undici 7.0.0-alpha.1 → 7.0.0-alpha.2

package/lib/web/fetch/response.js

@@ -18,9 +18,7 @@ const {
   redirectStatusSet,
   nullBodyStatus
 } = require('./constants')
-const { kState, kHeaders } = require('./symbols')
 const { webidl } = require('./webidl')
-const { FormData } = require('./formdata')
 const { URLSerializer } = require('./data-url')
 const { kConstruct } = require('../../core/symbols')
 const assert = require('node:assert')
@@ -30,6 +28,11 @@ const textEncoder = new TextEncoder('utf-8')
 
 // https://fetch.spec.whatwg.org/#response-class
 class Response {
+  /** @type {Headers} */
+  #headers
+
+  #state
+
   // Creates network error Response.
   static error () {
     // The static error() method steps are to return the result of creating a
@@ -95,13 +98,13 @@ class Response {
     const responseObject = fromInnerResponse(makeResponse({}), 'immutable')
 
     // 5. Set responseObject’s response’s status to status.
-    responseObject[kState].status = status
+    responseObject.#state.status = status
 
     // 6. Let value be parsedURL, serialized and isomorphic encoded.
     const value = isomorphicEncode(URLSerializer(parsedURL))
 
     // 7. Append `Location`/value to responseObject’s response’s header list.
-    responseObject[kState].headersList.append('location', value, true)
+    responseObject.#state.headersList.append('location', value, true)
 
     // 8. Return responseObject.
     return responseObject
@@ -120,14 +123,14 @@ class Response {
     init = webidl.converters.ResponseInit(init)
 
     // 1. Set this’s response to a new response.
-    this[kState] = makeResponse({})
+    this.#state = makeResponse({})
 
     // 2. Set this’s headers to a new Headers object with this’s relevant
     // Realm, whose header list is this’s response’s header list and guard
     // is "response".
-    this[kHeaders] = new Headers(kConstruct)
-    setHeadersGuard(this[kHeaders], 'response')
-    setHeadersList(this[kHeaders], this[kState].headersList)
+    this.#headers = new Headers(kConstruct)
+    setHeadersGuard(this.#headers, 'response')
+    setHeadersList(this.#headers, this.#state.headersList)
 
     // 3. Let bodyWithType be null.
     let bodyWithType = null
@@ -147,14 +150,14 @@ class Response {
     webidl.brandCheck(this, Response)
 
     // The type getter steps are to return this’s response’s type.
-    return this[kState].type
+    return this.#state.type
   }
 
   // Returns response’s URL, if it has one; otherwise the empty string.
   get url () {
     webidl.brandCheck(this, Response)
 
-    const urlList = this[kState].urlList
+    const urlList = this.#state.urlList
 
     // The url getter steps are to return the empty string if this’s
     // response’s URL is null; otherwise this’s response’s URL,
@@ -174,7 +177,7 @@ class Response {
 
     // The redirected getter steps are to return true if this’s response’s URL
     // list has more than one item; otherwise false.
-    return this[kState].urlList.length > 1
+    return this.#state.urlList.length > 1
   }
 
   // Returns response’s status.
@@ -182,7 +185,7 @@ class Response {
     webidl.brandCheck(this, Response)
 
     // The status getter steps are to return this’s response’s status.
-    return this[kState].status
+    return this.#state.status
   }
 
   // Returns whether response’s status is an ok status.
@@ -191,7 +194,7 @@ class Response {
 
     // The ok getter steps are to return true if this’s response’s status is an
     // ok status; otherwise false.
-    return this[kState].status >= 200 && this[kState].status <= 299
+    return this.#state.status >= 200 && this.#state.status <= 299
   }
 
   // Returns response’s status message.
@@ -200,7 +203,7 @@ class Response {
 
     // The statusText getter steps are to return this’s response’s status
     // message.
-    return this[kState].statusText
+    return this.#state.statusText
   }
 
   // Returns response’s headers as Headers.
@@ -208,19 +211,19 @@ class Response {
     webidl.brandCheck(this, Response)
 
     // The headers getter steps are to return this’s headers.
-    return this[kHeaders]
+    return this.#headers
   }
 
   get body () {
     webidl.brandCheck(this, Response)
 
-    return this[kState].body ? this[kState].body.stream : null
+    return this.#state.body ? this.#state.body.stream : null
   }
 
   get bodyUsed () {
     webidl.brandCheck(this, Response)
 
-    return !!this[kState].body && util.isDisturbed(this[kState].body.stream)
+    return !!this.#state.body && util.isDisturbed(this.#state.body.stream)
   }
 
   // Returns a clone of response.
@@ -228,7 +231,7 @@ class Response {
     webidl.brandCheck(this, Response)
 
     // 1. If this is unusable, then throw a TypeError.
-    if (bodyUnusable(this)) {
+    if (bodyUnusable(this.#state)) {
       throw webidl.errors.exception({
         header: 'Response.clone',
         message: 'Body has already been consumed.'
@@ -236,11 +239,11 @@ class Response {
     }
 
     // 2. Let clonedResponse be the result of cloning this’s response.
-    const clonedResponse = cloneResponse(this[kState])
+    const clonedResponse = cloneResponse(this.#state)
 
     // 3. Return the result of creating a Response object, given
     // clonedResponse, this’s headers’s guard, and this’s relevant Realm.
-    return fromInnerResponse(clonedResponse, getHeadersGuard(this[kHeaders]))
+    return fromInnerResponse(clonedResponse, getHeadersGuard(this.#headers))
   }
 
   [nodeUtil.inspect.custom] (depth, options) {
@@ -264,9 +267,45 @@ class Response {
 
     return `Response ${nodeUtil.formatWithOptions(options, properties)}`
   }
+
+  /**
+   * @param {Response} response
+   */
+  static getResponseHeaders (response) {
+    return response.#headers
+  }
+
+  /**
+   * @param {Response} response
+   * @param {Headers} newHeaders
+   */
+  static setResponseHeaders (response, newHeaders) {
+    response.#headers = newHeaders
+  }
+
+  /**
+   * @param {Response} response
+   */
+  static getResponseState (response) {
+    return response.#state
+  }
+
+  /**
+   * @param {Response} response
+   * @param {any} newState
+   */
+  static setResponseState (response, newState) {
+    response.#state = newState
+  }
 }
 
-mixinBody(Response)
+const { getResponseHeaders, setResponseHeaders, getResponseState, setResponseState } = Response
+Reflect.deleteProperty(Response, 'getResponseHeaders')
+Reflect.deleteProperty(Response, 'setResponseHeaders')
+Reflect.deleteProperty(Response, 'getResponseState')
+Reflect.deleteProperty(Response, 'setResponseState')
+
+mixinBody(Response, getResponseState)
 
 Object.defineProperties(Response.prototype, {
   type: kEnumerableProperty,
@@ -463,17 +502,17 @@ function initializeResponse (response, init, body) {
 
   // 3. Set response’s response’s status to init["status"].
   if ('status' in init && init.status != null) {
-    response[kState].status = init.status
+    getResponseState(response).status = init.status
   }
 
   // 4. Set response’s response’s status message to init["statusText"].
   if ('statusText' in init && init.statusText != null) {
-    response[kState].statusText = init.statusText
+    getResponseState(response).statusText = init.statusText
   }
 
   // 5. If init["headers"] exists, then fill response’s headers with init["headers"].
   if ('headers' in init && init.headers != null) {
-    fill(response[kHeaders], init.headers)
+    fill(getResponseHeaders(response), init.headers)
   }
 
   // 6. If body was given, then:
@@ -487,12 +526,12 @@ function initializeResponse (response, init, body) {
     }
 
     // 2. Set response's body to body's body.
-    response[kState].body = body.body
+    getResponseState(response).body = body.body
 
     // 3. If body's type is non-null and response's header list does not contain
     //    `Content-Type`, then append (`Content-Type`, body's type) to response's header list.
-    if (body.type != null && !response[kState].headersList.contains('content-type', true)) {
-      response[kState].headersList.append('content-type', body.type, true)
+    if (body.type != null && !getResponseState(response).headersList.contains('content-type', true)) {
+      getResponseState(response).headersList.append('content-type', body.type, true)
     }
   }
 }
@@ -505,10 +544,11 @@ function initializeResponse (response, init, body) {
  */
 function fromInnerResponse (innerResponse, guard) {
   const response = new Response(kConstruct)
-  response[kState] = innerResponse
-  response[kHeaders] = new Headers(kConstruct)
-  setHeadersList(response[kHeaders], innerResponse.headersList)
-  setHeadersGuard(response[kHeaders], guard)
+  setResponseState(response, innerResponse)
+  const headers = new Headers(kConstruct)
+  setResponseHeaders(response, headers)
+  setHeadersList(headers, innerResponse.headersList)
+  setHeadersGuard(headers, guard)
 
   if (hasFinalizationRegistry && innerResponse.body?.stream) {
     // If the target (response) is reclaimed, the cleanup callback may be called at some point with
@@ -528,7 +568,7 @@ webidl.converters.XMLHttpRequestBodyInit = function (V, prefix, name) {
     return webidl.converters.USVString(V, prefix, name)
   }
 
-  if (V instanceof Blob) {
+  if (webidl.is.Blob(V)) {
     return V
   }
 
@@ -536,11 +576,11 @@ webidl.converters.XMLHttpRequestBodyInit = function (V, prefix, name) {
     return V
   }
 
-  if (V instanceof FormData) {
+  if (webidl.is.FormData(V)) {
     return V
   }
 
-  if (V instanceof URLSearchParams) {
+  if (webidl.is.URLSearchParams(V)) {
     return V
   }
 
@@ -549,7 +589,7 @@ webidl.converters.XMLHttpRequestBodyInit = function (V, prefix, name) {
 
 // https://fetch.spec.whatwg.org/#bodyinit
 webidl.converters.BodyInit = function (V, prefix, argument) {
-  if (V instanceof ReadableStream) {
+  if (webidl.is.ReadableStream(V)) {
     return V
   }
 
@@ -579,6 +619,8 @@ webidl.converters.ResponseInit = webidl.dictionaryConverter([
   }
 ])
 
+webidl.is.Response = webidl.util.MakeTypeAssertion(Response.prototype)
+
 module.exports = {
   isNetworkError,
   makeNetworkError,
@@ -587,5 +629,6 @@ module.exports = {
   filterResponse,
   Response,
   cloneResponse,
-  fromInnerResponse
+  fromInnerResponse,
+  getResponseState
 }

package/lib/web/fetch/util.js

@@ -399,7 +399,7 @@ function determineRequestsReferrer (request) {
 
     // note: we need to clone it as it's mutated
     referrerSource = new URL(globalOrigin)
-  } else if (request.referrer instanceof URL) {
+  } else if (webidl.is.URL(request.referrer)) {
     // Let referrerSource be request’s referrer.
     referrerSource = request.referrer
   }
@@ -418,18 +418,37 @@ function determineRequestsReferrer (request) {
     referrerURL = referrerOrigin
   }
 
-  const areSameOrigin = sameOrigin(request, referrerURL)
-  const isNonPotentiallyTrustWorthy = isURLPotentiallyTrustworthy(referrerURL) &&
-    !isURLPotentiallyTrustworthy(request.url)
+  // 7. The user agent MAY alter referrerURL or referrerOrigin at this point
+  // to enforce arbitrary policy considerations in the interests of minimizing
+  // data leakage. For example, the user agent could strip the URL down to an
+  // origin, modify its host, replace it with an empty string, etc.
 
   // 8. Execute the switch statements corresponding to the value of policy:
   switch (policy) {
-    case 'origin': return referrerOrigin != null ? referrerOrigin : stripURLForReferrer(referrerSource, true)
-    case 'unsafe-url': return referrerURL
-    case 'same-origin':
-      return areSameOrigin ? referrerOrigin : 'no-referrer'
-    case 'origin-when-cross-origin':
-      return areSameOrigin ? referrerURL : referrerOrigin
+    case 'no-referrer':
+      // Return no referrer
+      return 'no-referrer'
+    case 'origin':
+      // Return referrerOrigin
+      if (referrerOrigin != null) {
+        return referrerOrigin
+      }
+      return stripURLForReferrer(referrerSource, true)
+    case 'unsafe-url':
+      // Return referrerURL.
+      return referrerURL
+    case 'strict-origin': {
+      const currentURL = requestCurrentURL(request)
+
+      // 1. If referrerURL is a potentially trustworthy URL and request’s
+      //    current URL is not a potentially trustworthy URL, then return no
+      //    referrer.
+      if (isURLPotentiallyTrustworthy(referrerURL) && !isURLPotentiallyTrustworthy(currentURL)) {
+        return 'no-referrer'
+      }
+      // 2. Return referrerOrigin
+      return referrerOrigin
+    }
     case 'strict-origin-when-cross-origin': {
       const currentURL = requestCurrentURL(request)
 
@@ -449,23 +468,34 @@ function determineRequestsReferrer (request) {
       // 3. Return referrerOrigin.
       return referrerOrigin
     }
-    case 'strict-origin':
-      /**
-         * 1. If referrerURL is a potentially trustworthy URL and
-         * request’s current URL is not a potentially trustworthy URL,
-         * then return no referrer.
-         * 2. Return referrerOrigin
-        */
-    case 'no-referrer-when-downgrade': // eslint-disable-line
-      /**
-       * 1. If referrerURL is a potentially trustworthy URL and
-       * request’s current URL is not a potentially trustworthy URL,
-       * then return no referrer.
-       * 2. Return referrerOrigin
-      */
-
-    default: // eslint-disable-line
-      return isNonPotentiallyTrustWorthy ? 'no-referrer' : referrerOrigin
+    case 'same-origin':
+      // 1. If the origin of referrerURL and the origin of request’s current
+      // URL are the same, then return referrerURL.
+      if (sameOrigin(request, referrerURL)) {
+        return referrerURL
+      }
+      // 2. Return no referrer.
+      return 'no-referrer'
+    case 'origin-when-cross-origin':
+      // 1. If the origin of referrerURL and the origin of request’s current
+      // URL are the same, then return referrerURL.
+      if (sameOrigin(request, referrerURL)) {
+        return referrerURL
+      }
+      // 2. Return referrerOrigin.
+      return referrerOrigin
+    case 'no-referrer-when-downgrade': {
+      const currentURL = requestCurrentURL(request)
+
+      // 1. If referrerURL is a potentially trustworthy URL and request’s
+      //    current URL is not a potentially trustworthy URL, then return no
+      //    referrer.
+      if (isURLPotentiallyTrustworthy(referrerURL) && !isURLPotentiallyTrustworthy(currentURL)) {
+        return 'no-referrer'
+      }
+      // 2. Return referrerOrigin
+      return referrerOrigin
+    }
   }
 }
 
@@ -476,7 +506,7 @@ function determineRequestsReferrer (request) {
  */
 function stripURLForReferrer (url, originOnly) {
   // 1. Assert: url is a URL.
-  assert(url instanceof URL)
+  assert(webidl.is.URL(url))
 
   url = new URL(url)
 
@@ -508,7 +538,7 @@ function stripURLForReferrer (url, originOnly) {
 }
 
 function isURLPotentiallyTrustworthy (url) {
-  if (!(url instanceof URL)) {
+  if (!webidl.is.URL(url)) {
     return false
   }
 
@@ -825,7 +855,7 @@ const esIteratorPrototype = Object.getPrototypeOf(Object.getPrototypeOf([][Symbo
 /**
  * @see https://webidl.spec.whatwg.org/#dfn-iterator-prototype-object
  * @param {string} name name of the instance
- * @param {symbol} kInternalIterator
+ * @param {((target: any) => any)} kInternalIterator
  * @param {string | number} [keyIndex]
  * @param {string | number} [valueIndex]
  */
@@ -867,7 +897,7 @@ function createIterator (name, kInternalIterator, keyIndex = 0, valueIndex = 1)
       // 7. Let kind be object’s kind.
       // 8. Let values be object’s target's value pairs to iterate over.
       const index = this.#index
-      const values = this.#target[kInternalIterator]
+      const values = kInternalIterator(this.#target)
 
       // 9. Let len be the length of values.
       const len = values.length
@@ -961,7 +991,7 @@ function createIterator (name, kInternalIterator, keyIndex = 0, valueIndex = 1)
  * @see https://webidl.spec.whatwg.org/#dfn-iterator-prototype-object
  * @param {string} name name of the instance
  * @param {any} object class
- * @param {symbol} kInternalIterator
+ * @param {(target: any) => any} kInternalIterator
  * @param {string | number} [keyIndex]
  * @param {string | number} [valueIndex]
  */
@@ -1029,7 +1059,7 @@ function iteratorMixin (name, object, kInternalIterator, keyIndex = 0, valueInde
 /**
  * @see https://fetch.spec.whatwg.org/#body-fully-read
  */
-async function fullyReadBody (body, processBody, processBodyError) {
+function fullyReadBody (body, processBody, processBodyError) {
   // 1. If taskDestination is null, then set taskDestination to
   //    the result of starting a new parallel queue.
 
@@ -1054,11 +1084,7 @@ async function fullyReadBody (body, processBody, processBodyError) {
   }
 
   // 5. Read all bytes from reader, given successSteps and errorSteps.
-  try {
-    successSteps(await readAllBytes(reader))
-  } catch (e) {
-    errorSteps(e)
-  }
+  readAllBytes(reader, successSteps, errorSteps)
 }
 
 /**
@@ -1096,30 +1122,39 @@ function isomorphicEncode (input) {
  * @see https://streams.spec.whatwg.org/#readablestreamdefaultreader-read-all-bytes
  * @see https://streams.spec.whatwg.org/#read-loop
  * @param {ReadableStreamDefaultReader} reader
+ * @param {(bytes: Uint8Array) => void} successSteps
+ * @param {(error: Error) => void} failureSteps
  */
-async function readAllBytes (reader) {
+async function readAllBytes (reader, successSteps, failureSteps) {
   const bytes = []
   let byteLength = 0
 
-  while (true) {
-    const { done, value: chunk } = await reader.read()
+  try {
+    do {
+      const { done, value: chunk } = await reader.read()
 
-    if (done) {
-      // 1. Call successSteps with bytes.
-      return Buffer.concat(bytes, byteLength)
-    }
+      if (done) {
+        // 1. Call successSteps with bytes.
+        successSteps(Buffer.concat(bytes, byteLength))
+        return
+      }
 
-    // 1. If chunk is not a Uint8Array object, call failureSteps
-    //    with a TypeError and abort these steps.
-    if (!isUint8Array(chunk)) {
-      throw new TypeError('Received non-Uint8Array chunk')
-    }
+      // 1. If chunk is not a Uint8Array object, call failureSteps
+      //    with a TypeError and abort these steps.
+      if (!isUint8Array(chunk)) {
+        failureSteps(TypeError('Received non-Uint8Array chunk'))
+        return
+      }
 
-    // 2. Append the bytes represented by chunk to bytes.
-    bytes.push(chunk)
-    byteLength += chunk.length
+      // 2. Append the bytes represented by chunk to bytes.
+      bytes.push(chunk)
+      byteLength += chunk.length
 
     // 3. Read-loop given reader, bytes, successSteps, and failureSteps.
+    } while (true)
+  } catch (e) {
+    // 1. Call failureSteps with e.
+    failureSteps(e)
   }
 }
 
@@ -1333,6 +1368,14 @@ function buildContentRange (rangeStart, rangeEnd, fullLength) {
 // interpreted as a zlib stream, otherwise it's interpreted as a
 // raw deflate stream.
 class InflateStream extends Transform {
+  #zlibOptions
+
+  /** @param {zlib.ZlibOptions} [zlibOptions] */
+  constructor (zlibOptions) {
+    super()
+    this.#zlibOptions = zlibOptions
+  }
+
   _transform (chunk, encoding, callback) {
     if (!this._inflateStream) {
       if (chunk.length === 0) {
@@ -1340,8 +1383,8 @@ class InflateStream extends Transform {
         return
       }
       this._inflateStream = (chunk[0] & 0x0F) === 0x08
-        ? zlib.createInflate()
-        : zlib.createInflateRaw()
+        ? zlib.createInflate(this.#zlibOptions)
+        : zlib.createInflateRaw(this.#zlibOptions)
 
       this._inflateStream.on('data', this.push.bind(this))
       this._inflateStream.on('end', () => this.push(null))
@@ -1360,8 +1403,12 @@ class InflateStream extends Transform {
   }
 }
 
-function createInflate () {
-  return new InflateStream()
+/**
+ * @param {zlib.ZlibOptions} [zlibOptions]
+ * @returns {InflateStream}
+ */
+function createInflate (zlibOptions) {
+  return new InflateStream(zlibOptions)
 }
 
 /**

package/lib/web/fetch/webidl.js

@@ -13,10 +13,12 @@ const NULL = 7
 const OBJECT = 8 // function and object
 
 /** @type {import('../../../types/webidl').Webidl} */
-const webidl = {}
-webidl.converters = {}
-webidl.util = {}
-webidl.errors = {}
+const webidl = {
+  converters: {},
+  util: {},
+  errors: {},
+  is: {}
+}
 
 webidl.errors.exception = function (message) {
   return new TypeError(`${message.header}: ${message.message}`)
@@ -43,18 +45,22 @@ webidl.errors.invalidArgument = function (context) {
 
 // https://webidl.spec.whatwg.org/#implements
 webidl.brandCheck = function (V, I) {
-  if (!(V instanceof I)) {
+  if (!I.prototype.isPrototypeOf(V)) { // eslint-disable-line no-prototype-builtins
     const err = new TypeError('Illegal invocation')
     err.code = 'ERR_INVALID_THIS' // node compat.
     throw err
   }
 }
 
-webidl.brandCheckMultiple = function (V, List) {
-  if (List.every((clazz) => !(V instanceof clazz))) {
-    const err = new TypeError('Illegal invocation')
-    err.code = 'ERR_INVALID_THIS' // node compat.
-    throw err
+webidl.brandCheckMultiple = function (List) {
+  const prototypes = List.map((c) => webidl.util.MakeTypeAssertion(c.prototype))
+
+  return (V) => {
+    if (prototypes.every(typeCheck => !typeCheck(V))) {
+      const err = new TypeError('Illegal invocation')
+      err.code = 'ERR_INVALID_THIS' // node compat.
+      throw err
+    }
   }
 }
 
@@ -75,6 +81,11 @@ webidl.illegalConstructor = function () {
   })
 }
 
+const isPrototypeOf = Object.prototype.isPrototypeOf
+webidl.util.MakeTypeAssertion = function (Prototype) {
+  return (O) => isPrototypeOf.call(Prototype, O)
+}
+
 // https://tc39.es/ecma262/#sec-ecmascript-data-types-and-values
 webidl.util.Type = function (V) {
   switch (typeof V) {
@@ -372,12 +383,12 @@ webidl.recordConverter = function (keyConverter, valueConverter) {
   }
 }
 
-webidl.interfaceConverter = function (i) {
+webidl.interfaceConverter = function (TypeCheck, name) {
   return (V, prefix, argument) => {
-    if (!(V instanceof i)) {
+    if (!TypeCheck(V)) {
       throw webidl.errors.exception({
         header: prefix,
-        message: `Expected ${argument} ("${webidl.util.Stringify(V)}") to be an instance of ${i.name}.`
+        message: `Expected ${argument} ("${webidl.util.Stringify(V)}") to be an instance of ${name}.`
       })
     }
 
@@ -451,6 +462,14 @@ webidl.nullableConverter = function (converter) {
   }
 }
 
+webidl.is.ReadableStream = webidl.util.MakeTypeAssertion(ReadableStream.prototype)
+webidl.is.Blob = webidl.util.MakeTypeAssertion(Blob.prototype)
+webidl.is.URLSearchParams = webidl.util.MakeTypeAssertion(URLSearchParams.prototype)
+webidl.is.File = webidl.util.MakeTypeAssertion((globalThis.File ?? require('node:buffer').File).prototype)
+webidl.is.URL = webidl.util.MakeTypeAssertion(URL.prototype)
+webidl.is.AbortSignal = webidl.util.MakeTypeAssertion(AbortSignal.prototype)
+webidl.is.MessagePort = webidl.util.MakeTypeAssertion(MessagePort.prototype)
+
 // https://webidl.spec.whatwg.org/#es-DOMString
 webidl.converters.DOMString = function (V, prefix, argument, opts) {
   // 1. If V is null and the conversion is to an IDL type
@@ -697,7 +716,12 @@ webidl.converters['record<ByteString, ByteString>'] = webidl.recordConverter(
   webidl.converters.ByteString
 )
 
-webidl.converters.Blob = webidl.interfaceConverter(Blob)
+webidl.converters.Blob = webidl.interfaceConverter(webidl.is.Blob, 'Blob')
+
+webidl.converters.AbortSignal = webidl.interfaceConverter(
+  webidl.is.AbortSignal,
+  'AbortSignal'
+)
 
 module.exports = {
   webidl