feat: implement (basic) webidl & headers comments (#1495)

Author: KhafraDev

lib/fetch/headers.js

@@ -2,37 +2,35 @@
 
 'use strict'
 
-const { validateHeaderName, validateHeaderValue } = require('http')
 const { kHeadersList } = require('../core/symbols')
 const { kGuard } = require('./symbols')
 const { kEnumerableProperty } = require('../core/util')
-const { makeIterator } = require('./util')
+const {
+  makeIterator,
+  isValidHeaderName,
+  isValidHeaderValue
+} = require('./util')
+const { webidl } = require('./webidl')
 
 const kHeadersMap = Symbol('headers map')
 const kHeadersSortedMap = Symbol('headers map sorted')
 
-function normalizeAndValidateHeaderName (name) {
-  if (name === undefined) {
-    throw new TypeError(`Header name ${name}`)
-  }
-  const normalizedHeaderName = name.toLocaleLowerCase()
-  validateHeaderName(normalizedHeaderName)
-  return normalizedHeaderName
-}
-
-function normalizeAndValidateHeaderValue (name, value) {
-  if (value === undefined) {
-    throw new TypeError(value, name)
-  }
-  const normalizedHeaderValue = `${value}`.replace(
-    /^[\n\t\r\x20]+|[\n\t\r\x20]+$/g,
+/**
+ * @see https://fetch.spec.whatwg.org/#concept-header-value-normalize
+ * @param {string} potentialValue
+ */
+function headerValueNormalize (potentialValue) {
+  //  To normalize a byte sequence potentialValue, remove
+  //  any leading and trailing HTTP whitespace bytes from
+  //  potentialValue.
+  return potentialValue.replace(
+    /^[\r\n\t ]+|[\r\n\t ]+$/g,
     ''
   )
-  validateHeaderValue(name, normalizedHeaderValue)
-  return normalizedHeaderValue
 }
 
 function fill (headers, object) {
+  // TODO: use idl converters once implemented
   // To fill a Headers object headers with a given object object, run these steps:
 
   if (object[Symbol.iterator]) {
@@ -85,48 +83,75 @@ class HeadersList {
     }
   }
 
+  // https://fetch.spec.whatwg.org/#header-list-contains
+  contains (name) {
+    // A header list list contains a header name name if list
+    // contains a header whose name is a byte-case-insensitive
+    // match for name.
+    name = name.toLowerCase()
+
+    return this[kHeadersMap].has(name)
+  }
+
   clear () {
     this[kHeadersMap].clear()
     this[kHeadersSortedMap] = null
   }
 
+  // https://fetch.spec.whatwg.org/#concept-header-list-append
   append (name, value) {
     this[kHeadersSortedMap] = null
 
-    const normalizedName = normalizeAndValidateHeaderName(name)
-    const normalizedValue = normalizeAndValidateHeaderValue(name, value)
-
-    const exists = this[kHeadersMap].get(normalizedName)
+    // 1. If list contains name, then set name to the first such
+    //    header’s name.
+    name = name.toLowerCase()
+    const exists = this[kHeadersMap].get(name)
 
+    // 2. Append (name, value) to list.
     if (exists) {
-      this[kHeadersMap].set(normalizedName, `${exists}, ${normalizedValue}`)
+      this[kHeadersMap].set(name, `${exists}, ${value}`)
     } else {
-      this[kHeadersMap].set(normalizedName, `${normalizedValue}`)
+      this[kHeadersMap].set(name, `${value}`)
     }
   }
 
+  // https://fetch.spec.whatwg.org/#concept-header-list-set
   set (name, value) {
     this[kHeadersSortedMap] = null
 
-    const normalizedName = normalizeAndValidateHeaderName(name)
-    return this[kHeadersMap].set(normalizedName, value)
+    // 1. If list contains name, then set the value of
+    //    the first such header to value and remove the
+    //    others.
+    // 2. Otherwise, append header (name, value) to list.
+    return this[kHeadersMap].set(name, value)
   }
 
+  // https://fetch.spec.whatwg.org/#concept-header-list-delete
   delete (name) {
     this[kHeadersSortedMap] = null
 
-    const normalizedName = normalizeAndValidateHeaderName(name)
-    return this[kHeadersMap].delete(normalizedName)
+    name = name.toLowerCase()
+    return this[kHeadersMap].delete(name)
   }
 
+  // https://fetch.spec.whatwg.org/#concept-header-list-get
   get (name) {
-    const normalizedName = normalizeAndValidateHeaderName(name)
-    return this[kHeadersMap].get(normalizedName) ?? null
+    name = name.toLowerCase()
+
+    // 1. If list does not contain name, then return null.
+    if (!this.contains(name)) {
+      return null
+    }
+
+    // 2. Return the values of all headers in list whose name
+    //    is a byte-case-insensitive match for name,
+    //    separated from each other by 0x2C 0x20, in order.
+    return this[kHeadersMap].get(name) ?? null
   }
 
   has (name) {
-    const normalizedName = normalizeAndValidateHeaderName(name)
-    return this[kHeadersMap].has(normalizedName)
+    name = name.toLowerCase()
+    return this[kHeadersMap].has(name)
   }
 
   keys () {
@@ -186,14 +211,36 @@ class Headers {
       )
     }
 
+    name = webidl.converters.ByteString(name)
+    value = webidl.converters.ByteString(value)
+
+    // 1. Normalize value.
+    value = headerValueNormalize(value)
+
+    // 2. If name is not a header name or value is not a
+    //    header value, then throw a TypeError.
+    if (!isValidHeaderName(name) || !isValidHeaderValue(value)) {
+      throw new TypeError()
+    }
+
+    // 3. If headers’s guard is "immutable", then throw a TypeError.
+    // 4. Otherwise, if headers’s guard is "request" and name is a
+    //    forbidden header name, return.
     // Note: undici does not implement forbidden header names
     if (this[kGuard] === 'immutable') {
       throw new TypeError('immutable')
     } else if (this[kGuard] === 'request-no-cors') {
+      // 5. Otherwise, if headers’s guard is "request-no-cors":
       // TODO
     }
 
-    return this[kHeadersList].append(String(name), String(value))
+    // 6. Otherwise, if headers’s guard is "response" and name is a
+    //    forbidden response-header name, return.
+
+    // 7. Append (name, value) to headers’s header list.
+    // 8. If headers’s guard is "request-no-cors", then remove
+    //    privileged no-CORS request headers from headers
+    return this[kHeadersList].append(name, value)
   }
 
   // https://fetch.spec.whatwg.org/#dom-headers-delete
@@ -208,14 +255,39 @@ class Headers {
       )
     }
 
+    name = webidl.converters.ByteString(name)
+
+    // 1. If name is not a header name, then throw a TypeError.
+    if (!isValidHeaderName(name)) {
+      throw new TypeError()
+    }
+
+    // 2. If this’s guard is "immutable", then throw a TypeError.
+    // 3. Otherwise, if this’s guard is "request" and name is a
+    //    forbidden header name, return.
+    // 4. Otherwise, if this’s guard is "request-no-cors", name
+    //    is not a no-CORS-safelisted request-header name, and
+    //    name is not a privileged no-CORS request-header name,
+    //    return.
+    // 5. Otherwise, if this’s guard is "response" and name is
+    //    a forbidden response-header name, return.
     // Note: undici does not implement forbidden header names
     if (this[kGuard] === 'immutable') {
       throw new TypeError('immutable')
     } else if (this[kGuard] === 'request-no-cors') {
       // TODO
     }
 
-    return this[kHeadersList].delete(String(name))
+    // 6. If this’s header list does not contain name, then
+    //    return.
+    if (!this[kHeadersList].contains(name)) {
+      return
+    }
+
+    // 7. Delete name from this’s header list.
+    // 8. If this’s guard is "request-no-cors", then remove
+    //    privileged no-CORS request headers from this.
+    return this[kHeadersList].delete(name)
   }
 
   // https://fetch.spec.whatwg.org/#dom-headers-get
@@ -230,7 +302,16 @@ class Headers {
       )
     }
 
-    return this[kHeadersList].get(String(name))
+    name = webidl.converters.ByteString(name)
+
+    // 1. If name is not a header name, then throw a TypeError.
+    if (!isValidHeaderName(name)) {
+      throw new TypeError()
+    }
+
+    // 2. Return the result of getting name from this’s header
+    //    list.
+    return this[kHeadersList].get(name)
   }
 
   // https://fetch.spec.whatwg.org/#dom-headers-has
@@ -245,7 +326,16 @@ class Headers {
       )
     }
 
-    return this[kHeadersList].has(String(name))
+    name = webidl.converters.ByteString(name)
+
+    // 1. If name is not a header name, then throw a TypeError.
+    if (!isValidHeaderName(name)) {
+      throw new TypeError()
+    }
+
+    // 2. Return true if this’s header list contains name;
+    //    otherwise false.
+    return this[kHeadersList].contains(name)
   }
 
   // https://fetch.spec.whatwg.org/#dom-headers-set
@@ -260,14 +350,37 @@ class Headers {
       )
     }
 
+    name = webidl.converters.ByteString(name)
+    value = webidl.converters.ByteString(value)
+
+    // 1. Normalize value.
+    value = headerValueNormalize(value)
+
+    // 2. If name is not a header name or value is not a
+    //    header value, then throw a TypeError.
+    if (!isValidHeaderName(name) || !isValidHeaderValue(value)) {
+      throw new TypeError()
+    }
+
+    // 3. If this’s guard is "immutable", then throw a TypeError.
+    // 4. Otherwise, if this’s guard is "request" and name is a
+    //    forbidden header name, return.
+    // 5. Otherwise, if this’s guard is "request-no-cors" and
+    //    name/value is not a no-CORS-safelisted request-header,
+    //    return.
+    // 6. Otherwise, if this’s guard is "response" and name is a
+    //    forbidden response-header name, return.
     // Note: undici does not implement forbidden header names
     if (this[kGuard] === 'immutable') {
       throw new TypeError('immutable')
     } else if (this[kGuard] === 'request-no-cors') {
       // TODO
     }
 
-    return this[kHeadersList].set(String(name), String(value))
+    // 7. Set (name, value) in this’s header list.
+    // 8. If this’s guard is "request-no-cors", then remove
+    //    privileged no-CORS request headers from this
+    return this[kHeadersList].set(name, value)
   }
 
   get [kHeadersSortedMap] () {
@@ -351,7 +464,5 @@ Object.defineProperties(Headers.prototype, {
 module.exports = {
   fill,
   Headers,
-  HeadersList,
-  normalizeAndValidateHeaderName,
-  normalizeAndValidateHeaderValue
+  HeadersList
 }

lib/fetch/util.js

@@ -145,6 +145,49 @@ function isValidHTTPToken (characters) {
   return true
 }
 
+// https://fetch.spec.whatwg.org/#header-name
+// https://github.com/chromium/chromium/blob/b3d37e6f94f87d59e44662d6078f6a12de845d17/net/http/http_util.cc#L342
+function isValidHeaderName (potentialValue) {
+  if (potentialValue.length === 0) {
+    return false
+  }
+
+  for (const char of potentialValue) {
+    if (!isValidHTTPToken(char)) {
+      return false
+    }
+  }
+
+  return true
+}
+
+/**
+ * @see https://fetch.spec.whatwg.org/#header-value
+ * @param {string} potentialValue
+ */
+function isValidHeaderValue (potentialValue) {
+  // - Has no leading or trailing HTTP tab or space bytes.
+  // - Contains no 0x00 (NUL) or HTTP newline bytes.
+  if (
+    potentialValue.startsWith('\t') ||
+    potentialValue.startsWith(' ') ||
+    potentialValue.endsWith('\t') ||
+    potentialValue.endsWith(' ')
+  ) {
+    return false
+  }
+
+  if (
+    potentialValue.includes('\0') ||
+    potentialValue.includes('\r') ||
+    potentialValue.includes('\n')
+  ) {
+    return false
+  }
+
+  return true
+}
+
 // https://w3c.github.io/webappsec-referrer-policy/#set-requests-referrer-policy-on-redirect
 function setRequestReferrerPolicyOnRedirect (request, actualResponse) {
   //  Given a request request and a response actualResponse, this algorithm
@@ -418,5 +461,7 @@ module.exports = {
   sameOrigin,
   normalizeMethod,
   serializeJavascriptValueToJSONString,
-  makeIterator
+  makeIterator,
+  isValidHeaderName,
+  isValidHeaderValue
 }