+    const headerValue = _getReqHeader(event, headerName);
     if (typeof headerValue === "string") {
       sealedSession = headerValue;
     }
   }
   if (!sealedSession) {
-    sealedSession = getCookie(event, sessionName);
+    const cookieHeader = _getReqHeader(event, "cookie");
+    if (cookieHeader) {
+      sealedSession = parse$1(cookieHeader + "")[sessionName];
+    }
   }
   if (sealedSession) {
     const promise = unsealSession(event, config, sealedSession).catch(() => {
@@ -1361,12 +1370,28 @@ async function getSession(event, config) {
     await promise;
   }
   if (!session.id) {
+    if (!isEvent(event)) {
+      throw new Error(
+        "Cannot initialize a new session. Make sure using `useSession(event)` in main handler."
+      );
+    }
     session.id = config.generateId?.() ?? (config.crypto || crypto).randomUUID();
     session.createdAt = Date.now();
     await updateSession(event, config);
   }
   return session;
 }
+function _getReqHeader(event, name) {
+  if (event.node) {
+    return event.node?.req.headers[name];
+  }
+  if (event.request) {
+    return event.request.headers?.get(name);
+  }
+  if (event.headers) {
+    return event.headers.get(name);
+  }
+}
 async function updateSession(event, config, update) {
   const sessionName = config.name || DEFAULT_NAME;
   const session = event.context.sessions?.[sessionName] || await getSession(event, config);
@@ -1380,7 +1405,7 @@ async function updateSession(event, config, update) {
     const sealed = await sealSession(event, config);
     setCookie(event, sessionName, sealed, {
       ...DEFAULT_COOKIE,
-      expires: config.maxAge ? new Date(session.createdAt + config.maxAge * 1e3) : void 0,
+      expires: config.maxAge ? new Date(session.createdAt + config.maxAge * 1e3) : undefined,
       ...config.cookie
     });
   }
@@ -1466,7 +1491,7 @@ function setEventStreamHeaders(event) {
   setResponseHeaders(event, headers);
 }
 function isHttp2Request(event) {
-  return getHeader(event, ":path") !== void 0 && getHeader(event, ":method") !== void 0;
+  return getHeader(event, ":path") !== undefined && getHeader(event, ":method") !== undefined;
 }
 
 class EventStream {
@@ -1556,7 +1581,7 @@ class EventStream {
     }
     if (this._unsentData?.length) {
       await this._writer.write(this._encoder.encode(this._unsentData));
-      this._unsentData = void 0;
+      this._unsentData = undefined;
     }
   }
   /**
@@ -1666,7 +1691,7 @@ async function serveStatic(event, options) {
   if (meta.encoding && !getResponseHeader(event, "content-encoding")) {
     setResponseHeader(event, "content-encoding", meta.encoding);
   }
-  if (meta.size !== void 0 && meta.size > 0 && !getResponseHeader(event, "content-length")) {
+  if (meta.size !== undefined && meta.size > 0 && !getResponseHeader(event, "content-length")) {
     setResponseHeader(event, "content-length", meta.size);
   }
   if (event.method === "HEAD") {
@@ -1808,7 +1833,7 @@ function defineEventHandler(handler) {
   return _handler;
 }
 function _normalizeArray(input) {
-  return input ? Array.isArray(input) ? input : [input] : void 0;
+  return input ? Array.isArray(input) ? input : [input] : undefined;
 }
 async function _callHandler(event, handler, hooks) {
   if (hooks.onRequest) {
@@ -1938,7 +1963,7 @@ function use(app, arg1, arg2, arg3) {
   return app;
 }
 function createAppEventHandler(stack, options) {
-  const spacing = options.debug ? 2 : void 0;
+  const spacing = options.debug ? 2 : undefined;
   return eventHandler(async (event) => {
     event.node.req.originalUrl = event.node.req.originalUrl || event.node.req.url || "/";
     const _reqPath = event._path || event.node.req.url || "/";
@@ -1961,8 +1986,8 @@ function createAppEventHandler(stack, options) {
       event._path = _layerPath;
       event.node.req.url = _layerPath;
       const val = await layer.handler(event);
-      const _body = val === void 0 ? void 0 : await val;
-      if (_body !== void 0) {
+      const _body = val === undefined ? undefined : await val;
+      if (_body !== undefined) {
         const _response = { body: _body };
         if (options.onBeforeResponse) {
           event._onBeforeResponseCalled = true;
@@ -1978,7 +2003,7 @@ function createAppEventHandler(stack, options) {
       if (event.handled) {
         if (options.onAfterResponse) {
           event._onAfterResponseCalled = true;
-          await options.onAfterResponse(event, void 0);
+          await options.onAfterResponse(event, undefined);
         }
         return;
       }
@@ -1991,7 +2016,7 @@ function createAppEventHandler(stack, options) {
     }
     if (options.onAfterResponse) {
       event._onAfterResponseCalled = true;
-      await options.onAfterResponse(event, void 0);
+      await options.onAfterResponse(event, undefined);
     }
   });
 }
@@ -2006,7 +2031,7 @@ function createResolver(stack) {
         continue;
       }
       _layerPath = path.slice(layer.route.length) || "/";
-      if (layer.match && !layer.match(_layerPath, void 0)) {
+      if (layer.match && !layer.match(_layerPath, undefined)) {
         continue;
       }
       let res = { route: layer.route, handler: layer.handler };
@@ -2033,7 +2058,7 @@ function normalizeLayer(input) {
   if (input.lazy) {
     handler = lazyEventHandler(handler);
   } else if (!isEventHandler(handler)) {
-    handler = toEventHandler(handler, void 0, input.route);
+    handler = toEventHandler(handler, undefined, input.route);
   }
   return {
     route: withoutTrailingSlash(input.route),
@@ -2072,7 +2097,7 @@ function handleHandlerResponse(event, val, jsonSpace) {
     return send(event, val, MIMES.html);
   }
   if (valType === "object" || valType === "boolean" || valType === "number") {
-    return send(event, JSON.stringify(val, void 0, jsonSpace), MIMES.json);
+    return send(event, JSON.stringify(val, undefined, jsonSpace), MIMES.json);
   }
   if (valType === "bigint") {
     return send(event, val.toString(), MIMES.json);
@@ -2130,7 +2155,7 @@ function createRouter(opts = {}) {
         addRoute(path, handler, m);
       }
     } else {
-      route.handlers[method] = toEventHandler(handler, void 0, path);
+      route.handlers[method] = toEventHandler(handler, undefined, path);
     }
     return router;
   };
@@ -2200,7 +2225,7 @@ function createRouter(opts = {}) {
     const params = match.matched.params || {};
     event.context.params = params;
     return Promise.resolve(match.handler(event)).then((res) => {
-      if (res === void 0 && isPreemptive) {
+      if (res === undefined && isPreemptive) {
         return null;
       }
       return res;
@@ -2292,7 +2317,7 @@ function callNodeListener(handler, req, res) {
         res.off("close", next);
         res.off("error", next);
       }
-      return err ? reject(createError(err)) : resolve(void 0);
+      return err ? reject(createError(err)) : resolve(undefined);
     };
     try {
       const returned = handler(req, res, next);
@@ -2392,7 +2417,7 @@ function _normalizeUnenvHeaders(input) {
       for (const _value of value) {
         headers.push([key, _value]);
       }
-    } else if (value !== void 0) {
+    } else if (value !== undefined) {
       headers.push([key, String(value)]);
     }
   }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "h3",
-  "version": "1.13.1",
+  "version": "1.15.0",
   "description": "Minimal H(TTP) framework built for high performance and portability.",
   "repository": "unjs/h3",
   "license": "MIT",
@@ -30,47 +30,47 @@
     "test": "pnpm lint && vitest --run --coverage"
   },
   "resolutions": {
-    "h3": "link:."
+    "h3": "^1.14.0"
   },
   "dependencies": {
     "cookie-es": "^1.2.2",
-    "crossws": "^0.3.1",
+    "crossws": "^0.3.3",
     "defu": "^6.1.4",
     "destr": "^2.0.3",
     "iron-webcrypto": "^1.2.1",
+    "node-mock-http": "^1.0.0",
     "ohash": "^1.1.4",
     "radix3": "^1.1.2",
     "ufo": "^1.5.4",
-    "uncrypto": "^0.1.3",
-    "unenv": "^1.10.0"
+    "uncrypto": "^0.1.3"
   },
   "devDependencies": {
     "0x": "^5.8.0",
     "@types/express": "^5.0.0",
-    "@types/node": "^22.10.5",
+    "@types/node": "^22.13.1",
     "@types/supertest": "^6.0.2",
-    "@vitest/coverage-v8": "^2.1.8",
+    "@vitest/coverage-v8": "^3.0.5",
     "autocannon": "^8.0.0",
     "automd": "^0.3.12",
     "changelogen": "^0.5.7",
     "connect": "^3.7.0",
-    "eslint": "^9.17.0",
+    "eslint": "^9.19.0",
     "eslint-config-unjs": "^0.4.2",
     "express": "^4.21.2",
     "get-port": "^7.1.0",
-    "h3": "^1.13.0",
+    "h3": "^1.14.0",
     "jiti": "^2.4.2",
     "listhen": "^1.9.0",
-    "node-fetch-native": "^1.6.4",
+    "node-fetch-native": "^1.6.6",
     "prettier": "^3.4.2",
     "react": "^19.0.0",
     "react-dom": "^19.0.0",
     "supertest": "^7.0.0",
     "typescript": "^5.7.3",
-    "unbuild": "^3.2.0",
-    "undici": "^7.2.0",
-    "vitest": "^2.1.8",
+    "unbuild": "^3.3.1",
+    "undici": "^7.3.0",
+    "vitest": "^3.0.5",
     "zod": "^3.24.1"
   },
-  "packageManager": "pnpm@9.15.3"
+  "packageManager": "pnpm@10.2.0"
 }