undici 7.24.7 → 7.25.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/lib/web/fetch/index.js +15 -2
  2. package/lib/web/fetch/util.js +4 -2
  3. package/package.json +1 -1
package/lib/web/fetch/index.js CHANGED
@@ -1644,12 +1644,25 @@ async function httpNetworkOrCacheFetch (
1644
1644
  // 14. If response’s status is 401, httpRequest’s response tainting is not "cors",
1645
1645
  // includeCredentials is true, and request’s traversable for user prompts is
1646
1646
  // a traversable navigable:
1647
- if (response.status === 401 && httpRequest.responseTainting !== 'cors' && includeCredentials && isTraversableNavigable(request.traversableForUserPrompts)) {
1647
+ //
1648
+ // In Node.js there is no traversable navigable to prompt the user, but we
1649
+ // still need to handle URL-embedded credentials so authentication retries
1650
+ // for WebSocket handshakes continue to work.
1651
+ if (response.status === 401 && httpRequest.responseTainting !== 'cors' && includeCredentials && (
1652
+ request.useURLCredentials !== undefined ||
1653
+ isTraversableNavigable(request.traversableForUserPrompts)
1654
+ )) {
1648
1655
  // 2. If request’s body is non-null, then:
1649
1656
  if (request.body != null) {
1650
1657
  // 1. If request’s body’s source is null, then return a network error.
1651
1658
  if (request.body.source == null) {
1652
- return makeNetworkError('expected non-null body source')
1659
+ // Note: In Node.js, this code path should not be reached because
1660
+ // isTraversableNavigable() returns false for non-navigable contexts.
1661
+ // However, we handle it gracefully by returning the response instead of
1662
+ // a network error, as we won't actually retry the request.
1663
+ // This aligns with the Fetch spec discussion in whatwg/fetch#1132,
1664
+ // which allows implementations flexibility when credentials can't be obtained.
1665
+ return response
1653
1666
  }
1654
1667
 
1655
1668
  // 2. Set request’s body to the body of the result of safely extracting
package/lib/web/fetch/util.js CHANGED
@@ -1447,8 +1447,10 @@ function includesCredentials (url) {
1447
1447
  * @param {object|string} navigable
1448
1448
  */
1449
1449
  function isTraversableNavigable (navigable) {
1450
- // TODO
1451
- return true
1450
+ // Returns true only if we have an actual traversable navigable object
1451
+ // that can prompt the user for credentials. In Node.js, this will always
1452
+ // be false since there's no Window object or navigable.
1453
+ return navigable != null && navigable !== 'client' && navigable !== 'no-traversable'
1452
1454
  }
1453
1455
 
1454
1456
  class EnvironmentSettingsObjectBase {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "undici",
3
- "version": "7.24.7",
3
+ "version": "7.25.0",
4
4
  "description": "An HTTP/1.1 client, written from scratch for Node.js",
5
5
  "homepage": "https://undici.nodejs.org",
6
6
  "bugs": {