undici 6.21.3 → 6.23.0

package/README.md

@@ -329,7 +329,13 @@ const headers = await fetch(url, { method: 'HEAD' })
 
 The [Fetch Standard](https://fetch.spec.whatwg.org) requires implementations to exclude certain headers from requests and responses. In browser environments, some headers are forbidden so the user agent remains in full control over them. In Undici, these constraints are removed to give more control to the user.
 
-### `undici.upgrade([url, options]): Promise`
+#### Content-Encoding
+
+* https://www.rfc-editor.org/rfc/rfc9110#field.content-encoding
+
+Undici limits the number of `Content-Encoding` layers in a response to **5** to prevent resource exhaustion attacks. If a server responds with more than 5 content-encodings (e.g., `Content-Encoding: gzip, gzip, gzip, gzip, gzip, gzip`), the fetch will be rejected with an error. This limit matches the approach taken by [curl](https://curl.se/docs/CVE-2022-32206.html) and [urllib3](https://github.com/advisories/GHSA-gm62-xv2j-4rw9).
+
+#### `undici.upgrade([url, options]): Promise`
 
 Upgrade to a different protocol. See [MDN - HTTP - Protocol upgrade mechanism](https://developer.mozilla.org/en-US/docs/Web/HTTP/Protocol_upgrade_mechanism) for more details.
 

package/docs/docs/api/ProxyAgent.md

@@ -22,8 +22,9 @@ For detailed information on the parsing process and potential validation errors,
 * **token** `string` (optional) - It can be passed by a string of token for authentication.
 * **auth** `string` (**deprecated**) - Use token.
 * **clientFactory** `(origin: URL, opts: Object) => Dispatcher` (optional) - Default: `(origin, opts) => new Pool(origin, opts)`
-* **requestTls** `BuildOptions` (optional) - Options object passed when creating the underlying socket via the connector builder for the request. See [TLS](https://nodejs.org/api/tls.html#tlsconnectoptions-callback).
-* **proxyTls** `BuildOptions` (optional) - Options object passed when creating the underlying socket via the connector builder for the proxy server. See [TLS](https://nodejs.org/api/tls.html#tlsconnectoptions-callback).
+* **requestTls** `BuildOptions` (optional) - Options object passed when creating the underlying socket via the connector builder for the request. It extends from [`Client#ConnectOptions`](/docs/docs/api/Client.md#parameter-connectoptions).
+* **proxyTls** `BuildOptions` (optional) - Options object passed when creating the underlying socket via the connector builder for the proxy server. It extends from [`Client#ConnectOptions`](/docs/docs/api/Client.md#parameter-connectoptions).
+* **proxyTunnel** `boolean` (optional) - For connections involving secure protocols, Undici will always establish a tunnel via the HTTP2  CONNECT extension. If proxyTunnel is set to true, this will occur for unsecured proxy/endpoint connections as well. Currently, there is no way to facilitate HTTP1 IP tunneling as described in https://www.rfc-editor.org/rfc/rfc9484.html#name-http-11-request. If proxyTunnel is set to false (the default), ProxyAgent connections where both the Proxy and Endpoint are unsecured will issue all requests to the Proxy, and prefix the endpoint request path with the endpoint origin address.
 
 Examples:
 

package/index-fetch.js

@@ -26,6 +26,9 @@ module.exports.createFastMessageEvent = createFastMessageEvent
 
 module.exports.EventSource = require('./lib/web/eventsource/eventsource').EventSource
 
+const api = require('./lib/api')
+const Dispatcher = require('./lib/dispatcher/dispatcher')
+Object.assign(Dispatcher.prototype, api)
 // Expose the fetch implementation to be enabled in Node.js core via a flag
 module.exports.EnvHttpProxyAgent = EnvHttpProxyAgent
 module.exports.getGlobalDispatcher = getGlobalDispatcher

package/lib/core/errors.js

@@ -1,13 +1,21 @@
 'use strict'
 
+const kUndiciError = Symbol.for('undici.error.UND_ERR')
 class UndiciError extends Error {
   constructor (message) {
     super(message)
     this.name = 'UndiciError'
     this.code = 'UND_ERR'
   }
+
+  static [Symbol.hasInstance] (instance) {
+    return instance && instance[kUndiciError] === true
+  }
+
+  [kUndiciError] = true
 }
 
+const kConnectTimeoutError = Symbol.for('undici.error.UND_ERR_CONNECT_TIMEOUT')
 class ConnectTimeoutError extends UndiciError {
   constructor (message) {
     super(message)
@@ -15,8 +23,15 @@ class ConnectTimeoutError extends UndiciError {
     this.message = message || 'Connect Timeout Error'
     this.code = 'UND_ERR_CONNECT_TIMEOUT'
   }
+
+  static [Symbol.hasInstance] (instance) {
+    return instance && instance[kConnectTimeoutError] === true
+  }
+
+  [kConnectTimeoutError] = true
 }
 
+const kHeadersTimeoutError = Symbol.for('undici.error.UND_ERR_HEADERS_TIMEOUT')
 class HeadersTimeoutError extends UndiciError {
   constructor (message) {
     super(message)
@@ -24,8 +39,15 @@ class HeadersTimeoutError extends UndiciError {
     this.message = message || 'Headers Timeout Error'
     this.code = 'UND_ERR_HEADERS_TIMEOUT'
   }
+
+  static [Symbol.hasInstance] (instance) {
+    return instance && instance[kHeadersTimeoutError] === true
+  }
+
+  [kHeadersTimeoutError] = true
 }
 
+const kHeadersOverflowError = Symbol.for('undici.error.UND_ERR_HEADERS_OVERFLOW')
 class HeadersOverflowError extends UndiciError {
   constructor (message) {
     super(message)
@@ -33,8 +55,15 @@ class HeadersOverflowError extends UndiciError {
     this.message = message || 'Headers Overflow Error'
     this.code = 'UND_ERR_HEADERS_OVERFLOW'
   }
+
+  static [Symbol.hasInstance] (instance) {
+    return instance && instance[kHeadersOverflowError] === true
+  }
+
+  [kHeadersOverflowError] = true
 }
 
+const kBodyTimeoutError = Symbol.for('undici.error.UND_ERR_BODY_TIMEOUT')
 class BodyTimeoutError extends UndiciError {
   constructor (message) {
     super(message)
@@ -42,8 +71,15 @@ class BodyTimeoutError extends UndiciError {
     this.message = message || 'Body Timeout Error'
     this.code = 'UND_ERR_BODY_TIMEOUT'
   }
+
+  static [Symbol.hasInstance] (instance) {
+    return instance && instance[kBodyTimeoutError] === true
+  }
+
+  [kBodyTimeoutError] = true
 }
 
+const kResponseStatusCodeError = Symbol.for('undici.error.UND_ERR_RESPONSE_STATUS_CODE')
 class ResponseStatusCodeError extends UndiciError {
   constructor (message, statusCode, headers, body) {
     super(message)
@@ -55,8 +91,15 @@ class ResponseStatusCodeError extends UndiciError {
     this.statusCode = statusCode
     this.headers = headers
   }
+
+  static [Symbol.hasInstance] (instance) {
+    return instance && instance[kResponseStatusCodeError] === true
+  }
+
+  [kResponseStatusCodeError] = true
 }
 
+const kInvalidArgumentError = Symbol.for('undici.error.UND_ERR_INVALID_ARG')
 class InvalidArgumentError extends UndiciError {
   constructor (message) {
     super(message)
@@ -64,8 +107,15 @@ class InvalidArgumentError extends UndiciError {
     this.message = message || 'Invalid Argument Error'
     this.code = 'UND_ERR_INVALID_ARG'
   }
+
+  static [Symbol.hasInstance] (instance) {
+    return instance && instance[kInvalidArgumentError] === true
+  }
+
+  [kInvalidArgumentError] = true
 }
 
+const kInvalidReturnValueError = Symbol.for('undici.error.UND_ERR_INVALID_RETURN_VALUE')
 class InvalidReturnValueError extends UndiciError {
   constructor (message) {
     super(message)
@@ -73,16 +123,31 @@ class InvalidReturnValueError extends UndiciError {
     this.message = message || 'Invalid Return Value Error'
     this.code = 'UND_ERR_INVALID_RETURN_VALUE'
   }
+
+  static [Symbol.hasInstance] (instance) {
+    return instance && instance[kInvalidReturnValueError] === true
+  }
+
+  [kInvalidReturnValueError] = true
 }
 
+const kAbortError = Symbol.for('undici.error.UND_ERR_ABORT')
 class AbortError extends UndiciError {
   constructor (message) {
     super(message)
     this.name = 'AbortError'
     this.message = message || 'The operation was aborted'
+    this.code = 'UND_ERR_ABORT'
+  }
+
+  static [Symbol.hasInstance] (instance) {
+    return instance && instance[kAbortError] === true
   }
+
+  [kAbortError] = true
 }
 
+const kRequestAbortedError = Symbol.for('undici.error.UND_ERR_ABORTED')
 class RequestAbortedError extends AbortError {
   constructor (message) {
     super(message)
@@ -90,8 +155,15 @@ class RequestAbortedError extends AbortError {
     this.message = message || 'Request aborted'
     this.code = 'UND_ERR_ABORTED'
   }
+
+  static [Symbol.hasInstance] (instance) {
+    return instance && instance[kRequestAbortedError] === true
+  }
+
+  [kRequestAbortedError] = true
 }
 
+const kInformationalError = Symbol.for('undici.error.UND_ERR_INFO')
 class InformationalError extends UndiciError {
   constructor (message) {
     super(message)
@@ -99,8 +171,15 @@ class InformationalError extends UndiciError {
     this.message = message || 'Request information'
     this.code = 'UND_ERR_INFO'
   }
+
+  static [Symbol.hasInstance] (instance) {
+    return instance && instance[kInformationalError] === true
+  }
+
+  [kInformationalError] = true
 }
 
+const kRequestContentLengthMismatchError = Symbol.for('undici.error.UND_ERR_REQ_CONTENT_LENGTH_MISMATCH')
 class RequestContentLengthMismatchError extends UndiciError {
   constructor (message) {
     super(message)
@@ -108,8 +187,15 @@ class RequestContentLengthMismatchError extends UndiciError {
     this.message = message || 'Request body length does not match content-length header'
     this.code = 'UND_ERR_REQ_CONTENT_LENGTH_MISMATCH'
   }
+
+  static [Symbol.hasInstance] (instance) {
+    return instance && instance[kRequestContentLengthMismatchError] === true
+  }
+
+  [kRequestContentLengthMismatchError] = true
 }
 
+const kResponseContentLengthMismatchError = Symbol.for('undici.error.UND_ERR_RES_CONTENT_LENGTH_MISMATCH')
 class ResponseContentLengthMismatchError extends UndiciError {
   constructor (message) {
     super(message)
@@ -117,8 +203,15 @@ class ResponseContentLengthMismatchError extends UndiciError {
     this.message = message || 'Response body length does not match content-length header'
     this.code = 'UND_ERR_RES_CONTENT_LENGTH_MISMATCH'
   }
+
+  static [Symbol.hasInstance] (instance) {
+    return instance && instance[kResponseContentLengthMismatchError] === true
+  }
+
+  [kResponseContentLengthMismatchError] = true
 }
 
+const kClientDestroyedError = Symbol.for('undici.error.UND_ERR_DESTROYED')
 class ClientDestroyedError extends UndiciError {
   constructor (message) {
     super(message)
@@ -126,8 +219,15 @@ class ClientDestroyedError extends UndiciError {
     this.message = message || 'The client is destroyed'
     this.code = 'UND_ERR_DESTROYED'
   }
+
+  static [Symbol.hasInstance] (instance) {
+    return instance && instance[kClientDestroyedError] === true
+  }
+
+  [kClientDestroyedError] = true
 }
 
+const kClientClosedError = Symbol.for('undici.error.UND_ERR_CLOSED')
 class ClientClosedError extends UndiciError {
   constructor (message) {
     super(message)
@@ -135,8 +235,15 @@ class ClientClosedError extends UndiciError {
     this.message = message || 'The client is closed'
     this.code = 'UND_ERR_CLOSED'
   }
+
+  static [Symbol.hasInstance] (instance) {
+    return instance && instance[kClientClosedError] === true
+  }
+
+  [kClientClosedError] = true
 }
 
+const kSocketError = Symbol.for('undici.error.UND_ERR_SOCKET')
 class SocketError extends UndiciError {
   constructor (message, socket) {
     super(message)
@@ -145,8 +252,15 @@ class SocketError extends UndiciError {
     this.code = 'UND_ERR_SOCKET'
     this.socket = socket
   }
+
+  static [Symbol.hasInstance] (instance) {
+    return instance && instance[kSocketError] === true
+  }
+
+  [kSocketError] = true
 }
 
+const kNotSupportedError = Symbol.for('undici.error.UND_ERR_NOT_SUPPORTED')
 class NotSupportedError extends UndiciError {
   constructor (message) {
     super(message)
@@ -154,8 +268,15 @@ class NotSupportedError extends UndiciError {
     this.message = message || 'Not supported error'
     this.code = 'UND_ERR_NOT_SUPPORTED'
   }
+
+  static [Symbol.hasInstance] (instance) {
+    return instance && instance[kNotSupportedError] === true
+  }
+
+  [kNotSupportedError] = true
 }
 
+const kBalancedPoolMissingUpstreamError = Symbol.for('undici.error.UND_ERR_BPL_MISSING_UPSTREAM')
 class BalancedPoolMissingUpstreamError extends UndiciError {
   constructor (message) {
     super(message)
@@ -163,8 +284,15 @@ class BalancedPoolMissingUpstreamError extends UndiciError {
     this.message = message || 'No upstream has been added to the BalancedPool'
     this.code = 'UND_ERR_BPL_MISSING_UPSTREAM'
   }
+
+  static [Symbol.hasInstance] (instance) {
+    return instance && instance[kBalancedPoolMissingUpstreamError] === true
+  }
+
+  [kBalancedPoolMissingUpstreamError] = true
 }
 
+const kHTTPParserError = Symbol.for('undici.error.UND_ERR_HTTP_PARSER')
 class HTTPParserError extends Error {
   constructor (message, code, data) {
     super(message)
@@ -172,8 +300,15 @@ class HTTPParserError extends Error {
     this.code = code ? `HPE_${code}` : undefined
     this.data = data ? data.toString() : undefined
   }
+
+  static [Symbol.hasInstance] (instance) {
+    return instance && instance[kHTTPParserError] === true
+  }
+
+  [kHTTPParserError] = true
 }
 
+const kResponseExceededMaxSizeError = Symbol.for('undici.error.UND_ERR_RES_EXCEEDED_MAX_SIZE')
 class ResponseExceededMaxSizeError extends UndiciError {
   constructor (message) {
     super(message)
@@ -181,8 +316,15 @@ class ResponseExceededMaxSizeError extends UndiciError {
     this.message = message || 'Response content exceeded max size'
     this.code = 'UND_ERR_RES_EXCEEDED_MAX_SIZE'
   }
+
+  static [Symbol.hasInstance] (instance) {
+    return instance && instance[kResponseExceededMaxSizeError] === true
+  }
+
+  [kResponseExceededMaxSizeError] = true
 }
 
+const kRequestRetryError = Symbol.for('undici.error.UND_ERR_REQ_RETRY')
 class RequestRetryError extends UndiciError {
   constructor (message, code, { headers, data }) {
     super(message)
@@ -193,8 +335,15 @@ class RequestRetryError extends UndiciError {
     this.data = data
     this.headers = headers
   }
+
+  static [Symbol.hasInstance] (instance) {
+    return instance && instance[kRequestRetryError] === true
+  }
+
+  [kRequestRetryError] = true
 }
 
+const kResponseError = Symbol.for('undici.error.UND_ERR_RESPONSE')
 class ResponseError extends UndiciError {
   constructor (message, code, { headers, data }) {
     super(message)
@@ -205,8 +354,15 @@ class ResponseError extends UndiciError {
     this.data = data
     this.headers = headers
   }
+
+  static [Symbol.hasInstance] (instance) {
+    return instance && instance[kResponseError] === true
+  }
+
+  [kResponseError] = true
 }
 
+const kSecureProxyConnectionError = Symbol.for('undici.error.UND_ERR_PRX_TLS')
 class SecureProxyConnectionError extends UndiciError {
   constructor (cause, message, options) {
     super(message, { cause, ...(options ?? {}) })
@@ -215,6 +371,12 @@ class SecureProxyConnectionError extends UndiciError {
     this.code = 'UND_ERR_PRX_TLS'
     this.cause = cause
   }
+
+  static [Symbol.hasInstance] (instance) {
+    return instance && instance[kSecureProxyConnectionError] === true
+  }
+
+  [kSecureProxyConnectionError] = true
 }
 
 module.exports = {

package/lib/dispatcher/proxy-agent.js

@@ -1,12 +1,13 @@
 'use strict'
 
-const { kProxy, kClose, kDestroy, kInterceptors } = require('../core/symbols')
+const { kProxy, kClose, kDestroy, kDispatch, kInterceptors } = require('../core/symbols')
 const { URL } = require('node:url')
 const Agent = require('./agent')
 const Pool = require('./pool')
 const DispatcherBase = require('./dispatcher-base')
 const { InvalidArgumentError, RequestAbortedError, SecureProxyConnectionError } = require('../core/errors')
 const buildConnector = require('../core/connect')
+const Client = require('./client')
 
 const kAgent = Symbol('proxy agent')
 const kClient = Symbol('proxy client')
@@ -14,6 +15,7 @@ const kProxyHeaders = Symbol('proxy headers')
 const kRequestTls = Symbol('request tls settings')
 const kProxyTls = Symbol('proxy tls settings')
 const kConnectEndpoint = Symbol('connect endpoint function')
+const kTunnelProxy = Symbol('tunnel proxy')
 
 function defaultProtocolPort (protocol) {
   return protocol === 'https:' ? 443 : 80
@@ -25,6 +27,69 @@ function defaultFactory (origin, opts) {
 
 const noop = () => {}
 
+function defaultAgentFactory (origin, opts) {
+  if (opts.connections === 1) {
+    return new Client(origin, opts)
+  }
+  return new Pool(origin, opts)
+}
+
+class Http1ProxyWrapper extends DispatcherBase {
+  #client
+
+  constructor (proxyUrl, { headers = {}, connect, factory }) {
+    super()
+    if (!proxyUrl) {
+      throw new InvalidArgumentError('Proxy URL is mandatory')
+    }
+
+    this[kProxyHeaders] = headers
+    if (factory) {
+      this.#client = factory(proxyUrl, { connect })
+    } else {
+      this.#client = new Client(proxyUrl, { connect })
+    }
+  }
+
+  [kDispatch] (opts, handler) {
+    const onHeaders = handler.onHeaders
+    handler.onHeaders = function (statusCode, data, resume) {
+      if (statusCode === 407) {
+        if (typeof handler.onError === 'function') {
+          handler.onError(new InvalidArgumentError('Proxy Authentication Required (407)'))
+        }
+        return
+      }
+      if (onHeaders) onHeaders.call(this, statusCode, data, resume)
+    }
+
+    // Rewrite request as an HTTP1 Proxy request, without tunneling.
+    const {
+      origin,
+      path = '/',
+      headers = {}
+    } = opts
+
+    opts.path = origin + path
+
+    if (!('host' in headers) && !('Host' in headers)) {
+      const { host } = new URL(origin)
+      headers.host = host
+    }
+    opts.headers = { ...this[kProxyHeaders], ...headers }
+
+    return this.#client[kDispatch](opts, handler)
+  }
+
+  async [kClose] () {
+    return this.#client.close()
+  }
+
+  async [kDestroy] (err) {
+    return this.#client.destroy(err)
+  }
+}
+
 class ProxyAgent extends DispatcherBase {
   constructor (opts) {
     super()
@@ -38,6 +103,8 @@ class ProxyAgent extends DispatcherBase {
       throw new InvalidArgumentError('Proxy opts.clientFactory must be a function.')
     }
 
+    const { proxyTunnel = true } = opts
+
     const url = this.#getUrl(opts)
     const { href, origin, port, protocol, username, password, hostname: proxyHostname } = url
 
@@ -48,6 +115,7 @@ class ProxyAgent extends DispatcherBase {
     this[kRequestTls] = opts.requestTls
     this[kProxyTls] = opts.proxyTls
     this[kProxyHeaders] = opts.headers || {}
+    this[kTunnelProxy] = proxyTunnel
 
     if (opts.auth && opts.token) {
       throw new InvalidArgumentError('opts.auth cannot be used in combination with opts.token')
@@ -62,9 +130,23 @@ class ProxyAgent extends DispatcherBase {
 
     const connect = buildConnector({ ...opts.proxyTls })
     this[kConnectEndpoint] = buildConnector({ ...opts.requestTls })
+
+    const agentFactory = opts.factory || defaultAgentFactory
+    const factory = (origin, options) => {
+      const { protocol } = new URL(origin)
+      if (!this[kTunnelProxy] && protocol === 'http:' && this[kProxy].protocol === 'http:') {
+        return new Http1ProxyWrapper(this[kProxy].uri, {
+          headers: this[kProxyHeaders],
+          connect,
+          factory: agentFactory
+        })
+      }
+      return agentFactory(origin, options)
+    }
     this[kClient] = clientFactory(url, { connect })
     this[kAgent] = new Agent({
       ...opts,
+      factory,
       connect: async (opts, callback) => {
         let requestedPath = opts.host
         if (!opts.port) {

package/lib/mock/mock-errors.js

@@ -2,6 +2,11 @@
 
 const { UndiciError } = require('../core/errors')
 
+const kMockNotMatchedError = Symbol.for('undici.error.UND_MOCK_ERR_MOCK_NOT_MATCHED')
+
+/**
+ * The request does not match any registered mock dispatches.
+ */
 class MockNotMatchedError extends UndiciError {
   constructor (message) {
     super(message)
@@ -10,6 +15,12 @@ class MockNotMatchedError extends UndiciError {
     this.message = message || 'The request does not match any registered mock dispatches'
     this.code = 'UND_MOCK_ERR_MOCK_NOT_MATCHED'
   }
+
+  static [Symbol.hasInstance] (instance) {
+    return instance && instance[kMockNotMatchedError] === true
+  }
+
+  [kMockNotMatchedError] = true
 }
 
 module.exports = {

package/lib/web/fetch/body.js

@@ -296,10 +296,6 @@ function cloneBody (instance, body) {
   // 1. Let « out1, out2 » be the result of teeing body’s stream.
   const [out1, out2] = body.stream.tee()
 
-  if (hasFinalizationRegistry) {
-    streamRegistry.register(instance, new WeakRef(out1))
-  }
-
   // 2. Set body’s stream to out1.
   body.stream = out1
 

package/lib/web/fetch/index.js

@@ -2111,8 +2111,6 @@ async function httpNetworkFetch (
             return
           }
 
-          /** @type {string[]} */
-          let codings = []
           let location = ''
 
           const headersList = new HeadersList()
@@ -2120,12 +2118,6 @@ async function httpNetworkFetch (
           for (let i = 0; i < rawHeaders.length; i += 2) {
             headersList.append(bufferToLowerCasedHeaderName(rawHeaders[i]), rawHeaders[i + 1].toString('latin1'), true)
           }
-          const contentEncoding = headersList.get('content-encoding', true)
-          if (contentEncoding) {
-            // https://www.rfc-editor.org/rfc/rfc7231#section-3.1.2.1
-            // "All content-coding values are case-insensitive..."
-            codings = contentEncoding.toLowerCase().split(',').map((x) => x.trim())
-          }
           location = headersList.get('location', true)
 
           this.body = new Readable({ read: resume })
@@ -2136,9 +2128,23 @@ async function httpNetworkFetch (
             redirectStatusSet.has(status)
 
           // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Encoding
-          if (codings.length !== 0 && request.method !== 'HEAD' && request.method !== 'CONNECT' && !nullBodyStatus.includes(status) && !willFollow) {
+          if (request.method !== 'HEAD' && request.method !== 'CONNECT' && !nullBodyStatus.includes(status) && !willFollow) {
+            // https://www.rfc-editor.org/rfc/rfc7231#section-3.1.2.1
+            const contentEncoding = headersList.get('content-encoding', true)
+            // "All content-coding values are case-insensitive..."
+            /** @type {string[]} */
+            const codings = contentEncoding ? contentEncoding.toLowerCase().split(',') : []
+
+            // Limit the number of content-encodings to prevent resource exhaustion.
+            // CVE fix similar to urllib3 (GHSA-gm62-xv2j-4w53) and curl (CVE-2022-32206).
+            const maxContentEncodings = 5
+            if (codings.length > maxContentEncodings) {
+              reject(new Error(`too many content-encodings in response: ${codings.length}, maximum allowed is ${maxContentEncodings}`))
+              return true
+            }
+
             for (let i = codings.length - 1; i >= 0; --i) {
-              const coding = codings[i]
+              const coding = codings[i].trim()
               // https://www.rfc-editor.org/rfc/rfc9112.html#section-7.2
               if (coding === 'x-gzip' || coding === 'gzip') {
                 decoders.push(zlib.createGunzip({

package/lib/web/fetch/response.js

@@ -240,6 +240,11 @@ class Response {
     // 2. Let clonedResponse be the result of cloning this’s response.
     const clonedResponse = cloneResponse(this[kState])
 
+    // Note: To re-register because of a new stream.
+    if (hasFinalizationRegistry && this[kState].body?.stream) {
+      streamRegistry.register(this, new WeakRef(this[kState].body.stream))
+    }
+
     // 3. Return the result of creating a Response object, given
     // clonedResponse, this’s headers’s guard, and this’s relevant Realm.
     return fromInnerResponse(clonedResponse, getHeadersGuard(this[kHeaders]))

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "undici",
-  "version": "6.21.3",
+  "version": "6.23.0",
   "description": "An HTTP/1.1 client, written from scratch for Node.js",
   "homepage": "https://undici.nodejs.org",
   "bugs": {

package/types/proxy-agent.d.ts

@@ -24,5 +24,6 @@ declare namespace ProxyAgent {
     requestTls?: buildConnector.BuildOptions;
     proxyTls?: buildConnector.BuildOptions;
     clientFactory?(origin: URL, opts: object): Dispatcher;
+    proxyTunnel?: boolean;
   }
 }