undici 7.0.0-alpha.2 → 7.0.0-alpha.4

package/lib/web/cookies/parse.js

@@ -4,6 +4,7 @@ const { maxNameValuePairSize, maxAttributeValueSize } = require('./constants')
 const { isCTLExcludingHtab } = require('./util')
 const { collectASequenceOfCodePointsFast } = require('../fetch/data-url')
 const assert = require('node:assert')
+const { unescape } = require('node:querystring')
 
 /**
  * @description Parses the field-value attributes of a set-cookie header string.
@@ -76,8 +77,12 @@ function parseSetCookie (header) {
 
   // 6. The cookie-name is the name string, and the cookie-value is the
   //    value string.
+  // https://datatracker.ietf.org/doc/html/rfc6265
+  // To maximize compatibility with user agents, servers that wish to
+  // store arbitrary data in a cookie-value SHOULD encode that data, for
+  // example, using Base64 [RFC4648].
   return {
-    name, value, ...parseUnparsedAttributes(unparsedAttributes)
+    name, value: unescape(value), ...parseUnparsedAttributes(unparsedAttributes)
   }
 }
 

package/lib/web/eventsource/eventsource.js

@@ -109,6 +109,8 @@ class EventSource extends EventTarget {
     // 1. Let ev be a new EventSource object.
     super()
 
+    webidl.util.markAsUncloneable(this)
+
     const prefix = 'EventSource constructor'
     webidl.argumentLengthCheck(arguments, 1, prefix)
 

package/lib/web/fetch/body.js

@@ -364,12 +364,8 @@ function bodyMixinMethods (instance, getInternalState) {
           switch (mimeType.essence) {
             case 'multipart/form-data': {
               // 1. ... [long step]
-              const parsed = multipartFormDataParser(value, mimeType)
-
               // 2. If that fails for some reason, then throw a TypeError.
-              if (parsed === 'failure') {
-                throw new TypeError('Failed to parse body as FormData.')
-              }
+              const parsed = multipartFormDataParser(value, mimeType)
 
               // 3. Return a new FormData object, appending each entry,
               //    resulting from the parsing operation, to its entry list.

package/lib/web/fetch/constants.js

@@ -22,10 +22,9 @@ const badPorts = /** @type {const} */ ([
 const badPortsSet = new Set(badPorts)
 
 /**
- * @see https://w3c.github.io/webappsec-referrer-policy/#referrer-policies
+ * @see https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-header
  */
-const referrerPolicy = /** @type {const} */ ([
-  '',
+const referrerPolicyTokens = /** @type {const} */ ([
   'no-referrer',
   'no-referrer-when-downgrade',
   'same-origin',
@@ -35,7 +34,15 @@ const referrerPolicy = /** @type {const} */ ([
   'strict-origin-when-cross-origin',
   'unsafe-url'
 ])
-const referrerPolicySet = new Set(referrerPolicy)
+
+/**
+ * @see https://w3c.github.io/webappsec-referrer-policy/#referrer-policies
+ */
+const referrerPolicy = /** @type {const} */ ([
+  '',
+  ...referrerPolicyTokens
+])
+const referrerPolicyTokensSet = new Set(referrerPolicyTokens)
 
 const requestRedirect = /** @type {const} */ (['follow', 'manual', 'error'])
 
@@ -120,5 +127,5 @@ module.exports = {
   corsSafeListedMethodsSet,
   safeMethodsSet,
   forbiddenMethodsSet,
-  referrerPolicySet
+  referrerPolicyTokens: referrerPolicyTokensSet
 }

package/lib/web/fetch/data-url.js

@@ -471,9 +471,9 @@ function forgivingBase64 (data) {
 /**
  * @param {string} input
  * @param {{ position: number }} position
- * @param {boolean?} extractValue
+ * @param {boolean} [extractValue=false]
  */
-function collectAnHTTPQuotedString (input, position, extractValue) {
+function collectAnHTTPQuotedString (input, position, extractValue = false) {
   // 1. Let positionStart be position.
   const positionStart = position.position
 

package/lib/web/fetch/formdata-parser.js

@@ -11,7 +11,7 @@ const { File: NodeFile } = require('node:buffer')
 const File = globalThis.File ?? NodeFile
 
 const formDataNameBuffer = Buffer.from('form-data; name="')
-const filenameBuffer = Buffer.from('; filename')
+const filenameBuffer = Buffer.from('filename')
 const dd = Buffer.from('--')
 const ddcrlf = Buffer.from('--\r\n')
 
@@ -75,7 +75,7 @@ function multipartFormDataParser (input, mimeType) {
   //    Otherwise, let boundary be the result of UTF-8 decoding mimeType’s
   //    parameters["boundary"].
   if (boundaryString === undefined) {
-    return 'failure'
+    throw parsingError('missing boundary in content-type header')
   }
 
   const boundary = Buffer.from(`--${boundaryString}`, 'utf8')
@@ -111,7 +111,7 @@ function multipartFormDataParser (input, mimeType) {
     if (input.subarray(position.position, position.position + boundary.length).equals(boundary)) {
       position.position += boundary.length
     } else {
-      return 'failure'
+      throw parsingError('expected a value starting with -- and the boundary')
     }
 
     // 5.2. If position points to the sequence of bytes 0x2D 0x2D 0x0D 0x0A
@@ -127,7 +127,7 @@ function multipartFormDataParser (input, mimeType) {
     // 5.3. If position does not point to a sequence of bytes starting with 0x0D
     //      0x0A (CR LF), return failure.
     if (input[position.position] !== 0x0d || input[position.position + 1] !== 0x0a) {
-      return 'failure'
+      throw parsingError('expected CRLF')
     }
 
     // 5.4. Advance position by 2. (This skips past the newline.)
@@ -138,10 +138,6 @@ function multipartFormDataParser (input, mimeType) {
     //      is not failure. Otherwise, return failure.
     const result = parseMultipartFormDataHeaders(input, position)
 
-    if (result === 'failure') {
-      return 'failure'
-    }
-
     let { name, filename, contentType, encoding } = result
 
     // 5.6. Advance position by 2. (This skips past the empty line that marks
@@ -157,7 +153,7 @@ function multipartFormDataParser (input, mimeType) {
       const boundaryIndex = input.indexOf(boundary.subarray(2), position.position)
 
       if (boundaryIndex === -1) {
-        return 'failure'
+        throw parsingError('expected boundary after body')
       }
 
       body = input.subarray(position.position, boundaryIndex - 4)
@@ -174,7 +170,7 @@ function multipartFormDataParser (input, mimeType) {
     // 5.9. If position does not point to a sequence of bytes starting with
     //      0x0D 0x0A (CR LF), return failure. Otherwise, advance position by 2.
     if (input[position.position] !== 0x0d || input[position.position + 1] !== 0x0a) {
-      return 'failure'
+      throw parsingError('expected CRLF')
     } else {
       position.position += 2
     }
@@ -230,7 +226,7 @@ function parseMultipartFormDataHeaders (input, position) {
     if (input[position.position] === 0x0d && input[position.position + 1] === 0x0a) {
       // 2.1.1. If name is null, return failure.
       if (name === null) {
-        return 'failure'
+        throw parsingError('header name is null')
       }
 
       // 2.1.2. Return name, filename and contentType.
@@ -250,12 +246,12 @@ function parseMultipartFormDataHeaders (input, position) {
 
     // 2.4. If header name does not match the field-name token production, return failure.
     if (!HTTP_TOKEN_CODEPOINTS.test(headerName.toString())) {
-      return 'failure'
+      throw parsingError('header name does not match the field-name token production')
     }
 
     // 2.5. If the byte at position is not 0x3A (:), return failure.
     if (input[position.position] !== 0x3a) {
-      return 'failure'
+      throw parsingError('expected :')
     }
 
     // 2.6. Advance position by 1.
@@ -278,7 +274,7 @@ function parseMultipartFormDataHeaders (input, position) {
         // 2. If position does not point to a sequence of bytes starting with
         //    `form-data; name="`, return failure.
         if (!bufferStartsWith(input, formDataNameBuffer, position)) {
-          return 'failure'
+          throw parsingError('expected form-data; name=" for content-disposition header')
         }
 
         // 3. Advance position so it points at the byte after the next 0x22 (")
@@ -290,34 +286,61 @@ function parseMultipartFormDataHeaders (input, position) {
         //    failure.
         name = parseMultipartFormDataName(input, position)
 
-        if (name === null) {
-          return 'failure'
-        }
-
         // 5. If position points to a sequence of bytes starting with `; filename="`:
-        if (bufferStartsWith(input, filenameBuffer, position)) {
-          // Note: undici also handles filename*
-          let check = position.position + filenameBuffer.length
-
-          if (input[check] === 0x2a) {
-            position.position += 1
-            check += 1
-          }
-
-          if (input[check] !== 0x3d || input[check + 1] !== 0x22) { // ="
-            return 'failure'
-          }
-
-          // 1. Advance position so it points at the byte after the next 0x22 (") byte
-          //    (the one in the sequence of bytes matched above).
-          position.position += 12
-
-          // 2. Set filename to the result of parsing a multipart/form-data name given
-          //    input and position, if the result is not failure. Otherwise, return failure.
-          filename = parseMultipartFormDataName(input, position)
-
-          if (filename === null) {
-            return 'failure'
+        if (input[position.position] === 0x3b /* ; */ && input[position.position + 1] === 0x20 /* ' ' */) {
+          const at = { position: position.position + 2 }
+
+          if (bufferStartsWith(input, filenameBuffer, at)) {
+            if (input[at.position + 8] === 0x2a /* '*' */) {
+              at.position += 10 // skip past filename*=
+
+              // Remove leading http tab and spaces. See RFC for examples.
+              // https://datatracker.ietf.org/doc/html/rfc6266#section-5
+              collectASequenceOfBytes(
+                (char) => char === 0x20 || char === 0x09,
+                input,
+                at
+              )
+
+              const headerValue = collectASequenceOfBytes(
+                (char) => char !== 0x20 && char !== 0x0d && char !== 0x0a, // ' ' or CRLF
+                input,
+                at
+              )
+
+              if (
+                (headerValue[0] !== 0x75 && headerValue[0] !== 0x55) || // u or U
+                (headerValue[1] !== 0x74 && headerValue[1] !== 0x54) || // t or T
+                (headerValue[2] !== 0x66 && headerValue[2] !== 0x46) || // f or F
+                headerValue[3] !== 0x2d || // -
+                headerValue[4] !== 0x38 // 8
+              ) {
+                throw parsingError('unknown encoding, expected utf-8\'\'')
+              }
+
+              // skip utf-8''
+              filename = decodeURIComponent(new TextDecoder().decode(headerValue.subarray(7)))
+
+              position.position = at.position
+            } else {
+              // 1. Advance position so it points at the byte after the next 0x22 (") byte
+              //    (the one in the sequence of bytes matched above).
+              position.position += 11
+
+              // Remove leading http tab and spaces. See RFC for examples.
+              // https://datatracker.ietf.org/doc/html/rfc6266#section-5
+              collectASequenceOfBytes(
+                (char) => char === 0x20 || char === 0x09,
+                input,
+                position
+              )
+
+              position.position++ // skip past " after removing whitespace
+
+              // 2. Set filename to the result of parsing a multipart/form-data name given
+              //    input and position, if the result is not failure. Otherwise, return failure.
+              filename = parseMultipartFormDataName(input, position)
+            }
           }
         }
 
@@ -367,7 +390,7 @@ function parseMultipartFormDataHeaders (input, position) {
     // 2.9. If position does not point to a sequence of bytes starting with 0x0D 0x0A
     //      (CR LF), return failure. Otherwise, advance position by 2 (past the newline).
     if (input[position.position] !== 0x0d && input[position.position + 1] !== 0x0a) {
-      return 'failure'
+      throw parsingError('expected CRLF')
     } else {
       position.position += 2
     }
@@ -393,7 +416,7 @@ function parseMultipartFormDataName (input, position) {
 
   // 3. If the byte at position is not 0x22 ("), return failure. Otherwise, advance position by 1.
   if (input[position.position] !== 0x22) {
-    return null // name could be 'failure'
+    throw parsingError('expected "')
   } else {
     position.position++
   }
@@ -468,6 +491,10 @@ function bufferStartsWith (buffer, start, position) {
   return true
 }
 
+function parsingError (cause) {
+  return new TypeError('Failed to parse body as FormData.', { cause: new TypeError(cause) })
+}
+
 module.exports = {
   multipartFormDataParser,
   validateBoundary

package/lib/web/fetch/formdata.js

@@ -14,6 +14,8 @@ class FormData {
   #state = []
 
   constructor (form) {
+    webidl.util.markAsUncloneable(this)
+
     if (form !== undefined) {
       throw webidl.errors.conversionFailed({
         prefix: 'FormData constructor',
@@ -256,6 +258,6 @@ function makeEntry (name, value, filename) {
   return { name, value }
 }
 
-webidl.is.FormData = webidl.util.MakeTypeAssertion(FormData.prototype)
+webidl.is.FormData = webidl.util.MakeTypeAssertion(FormData)
 
 module.exports = { FormData, makeEntry, setFormDataState }

package/lib/web/fetch/headers.js

@@ -436,6 +436,8 @@ class Headers {
    * @returns
    */
   constructor (init = undefined) {
+    webidl.util.markAsUncloneable(this)
+
     if (init === kConstruct) {
       return
     }
@@ -449,7 +451,7 @@ class Headers {
 
     // 2. If init is given, then fill this with init.
     if (init !== undefined) {
-      init = webidl.converters.HeadersInit(init, 'Headers contructor', 'init')
+      init = webidl.converters.HeadersInit(init, 'Headers constructor', 'init')
       fill(this, init)
     }
   }

package/lib/web/fetch/index.js

@@ -1943,8 +1943,10 @@ async function httpNetworkFetch (
   // 19. Run these steps in parallel:
 
   //    1. Run these steps, but abort when fetchParams is canceled:
-  fetchParams.controller.onAborted = onAborted
-  fetchParams.controller.on('terminated', onAborted)
+  if (!fetchParams.controller.resume) {
+    fetchParams.controller.on('terminated', onAborted)
+  }
+
   fetchParams.controller.resume = async () => {
     // 1. While true
     while (true) {
@@ -2205,10 +2207,6 @@ async function httpNetworkFetch (
             fetchParams.controller.off('terminated', this.abort)
           }
 
-          if (fetchParams.controller.onAborted) {
-            fetchParams.controller.off('terminated', fetchParams.controller.onAborted)
-          }
-
           fetchParams.controller.ended = true
 
           this.body.push(null)

package/lib/web/fetch/request.js

@@ -92,6 +92,8 @@ class Request {
 
   // https://fetch.spec.whatwg.org/#dom-request
   constructor (input, init = undefined) {
+    webidl.util.markAsUncloneable(this)
+
     if (input === kConstruct) {
       return
     }
@@ -986,7 +988,7 @@ Object.defineProperties(Request.prototype, {
   }
 })
 
-webidl.is.Request = webidl.util.MakeTypeAssertion(Request.prototype)
+webidl.is.Request = webidl.util.MakeTypeAssertion(Request)
 
 // https://fetch.spec.whatwg.org/#requestinfo
 webidl.converters.RequestInfo = function (V, prefix, argument) {

package/lib/web/fetch/response.js

@@ -112,6 +112,8 @@ class Response {
 
   // https://fetch.spec.whatwg.org/#dom-response
   constructor (body = null, init = undefined) {
+    webidl.util.markAsUncloneable(this)
+
     if (body === kConstruct) {
       return
     }
@@ -619,7 +621,7 @@ webidl.converters.ResponseInit = webidl.dictionaryConverter([
   }
 ])
 
-webidl.is.Response = webidl.util.MakeTypeAssertion(Response.prototype)
+webidl.is.Response = webidl.util.MakeTypeAssertion(Response)
 
 module.exports = {
   isNetworkError,