undici 6.20.0 → 7.0.0-alpha.2

package/lib/web/fetch/response.js

@@ -9,7 +9,6 @@ const {
   isValidReasonPhrase,
   isCancelled,
   isAborted,
-  isBlobLike,
   serializeJavascriptValueToJSONString,
   isErrorLike,
   isomorphicEncode,
@@ -19,9 +18,7 @@ const {
   redirectStatusSet,
   nullBodyStatus
 } = require('./constants')
-const { kState, kHeaders } = require('./symbols')
 const { webidl } = require('./webidl')
-const { FormData } = require('./formdata')
 const { URLSerializer } = require('./data-url')
 const { kConstruct } = require('../../core/symbols')
 const assert = require('node:assert')
@@ -31,6 +28,11 @@ const textEncoder = new TextEncoder('utf-8')
 
 // https://fetch.spec.whatwg.org/#response-class
 class Response {
+  /** @type {Headers} */
+  #headers
+
+  #state
+
   // Creates network error Response.
   static error () {
     // The static error() method steps are to return the result of creating a
@@ -42,7 +44,7 @@ class Response {
   }
 
   // https://fetch.spec.whatwg.org/#dom-response-json
-  static json (data, init = {}) {
+  static json (data, init = undefined) {
     webidl.argumentLengthCheck(arguments, 1, 'Response.json')
 
     if (init !== null) {
@@ -96,20 +98,20 @@ class Response {
     const responseObject = fromInnerResponse(makeResponse({}), 'immutable')
 
     // 5. Set responseObject’s response’s status to status.
-    responseObject[kState].status = status
+    responseObject.#state.status = status
 
     // 6. Let value be parsedURL, serialized and isomorphic encoded.
     const value = isomorphicEncode(URLSerializer(parsedURL))
 
     // 7. Append `Location`/value to responseObject’s response’s header list.
-    responseObject[kState].headersList.append('location', value, true)
+    responseObject.#state.headersList.append('location', value, true)
 
     // 8. Return responseObject.
     return responseObject
   }
 
   // https://fetch.spec.whatwg.org/#dom-response
-  constructor (body = null, init = {}) {
+  constructor (body = null, init = undefined) {
     if (body === kConstruct) {
       return
     }
@@ -121,14 +123,14 @@ class Response {
     init = webidl.converters.ResponseInit(init)
 
     // 1. Set this’s response to a new response.
-    this[kState] = makeResponse({})
+    this.#state = makeResponse({})
 
     // 2. Set this’s headers to a new Headers object with this’s relevant
     // Realm, whose header list is this’s response’s header list and guard
     // is "response".
-    this[kHeaders] = new Headers(kConstruct)
-    setHeadersGuard(this[kHeaders], 'response')
-    setHeadersList(this[kHeaders], this[kState].headersList)
+    this.#headers = new Headers(kConstruct)
+    setHeadersGuard(this.#headers, 'response')
+    setHeadersList(this.#headers, this.#state.headersList)
 
     // 3. Let bodyWithType be null.
     let bodyWithType = null
@@ -148,14 +150,14 @@ class Response {
     webidl.brandCheck(this, Response)
 
     // The type getter steps are to return this’s response’s type.
-    return this[kState].type
+    return this.#state.type
   }
 
   // Returns response’s URL, if it has one; otherwise the empty string.
   get url () {
     webidl.brandCheck(this, Response)
 
-    const urlList = this[kState].urlList
+    const urlList = this.#state.urlList
 
     // The url getter steps are to return the empty string if this’s
     // response’s URL is null; otherwise this’s response’s URL,
@@ -175,7 +177,7 @@ class Response {
 
     // The redirected getter steps are to return true if this’s response’s URL
     // list has more than one item; otherwise false.
-    return this[kState].urlList.length > 1
+    return this.#state.urlList.length > 1
   }
 
   // Returns response’s status.
@@ -183,7 +185,7 @@ class Response {
     webidl.brandCheck(this, Response)
 
     // The status getter steps are to return this’s response’s status.
-    return this[kState].status
+    return this.#state.status
   }
 
   // Returns whether response’s status is an ok status.
@@ -192,7 +194,7 @@ class Response {
 
     // The ok getter steps are to return true if this’s response’s status is an
     // ok status; otherwise false.
-    return this[kState].status >= 200 && this[kState].status <= 299
+    return this.#state.status >= 200 && this.#state.status <= 299
   }
 
   // Returns response’s status message.
@@ -201,7 +203,7 @@ class Response {
 
     // The statusText getter steps are to return this’s response’s status
     // message.
-    return this[kState].statusText
+    return this.#state.statusText
   }
 
   // Returns response’s headers as Headers.
@@ -209,19 +211,19 @@ class Response {
     webidl.brandCheck(this, Response)
 
     // The headers getter steps are to return this’s headers.
-    return this[kHeaders]
+    return this.#headers
   }
 
   get body () {
     webidl.brandCheck(this, Response)
 
-    return this[kState].body ? this[kState].body.stream : null
+    return this.#state.body ? this.#state.body.stream : null
   }
 
   get bodyUsed () {
     webidl.brandCheck(this, Response)
 
-    return !!this[kState].body && util.isDisturbed(this[kState].body.stream)
+    return !!this.#state.body && util.isDisturbed(this.#state.body.stream)
   }
 
   // Returns a clone of response.
@@ -229,7 +231,7 @@ class Response {
     webidl.brandCheck(this, Response)
 
     // 1. If this is unusable, then throw a TypeError.
-    if (bodyUnusable(this)) {
+    if (bodyUnusable(this.#state)) {
       throw webidl.errors.exception({
         header: 'Response.clone',
         message: 'Body has already been consumed.'
@@ -237,11 +239,11 @@ class Response {
     }
 
     // 2. Let clonedResponse be the result of cloning this’s response.
-    const clonedResponse = cloneResponse(this[kState])
+    const clonedResponse = cloneResponse(this.#state)
 
     // 3. Return the result of creating a Response object, given
     // clonedResponse, this’s headers’s guard, and this’s relevant Realm.
-    return fromInnerResponse(clonedResponse, getHeadersGuard(this[kHeaders]))
+    return fromInnerResponse(clonedResponse, getHeadersGuard(this.#headers))
   }
 
   [nodeUtil.inspect.custom] (depth, options) {
@@ -265,9 +267,45 @@ class Response {
 
     return `Response ${nodeUtil.formatWithOptions(options, properties)}`
   }
+
+  /**
+   * @param {Response} response
+   */
+  static getResponseHeaders (response) {
+    return response.#headers
+  }
+
+  /**
+   * @param {Response} response
+   * @param {Headers} newHeaders
+   */
+  static setResponseHeaders (response, newHeaders) {
+    response.#headers = newHeaders
+  }
+
+  /**
+   * @param {Response} response
+   */
+  static getResponseState (response) {
+    return response.#state
+  }
+
+  /**
+   * @param {Response} response
+   * @param {any} newState
+   */
+  static setResponseState (response, newState) {
+    response.#state = newState
+  }
 }
 
-mixinBody(Response)
+const { getResponseHeaders, setResponseHeaders, getResponseState, setResponseState } = Response
+Reflect.deleteProperty(Response, 'getResponseHeaders')
+Reflect.deleteProperty(Response, 'setResponseHeaders')
+Reflect.deleteProperty(Response, 'getResponseState')
+Reflect.deleteProperty(Response, 'setResponseState')
+
+mixinBody(Response, getResponseState)
 
 Object.defineProperties(Response.prototype, {
   type: kEnumerableProperty,
@@ -464,17 +502,17 @@ function initializeResponse (response, init, body) {
 
   // 3. Set response’s response’s status to init["status"].
   if ('status' in init && init.status != null) {
-    response[kState].status = init.status
+    getResponseState(response).status = init.status
   }
 
   // 4. Set response’s response’s status message to init["statusText"].
   if ('statusText' in init && init.statusText != null) {
-    response[kState].statusText = init.statusText
+    getResponseState(response).statusText = init.statusText
   }
 
   // 5. If init["headers"] exists, then fill response’s headers with init["headers"].
   if ('headers' in init && init.headers != null) {
-    fill(response[kHeaders], init.headers)
+    fill(getResponseHeaders(response), init.headers)
   }
 
   // 6. If body was given, then:
@@ -488,12 +526,12 @@ function initializeResponse (response, init, body) {
     }
 
     // 2. Set response's body to body's body.
-    response[kState].body = body.body
+    getResponseState(response).body = body.body
 
     // 3. If body's type is non-null and response's header list does not contain
     //    `Content-Type`, then append (`Content-Type`, body's type) to response's header list.
-    if (body.type != null && !response[kState].headersList.contains('content-type', true)) {
-      response[kState].headersList.append('content-type', body.type, true)
+    if (body.type != null && !getResponseState(response).headersList.contains('content-type', true)) {
+      getResponseState(response).headersList.append('content-type', body.type, true)
     }
   }
 }
@@ -506,10 +544,11 @@ function initializeResponse (response, init, body) {
  */
 function fromInnerResponse (innerResponse, guard) {
   const response = new Response(kConstruct)
-  response[kState] = innerResponse
-  response[kHeaders] = new Headers(kConstruct)
-  setHeadersList(response[kHeaders], innerResponse.headersList)
-  setHeadersGuard(response[kHeaders], guard)
+  setResponseState(response, innerResponse)
+  const headers = new Headers(kConstruct)
+  setResponseHeaders(response, headers)
+  setHeadersList(headers, innerResponse.headersList)
+  setHeadersGuard(headers, guard)
 
   if (hasFinalizationRegistry && innerResponse.body?.stream) {
     // If the target (response) is reclaimed, the cleanup callback may be called at some point with
@@ -523,38 +562,26 @@ function fromInnerResponse (innerResponse, guard) {
   return response
 }
 
-webidl.converters.ReadableStream = webidl.interfaceConverter(
-  ReadableStream
-)
-
-webidl.converters.FormData = webidl.interfaceConverter(
-  FormData
-)
-
-webidl.converters.URLSearchParams = webidl.interfaceConverter(
-  URLSearchParams
-)
-
 // https://fetch.spec.whatwg.org/#typedefdef-xmlhttprequestbodyinit
 webidl.converters.XMLHttpRequestBodyInit = function (V, prefix, name) {
   if (typeof V === 'string') {
     return webidl.converters.USVString(V, prefix, name)
   }
 
-  if (isBlobLike(V)) {
-    return webidl.converters.Blob(V, prefix, name, { strict: false })
+  if (webidl.is.Blob(V)) {
+    return V
   }
 
   if (ArrayBuffer.isView(V) || types.isArrayBuffer(V)) {
-    return webidl.converters.BufferSource(V, prefix, name)
+    return V
   }
 
-  if (util.isFormDataLike(V)) {
-    return webidl.converters.FormData(V, prefix, name, { strict: false })
+  if (webidl.is.FormData(V)) {
+    return V
   }
 
-  if (V instanceof URLSearchParams) {
-    return webidl.converters.URLSearchParams(V, prefix, name)
+  if (webidl.is.URLSearchParams(V)) {
+    return V
   }
 
   return webidl.converters.DOMString(V, prefix, name)
@@ -562,8 +589,8 @@ webidl.converters.XMLHttpRequestBodyInit = function (V, prefix, name) {
 
 // https://fetch.spec.whatwg.org/#bodyinit
 webidl.converters.BodyInit = function (V, prefix, argument) {
-  if (V instanceof ReadableStream) {
-    return webidl.converters.ReadableStream(V, prefix, argument)
+  if (webidl.is.ReadableStream(V)) {
+    return V
   }
 
   // Note: the spec doesn't include async iterables,
@@ -592,6 +619,8 @@ webidl.converters.ResponseInit = webidl.dictionaryConverter([
   }
 ])
 
+webidl.is.Response = webidl.util.MakeTypeAssertion(Response.prototype)
+
 module.exports = {
   isNetworkError,
   makeNetworkError,
@@ -600,5 +629,6 @@ module.exports = {
   filterResponse,
   Response,
   cloneResponse,
-  fromInnerResponse
+  fromInnerResponse,
+  getResponseState
 }

package/lib/web/fetch/util.js

@@ -6,7 +6,7 @@ const { redirectStatusSet, referrerPolicySet: referrerPolicyTokens, badPortsSet
 const { getGlobalOrigin } = require('./global')
 const { collectASequenceOfCodePoints, collectAnHTTPQuotedString, removeChars, parseMIMEType } = require('./data-url')
 const { performance } = require('node:perf_hooks')
-const { isBlobLike, ReadableStreamFrom, isValidHTTPToken, normalizedMethodRecordsBase } = require('../../core/util')
+const { ReadableStreamFrom, isValidHTTPToken, normalizedMethodRecordsBase } = require('../../core/util')
 const assert = require('node:assert')
 const { isUint8Array } = require('node:util/types')
 const { webidl } = require('./webidl')
@@ -399,7 +399,7 @@ function determineRequestsReferrer (request) {
 
     // note: we need to clone it as it's mutated
     referrerSource = new URL(globalOrigin)
-  } else if (request.referrer instanceof URL) {
+  } else if (webidl.is.URL(request.referrer)) {
     // Let referrerSource be request’s referrer.
     referrerSource = request.referrer
   }
@@ -418,18 +418,37 @@ function determineRequestsReferrer (request) {
     referrerURL = referrerOrigin
   }
 
-  const areSameOrigin = sameOrigin(request, referrerURL)
-  const isNonPotentiallyTrustWorthy = isURLPotentiallyTrustworthy(referrerURL) &&
-    !isURLPotentiallyTrustworthy(request.url)
+  // 7. The user agent MAY alter referrerURL or referrerOrigin at this point
+  // to enforce arbitrary policy considerations in the interests of minimizing
+  // data leakage. For example, the user agent could strip the URL down to an
+  // origin, modify its host, replace it with an empty string, etc.
 
   // 8. Execute the switch statements corresponding to the value of policy:
   switch (policy) {
-    case 'origin': return referrerOrigin != null ? referrerOrigin : stripURLForReferrer(referrerSource, true)
-    case 'unsafe-url': return referrerURL
-    case 'same-origin':
-      return areSameOrigin ? referrerOrigin : 'no-referrer'
-    case 'origin-when-cross-origin':
-      return areSameOrigin ? referrerURL : referrerOrigin
+    case 'no-referrer':
+      // Return no referrer
+      return 'no-referrer'
+    case 'origin':
+      // Return referrerOrigin
+      if (referrerOrigin != null) {
+        return referrerOrigin
+      }
+      return stripURLForReferrer(referrerSource, true)
+    case 'unsafe-url':
+      // Return referrerURL.
+      return referrerURL
+    case 'strict-origin': {
+      const currentURL = requestCurrentURL(request)
+
+      // 1. If referrerURL is a potentially trustworthy URL and request’s
+      //    current URL is not a potentially trustworthy URL, then return no
+      //    referrer.
+      if (isURLPotentiallyTrustworthy(referrerURL) && !isURLPotentiallyTrustworthy(currentURL)) {
+        return 'no-referrer'
+      }
+      // 2. Return referrerOrigin
+      return referrerOrigin
+    }
     case 'strict-origin-when-cross-origin': {
       const currentURL = requestCurrentURL(request)
 
@@ -449,34 +468,45 @@ function determineRequestsReferrer (request) {
       // 3. Return referrerOrigin.
       return referrerOrigin
     }
-    case 'strict-origin': // eslint-disable-line
-      /**
-         * 1. If referrerURL is a potentially trustworthy URL and
-         * request’s current URL is not a potentially trustworthy URL,
-         * then return no referrer.
-         * 2. Return referrerOrigin
-        */
-    case 'no-referrer-when-downgrade': // eslint-disable-line
-      /**
-       * 1. If referrerURL is a potentially trustworthy URL and
-       * request’s current URL is not a potentially trustworthy URL,
-       * then return no referrer.
-       * 2. Return referrerOrigin
-      */
-
-    default: // eslint-disable-line
-      return isNonPotentiallyTrustWorthy ? 'no-referrer' : referrerOrigin
+    case 'same-origin':
+      // 1. If the origin of referrerURL and the origin of request’s current
+      // URL are the same, then return referrerURL.
+      if (sameOrigin(request, referrerURL)) {
+        return referrerURL
+      }
+      // 2. Return no referrer.
+      return 'no-referrer'
+    case 'origin-when-cross-origin':
+      // 1. If the origin of referrerURL and the origin of request’s current
+      // URL are the same, then return referrerURL.
+      if (sameOrigin(request, referrerURL)) {
+        return referrerURL
+      }
+      // 2. Return referrerOrigin.
+      return referrerOrigin
+    case 'no-referrer-when-downgrade': {
+      const currentURL = requestCurrentURL(request)
+
+      // 1. If referrerURL is a potentially trustworthy URL and request’s
+      //    current URL is not a potentially trustworthy URL, then return no
+      //    referrer.
+      if (isURLPotentiallyTrustworthy(referrerURL) && !isURLPotentiallyTrustworthy(currentURL)) {
+        return 'no-referrer'
+      }
+      // 2. Return referrerOrigin
+      return referrerOrigin
+    }
   }
 }
 
 /**
  * @see https://w3c.github.io/webappsec-referrer-policy/#strip-url
  * @param {URL} url
- * @param {boolean|undefined} originOnly
+ * @param {boolean} [originOnly]
  */
 function stripURLForReferrer (url, originOnly) {
   // 1. Assert: url is a URL.
-  assert(url instanceof URL)
+  assert(webidl.is.URL(url))
 
   url = new URL(url)
 
@@ -508,7 +538,7 @@ function stripURLForReferrer (url, originOnly) {
 }
 
 function isURLPotentiallyTrustworthy (url) {
-  if (!(url instanceof URL)) {
+  if (!webidl.is.URL(url)) {
     return false
   }
 
@@ -825,7 +855,7 @@ const esIteratorPrototype = Object.getPrototypeOf(Object.getPrototypeOf([][Symbo
 /**
  * @see https://webidl.spec.whatwg.org/#dfn-iterator-prototype-object
  * @param {string} name name of the instance
- * @param {symbol} kInternalIterator
+ * @param {((target: any) => any)} kInternalIterator
  * @param {string | number} [keyIndex]
  * @param {string | number} [valueIndex]
  */
@@ -867,7 +897,7 @@ function createIterator (name, kInternalIterator, keyIndex = 0, valueIndex = 1)
       // 7. Let kind be object’s kind.
       // 8. Let values be object’s target's value pairs to iterate over.
       const index = this.#index
-      const values = this.#target[kInternalIterator]
+      const values = kInternalIterator(this.#target)
 
       // 9. Let len be the length of values.
       const len = values.length
@@ -961,7 +991,7 @@ function createIterator (name, kInternalIterator, keyIndex = 0, valueIndex = 1)
  * @see https://webidl.spec.whatwg.org/#dfn-iterator-prototype-object
  * @param {string} name name of the instance
  * @param {any} object class
- * @param {symbol} kInternalIterator
+ * @param {(target: any) => any} kInternalIterator
  * @param {string | number} [keyIndex]
  * @param {string | number} [valueIndex]
  */
@@ -1029,7 +1059,7 @@ function iteratorMixin (name, object, kInternalIterator, keyIndex = 0, valueInde
 /**
  * @see https://fetch.spec.whatwg.org/#body-fully-read
  */
-async function fullyReadBody (body, processBody, processBodyError) {
+function fullyReadBody (body, processBody, processBodyError) {
   // 1. If taskDestination is null, then set taskDestination to
   //    the result of starting a new parallel queue.
 
@@ -1054,18 +1084,7 @@ async function fullyReadBody (body, processBody, processBodyError) {
   }
 
   // 5. Read all bytes from reader, given successSteps and errorSteps.
-  try {
-    successSteps(await readAllBytes(reader))
-  } catch (e) {
-    errorSteps(e)
-  }
-}
-
-function isReadableStreamLike (stream) {
-  return stream instanceof ReadableStream || (
-    stream[Symbol.toStringTag] === 'ReadableStream' &&
-    typeof stream.tee === 'function'
-  )
+  readAllBytes(reader, successSteps, errorSteps)
 }
 
 /**
@@ -1103,30 +1122,39 @@ function isomorphicEncode (input) {
  * @see https://streams.spec.whatwg.org/#readablestreamdefaultreader-read-all-bytes
  * @see https://streams.spec.whatwg.org/#read-loop
  * @param {ReadableStreamDefaultReader} reader
+ * @param {(bytes: Uint8Array) => void} successSteps
+ * @param {(error: Error) => void} failureSteps
  */
-async function readAllBytes (reader) {
+async function readAllBytes (reader, successSteps, failureSteps) {
   const bytes = []
   let byteLength = 0
 
-  while (true) {
-    const { done, value: chunk } = await reader.read()
+  try {
+    do {
+      const { done, value: chunk } = await reader.read()
 
-    if (done) {
-      // 1. Call successSteps with bytes.
-      return Buffer.concat(bytes, byteLength)
-    }
+      if (done) {
+        // 1. Call successSteps with bytes.
+        successSteps(Buffer.concat(bytes, byteLength))
+        return
+      }
 
-    // 1. If chunk is not a Uint8Array object, call failureSteps
-    //    with a TypeError and abort these steps.
-    if (!isUint8Array(chunk)) {
-      throw new TypeError('Received non-Uint8Array chunk')
-    }
+      // 1. If chunk is not a Uint8Array object, call failureSteps
+      //    with a TypeError and abort these steps.
+      if (!isUint8Array(chunk)) {
+        failureSteps(TypeError('Received non-Uint8Array chunk'))
+        return
+      }
 
-    // 2. Append the bytes represented by chunk to bytes.
-    bytes.push(chunk)
-    byteLength += chunk.length
+      // 2. Append the bytes represented by chunk to bytes.
+      bytes.push(chunk)
+      byteLength += chunk.length
 
     // 3. Read-loop given reader, bytes, successSteps, and failureSteps.
+    } while (true)
+  } catch (e) {
+    // 1. Call failureSteps with e.
+    failureSteps(e)
   }
 }
 
@@ -1601,7 +1629,6 @@ module.exports = {
   requestCurrentURL,
   responseURL,
   responseLocationURL,
-  isBlobLike,
   isURLPotentiallyTrustworthy,
   isValidReasonPhrase,
   sameOrigin,
@@ -1614,7 +1641,6 @@ module.exports = {
   isErrorLike,
   fullyReadBody,
   bytesMatch,
-  isReadableStreamLike,
   readableStreamClose,
   isomorphicEncode,
   urlIsLocal,