undici 7.0.0-alpha.1 → 7.0.0-alpha.10

package/lib/web/cookies/parse.js

@@ -4,6 +4,7 @@ const { maxNameValuePairSize, maxAttributeValueSize } = require('./constants')
 const { isCTLExcludingHtab } = require('./util')
 const { collectASequenceOfCodePointsFast } = require('../fetch/data-url')
 const assert = require('node:assert')
+const { unescape } = require('node:querystring')
 
 /**
  * @description Parses the field-value attributes of a set-cookie header string.
@@ -76,8 +77,12 @@ function parseSetCookie (header) {
 
   // 6. The cookie-name is the name string, and the cookie-value is the
   //    value string.
+  // https://datatracker.ietf.org/doc/html/rfc6265
+  // To maximize compatibility with user agents, servers that wish to
+  // store arbitrary data in a cookie-value SHOULD encode that data, for
+  // example, using Base64 [RFC4648].
   return {
-    name, value, ...parseUnparsedAttributes(unparsedAttributes)
+    name, value: unescape(value), ...parseUnparsedAttributes(unparsedAttributes)
   }
 }
 

package/lib/web/eventsource/eventsource.js

@@ -109,6 +109,8 @@ class EventSource extends EventTarget {
     // 1. Let ev be a new EventSource object.
     super()
 
+    webidl.util.markAsUncloneable(this)
+
     const prefix = 'EventSource constructor'
     webidl.argumentLengthCheck(arguments, 1, prefix)
 

package/lib/web/fetch/body.js

@@ -9,8 +9,7 @@ const {
   extractMimeType,
   utf8DecodeBytes
 } = require('./util')
-const { FormData } = require('./formdata')
-const { kState } = require('./symbols')
+const { FormData, setFormDataState } = require('./formdata')
 const { webidl } = require('./webidl')
 const { Blob } = require('node:buffer')
 const assert = require('node:assert')
@@ -40,9 +39,9 @@ function extractBody (object, keepalive = false) {
   let stream = null
 
   // 2. If object is a ReadableStream object, then set stream to object.
-  if (object instanceof ReadableStream) {
+  if (webidl.is.ReadableStream(object)) {
     stream = object
-  } else if (object instanceof Blob) {
+  } else if (webidl.is.Blob(object)) {
     // 3. Otherwise, if object is a Blob object, set stream to the
     //    result of running object’s get stream.
     stream = object.stream()
@@ -65,7 +64,7 @@ function extractBody (object, keepalive = false) {
   }
 
   // 5. Assert: stream is a ReadableStream object.
-  assert(stream instanceof ReadableStream)
+  assert(webidl.is.ReadableStream(stream))
 
   // 6. Let action be null.
   let action = null
@@ -87,7 +86,7 @@ function extractBody (object, keepalive = false) {
 
     // Set type to `text/plain;charset=UTF-8`.
     type = 'text/plain;charset=UTF-8'
-  } else if (object instanceof URLSearchParams) {
+  } else if (webidl.is.URLSearchParams(object)) {
     // URLSearchParams
 
     // spec says to run application/x-www-form-urlencoded on body.list
@@ -110,7 +109,7 @@ function extractBody (object, keepalive = false) {
 
     // Set source to a copy of the bytes held by object.
     source = new Uint8Array(object.buffer.slice(object.byteOffset, object.byteOffset + object.byteLength))
-  } else if (object instanceof FormData) {
+  } else if (webidl.is.FormData(object)) {
     const boundary = `----formdata-undici-0${`${Math.floor(Math.random() * 1e11)}`.padStart(11, '0')}`
     const prefix = `--${boundary}\r\nContent-Disposition: form-data`
 
@@ -152,7 +151,10 @@ function extractBody (object, keepalive = false) {
       }
     }
 
-    const chunk = textEncoder.encode(`--${boundary}--`)
+    // CRLF is appended to the body to function with legacy servers and match other implementations.
+    // https://github.com/curl/curl/blob/3434c6b46e682452973972e8313613dfa58cd690/lib/mime.c#L1029-L1030
+    // https://github.com/form-data/form-data/issues/63
+    const chunk = textEncoder.encode(`--${boundary}--\r\n`)
     blobParts.push(chunk)
     length += chunk.byteLength
     if (hasUnknownSizeValue) {
@@ -176,7 +178,7 @@ function extractBody (object, keepalive = false) {
     // followed by the multipart/form-data boundary string generated
     // by the multipart/form-data encoding algorithm.
     type = `multipart/form-data; boundary=${boundary}`
-  } else if (object instanceof Blob) {
+  } else if (webidl.is.Blob(object)) {
     // Blob
 
     // Set source to object.
@@ -204,7 +206,7 @@ function extractBody (object, keepalive = false) {
     }
 
     stream =
-      object instanceof ReadableStream ? object : ReadableStreamFrom(object)
+      webidl.is.ReadableStream(object) ? object : ReadableStreamFrom(object)
   }
 
   // 11. If source is a byte sequence, then set action to a
@@ -263,7 +265,7 @@ function safelyExtractBody (object, keepalive = false) {
   // a byte sequence or BodyInit object object, run these steps:
 
   // 1. If object is a ReadableStream object, then:
-  if (object instanceof ReadableStream) {
+  if (webidl.is.ReadableStream(object)) {
     // Assert: object is neither disturbed nor locked.
     // istanbul ignore next
     assert(!util.isDisturbed(object), 'The body has already been consumed.')
@@ -304,7 +306,7 @@ function throwIfAborted (state) {
   }
 }
 
-function bodyMixinMethods (instance) {
+function bodyMixinMethods (instance, getInternalState) {
   const methods = {
     blob () {
       // The blob() method steps are to return the result of
@@ -313,7 +315,7 @@ function bodyMixinMethods (instance) {
       // contents are bytes and whose type attribute is this’s
       // MIME type.
       return consumeBody(this, (bytes) => {
-        let mimeType = bodyMimeType(this)
+        let mimeType = bodyMimeType(getInternalState(this))
 
         if (mimeType === null) {
           mimeType = ''
@@ -324,7 +326,7 @@ function bodyMixinMethods (instance) {
         // Return a Blob whose contents are bytes and type attribute
         // is mimeType.
         return new Blob([bytes], { type: mimeType })
-      }, instance)
+      }, instance, getInternalState)
     },
 
     arrayBuffer () {
@@ -334,19 +336,19 @@ function bodyMixinMethods (instance) {
       // whose contents are bytes.
       return consumeBody(this, (bytes) => {
         return new Uint8Array(bytes).buffer
-      }, instance)
+      }, instance, getInternalState)
     },
 
     text () {
       // The text() method steps are to return the result of running
       // consume body with this and UTF-8 decode.
-      return consumeBody(this, utf8DecodeBytes, instance)
+      return consumeBody(this, utf8DecodeBytes, instance, getInternalState)
     },
 
     json () {
       // The json() method steps are to return the result of running
       // consume body with this and parse JSON from bytes.
-      return consumeBody(this, parseJSONFromBytes, instance)
+      return consumeBody(this, parseJSONFromBytes, instance, getInternalState)
     },
 
     formData () {
@@ -354,7 +356,7 @@ function bodyMixinMethods (instance) {
       // consume body with this and the following step given a byte sequence bytes:
       return consumeBody(this, (value) => {
         // 1. Let mimeType be the result of get the MIME type with this.
-        const mimeType = bodyMimeType(this)
+        const mimeType = bodyMimeType(getInternalState(this))
 
         // 2. If mimeType is non-null, then switch on mimeType’s essence and run
         //    the corresponding steps:
@@ -362,17 +364,13 @@ function bodyMixinMethods (instance) {
           switch (mimeType.essence) {
             case 'multipart/form-data': {
               // 1. ... [long step]
-              const parsed = multipartFormDataParser(value, mimeType)
-
               // 2. If that fails for some reason, then throw a TypeError.
-              if (parsed === 'failure') {
-                throw new TypeError('Failed to parse body as FormData.')
-              }
+              const parsed = multipartFormDataParser(value, mimeType)
 
               // 3. Return a new FormData object, appending each entry,
               //    resulting from the parsing operation, to its entry list.
               const fd = new FormData()
-              fd[kState] = parsed
+              setFormDataState(fd, parsed)
 
               return fd
             }
@@ -398,7 +396,7 @@ function bodyMixinMethods (instance) {
         throw new TypeError(
           'Content-Type was not one of "multipart/form-data" or "application/x-www-form-urlencoded".'
         )
-      }, instance)
+      }, instance, getInternalState)
     },
 
     bytes () {
@@ -407,33 +405,36 @@ function bodyMixinMethods (instance) {
       // result of creating a Uint8Array from bytes in this’s relevant realm.
       return consumeBody(this, (bytes) => {
         return new Uint8Array(bytes)
-      }, instance)
+      }, instance, getInternalState)
     }
   }
 
   return methods
 }
 
-function mixinBody (prototype) {
-  Object.assign(prototype.prototype, bodyMixinMethods(prototype))
+function mixinBody (prototype, getInternalState) {
+  Object.assign(prototype.prototype, bodyMixinMethods(prototype, getInternalState))
 }
 
 /**
  * @see https://fetch.spec.whatwg.org/#concept-body-consume-body
- * @param {Response|Request} object
+ * @param {any} object internal state
  * @param {(value: unknown) => unknown} convertBytesToJSValue
- * @param {Response|Request} instance
+ * @param {any} instance
+ * @param {(target: any) => any} getInternalState
  */
-async function consumeBody (object, convertBytesToJSValue, instance) {
+async function consumeBody (object, convertBytesToJSValue, instance, getInternalState) {
   webidl.brandCheck(object, instance)
 
+  const state = getInternalState(object)
+
   // 1. If object is unusable, then return a promise rejected
   //    with a TypeError.
-  if (bodyUnusable(object)) {
+  if (bodyUnusable(state)) {
     throw new TypeError('Body is unusable: Body has already been read')
   }
 
-  throwIfAborted(object[kState])
+  throwIfAborted(state)
 
   // 2. Let promise be a new promise.
   const promise = createDeferredPromise()
@@ -455,22 +456,25 @@ async function consumeBody (object, convertBytesToJSValue, instance) {
 
   // 5. If object’s body is null, then run successSteps with an
   //    empty byte sequence.
-  if (object[kState].body == null) {
+  if (state.body == null) {
     successSteps(Buffer.allocUnsafe(0))
     return promise.promise
   }
 
   // 6. Otherwise, fully read object’s body given successSteps,
   //    errorSteps, and object’s relevant global object.
-  await fullyReadBody(object[kState].body, successSteps, errorSteps)
+  fullyReadBody(state.body, successSteps, errorSteps)
 
   // 7. Return promise.
   return promise.promise
 }
 
-// https://fetch.spec.whatwg.org/#body-unusable
+/**
+ * @see https://fetch.spec.whatwg.org/#body-unusable
+ * @param {any} object internal state
+ */
 function bodyUnusable (object) {
-  const body = object[kState].body
+  const body = object.body
 
   // An object including the Body interface mixin is
   // said to be unusable if its body is non-null and
@@ -488,14 +492,14 @@ function parseJSONFromBytes (bytes) {
 
 /**
  * @see https://fetch.spec.whatwg.org/#concept-body-mime-type
- * @param {import('./response').Response|import('./request').Request} requestOrResponse
+ * @param {any} requestOrResponse internal state
  */
 function bodyMimeType (requestOrResponse) {
   // 1. Let headers be null.
   // 2. If requestOrResponse is a Request object, then set headers to requestOrResponse’s request’s header list.
   // 3. Otherwise, set headers to requestOrResponse’s response’s header list.
   /** @type {import('./headers').HeadersList} */
-  const headers = requestOrResponse[kState].headersList
+  const headers = requestOrResponse.headersList
 
   // 4. Let mimeType be the result of extracting a MIME type from headers.
   const mimeType = extractMimeType(headers)

package/lib/web/fetch/constants.js

@@ -1,28 +1,30 @@
 'use strict'
 
-const corsSafeListedMethods = ['GET', 'HEAD', 'POST']
+const corsSafeListedMethods = /** @type {const} */ (['GET', 'HEAD', 'POST'])
 const corsSafeListedMethodsSet = new Set(corsSafeListedMethods)
 
-const nullBodyStatus = [101, 204, 205, 304]
+const nullBodyStatus = /** @type {const} */ ([101, 204, 205, 304])
 
-const redirectStatus = [301, 302, 303, 307, 308]
+const redirectStatus = /** @type {const} */ ([301, 302, 303, 307, 308])
 const redirectStatusSet = new Set(redirectStatus)
 
-// https://fetch.spec.whatwg.org/#block-bad-port
-const badPorts = [
+/**
+ * @see https://fetch.spec.whatwg.org/#block-bad-port
+ */
+const badPorts = /** @type {const} */ ([
   '1', '7', '9', '11', '13', '15', '17', '19', '20', '21', '22', '23', '25', '37', '42', '43', '53', '69', '77', '79',
   '87', '95', '101', '102', '103', '104', '109', '110', '111', '113', '115', '117', '119', '123', '135', '137',
   '139', '143', '161', '179', '389', '427', '465', '512', '513', '514', '515', '526', '530', '531', '532',
   '540', '548', '554', '556', '563', '587', '601', '636', '989', '990', '993', '995', '1719', '1720', '1723',
   '2049', '3659', '4045', '4190', '5060', '5061', '6000', '6566', '6665', '6666', '6667', '6668', '6669', '6679',
   '6697', '10080'
-]
-
+])
 const badPortsSet = new Set(badPorts)
 
-// https://w3c.github.io/webappsec-referrer-policy/#referrer-policies
-const referrerPolicy = [
-  '',
+/**
+ * @see https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-header
+ */
+const referrerPolicyTokens = /** @type {const} */ ([
   'no-referrer',
   'no-referrer-when-downgrade',
   'same-origin',
@@ -31,29 +33,39 @@ const referrerPolicy = [
   'origin-when-cross-origin',
   'strict-origin-when-cross-origin',
   'unsafe-url'
-]
-const referrerPolicySet = new Set(referrerPolicy)
+])
+
+/**
+ * @see https://w3c.github.io/webappsec-referrer-policy/#referrer-policies
+ */
+const referrerPolicy = /** @type {const} */ ([
+  '',
+  ...referrerPolicyTokens
+])
+const referrerPolicyTokensSet = new Set(referrerPolicyTokens)
 
-const requestRedirect = ['follow', 'manual', 'error']
+const requestRedirect = /** @type {const} */ (['follow', 'manual', 'error'])
 
-const safeMethods = ['GET', 'HEAD', 'OPTIONS', 'TRACE']
+const safeMethods = /** @type {const} */ (['GET', 'HEAD', 'OPTIONS', 'TRACE'])
 const safeMethodsSet = new Set(safeMethods)
 
-const requestMode = ['navigate', 'same-origin', 'no-cors', 'cors']
+const requestMode = /** @type {const} */ (['navigate', 'same-origin', 'no-cors', 'cors'])
 
-const requestCredentials = ['omit', 'same-origin', 'include']
+const requestCredentials = /** @type {const} */ (['omit', 'same-origin', 'include'])
 
-const requestCache = [
+const requestCache = /** @type {const} */ ([
   'default',
   'no-store',
   'reload',
   'no-cache',
   'force-cache',
   'only-if-cached'
-]
+])
 
-// https://fetch.spec.whatwg.org/#request-body-header-name
-const requestBodyHeader = [
+/**
+ * @see https://fetch.spec.whatwg.org/#request-body-header-name
+ */
+const requestBodyHeader = /** @type {const} */ ([
   'content-encoding',
   'content-language',
   'content-location',
@@ -63,18 +75,22 @@ const requestBodyHeader = [
   // removed in the Headers implementation. However, undici doesn't
   // filter out headers, so we add it here.
   'content-length'
-]
+])
 
-// https://fetch.spec.whatwg.org/#enumdef-requestduplex
-const requestDuplex = [
+/**
+ * @see https://fetch.spec.whatwg.org/#enumdef-requestduplex
+ */
+const requestDuplex = /** @type {const} */ ([
   'half'
-]
+])
 
-// http://fetch.spec.whatwg.org/#forbidden-method
-const forbiddenMethods = ['CONNECT', 'TRACE', 'TRACK']
+/**
+ * @see http://fetch.spec.whatwg.org/#forbidden-method
+ */
+const forbiddenMethods = /** @type {const} */ (['CONNECT', 'TRACE', 'TRACK'])
 const forbiddenMethodsSet = new Set(forbiddenMethods)
 
-const subresource = [
+const subresource = /** @type {const} */ ([
   'audio',
   'audioworklet',
   'font',
@@ -87,7 +103,7 @@ const subresource = [
   'video',
   'xslt',
   ''
-]
+])
 const subresourceSet = new Set(subresource)
 
 module.exports = {
@@ -111,5 +127,5 @@ module.exports = {
   corsSafeListedMethodsSet,
   safeMethodsSet,
   forbiddenMethodsSet,
-  referrerPolicySet
+  referrerPolicyTokens: referrerPolicyTokensSet
 }

package/lib/web/fetch/data-url.js

@@ -471,9 +471,9 @@ function forgivingBase64 (data) {
 /**
  * @param {string} input
  * @param {{ position: number }} position
- * @param {boolean?} extractValue
+ * @param {boolean} [extractValue=false]
  */
-function collectAnHTTPQuotedString (input, position, extractValue) {
+function collectAnHTTPQuotedString (input, position, extractValue = false) {
   // 1. Let positionStart be position.
   const positionStart = position.position