(fetchParams, response)
| 60327 | response = await httpRedirectFetch(fetchParams, response); |
| 60328 | } else { |
| 60329 | assert2(false); |
| 60330 | } |
| 60331 | } |
| 60332 | response.timingInfo = timingInfo; |
| 60333 | return response; |
| 60334 | } |
| 60335 | function httpRedirectFetch(fetchParams, response) { |
| 60336 | const request3 = fetchParams.request; |
| 60337 | const actualResponse = response.internalResponse ? response.internalResponse : response; |
| 60338 | let locationURL; |
| 60339 | try { |
| 60340 | locationURL = responseLocationURL( |
| 60341 | actualResponse, |
| 60342 | requestCurrentURL(request3).hash |
| 60343 | ); |
| 60344 | if (locationURL == null) { |
| 60345 | return response; |
| 60346 | } |
| 60347 | } catch (err) { |
| 60348 | return Promise.resolve(makeNetworkError(err)); |
| 60349 | } |
| 60350 | if (!urlIsHttpHttpsScheme(locationURL)) { |
| 60351 | return Promise.resolve(makeNetworkError("URL scheme must be a HTTP(S) scheme")); |
| 60352 | } |
| 60353 | if (request3.redirectCount === 20) { |
| 60354 | return Promise.resolve(makeNetworkError("redirect count exceeded")); |
| 60355 | } |
| 60356 | request3.redirectCount += 1; |
| 60357 | if (request3.mode === "cors" && (locationURL.username || locationURL.password) && !sameOrigin(request3, locationURL)) { |
| 60358 | return Promise.resolve(makeNetworkError('cross origin not allowed for request mode "cors"')); |
| 60359 | } |
| 60360 | if (request3.responseTainting === "cors" && (locationURL.username || locationURL.password)) { |
| 60361 | return Promise.resolve(makeNetworkError( |
| 60362 | 'URL cannot contain credentials for request mode "cors"' |
| 60363 | )); |
| 60364 | } |
| 60365 | if (actualResponse.status !== 303 && request3.body != null && request3.body.source == null) { |
| 60366 | return Promise.resolve(makeNetworkError()); |
| 60367 | } |
| 60368 | if ([301, 302].includes(actualResponse.status) && request3.method === "POST" || actualResponse.status === 303 && !GET_OR_HEAD.includes(request3.method)) { |
| 60369 | request3.method = "GET"; |
| 60370 | request3.body = null; |
| 60371 | for (const headerName of requestBodyHeader) { |
| 60372 | request3.headersList.delete(headerName); |
| 60373 | } |
| 60374 | } |
| 60375 | if (!sameOrigin(requestCurrentURL(request3), locationURL)) { |
| 60376 | request3.headersList.delete("authorization"); |
| 60377 | request3.headersList.delete("proxy-authorization", true); |
| 60378 | request3.headersList.delete("cookie"); |
| 60379 | request3.headersList.delete("host"); |
| 60380 | } |
| 60381 | if (request3.body != null) { |
| 60382 | assert2(request3.body.source != null); |
| 60383 | request3.body = safelyExtractBody(request3.body.source)[0]; |
| 60384 | } |
| 60385 | const timingInfo = fetchParams.timingInfo; |
| 60386 | timingInfo.redirectEndTime = timingInfo.postRedirectStartTime = coarsenedSharedCurrentTime(fetchParams.crossOriginIsolatedCapability); |
no test coverage detected
searching dependent graphs…