(request)
| 254 | |
| 255 | // https://fetch.spec.whatwg.org/#append-a-request-origin-header |
| 256 | function appendRequestOriginHeader (request) { |
| 257 | // 1. Let serializedOrigin be the result of byte-serializing a request origin |
| 258 | // with request. |
| 259 | // TODO: implement "byte-serializing a request origin" |
| 260 | let serializedOrigin = request.origin |
| 261 | |
| 262 | // - "'client' is changed to an origin during fetching." |
| 263 | // This doesn't happen in undici (in most cases) because undici, by default, |
| 264 | // has no concept of origin. |
| 265 | // - request.origin can also be set to request.client.origin (client being |
| 266 | // an environment settings object), which is undefined without using |
| 267 | // setGlobalOrigin. |
| 268 | if (serializedOrigin === 'client' || serializedOrigin === undefined) { |
| 269 | return |
| 270 | } |
| 271 | |
| 272 | // 2. If request’s response tainting is "cors" or request’s mode is "websocket", |
| 273 | // then append (`Origin`, serializedOrigin) to request’s header list. |
| 274 | // 3. Otherwise, if request’s method is neither `GET` nor `HEAD`, then: |
| 275 | if (request.responseTainting === 'cors' || request.mode === 'websocket') { |
| 276 | request.headersList.append('origin', serializedOrigin, true) |
| 277 | } else if (request.method !== 'GET' && request.method !== 'HEAD') { |
| 278 | // 1. Switch on request’s referrer policy: |
| 279 | switch (request.referrerPolicy) { |
| 280 | case 'no-referrer': |
| 281 | // Set serializedOrigin to `null`. |
| 282 | serializedOrigin = null |
| 283 | break |
| 284 | case 'no-referrer-when-downgrade': |
| 285 | case 'strict-origin': |
| 286 | case 'strict-origin-when-cross-origin': |
| 287 | // If request’s origin is a tuple origin, its scheme is "https", and |
| 288 | // request’s current URL’s scheme is not "https", then set |
| 289 | // serializedOrigin to `null`. |
| 290 | if (request.origin && urlHasHttpsScheme(request.origin) && !urlHasHttpsScheme(requestCurrentURL(request))) { |
| 291 | serializedOrigin = null |
| 292 | } |
| 293 | break |
| 294 | case 'same-origin': |
| 295 | // If request’s origin is not same origin with request’s current URL’s |
| 296 | // origin, then set serializedOrigin to `null`. |
| 297 | if (!sameOrigin(request, requestCurrentURL(request))) { |
| 298 | serializedOrigin = null |
| 299 | } |
| 300 | break |
| 301 | default: |
| 302 | // Do nothing. |
| 303 | } |
| 304 | |
| 305 | // 2. Append (`Origin`, serializedOrigin) to request’s header list. |
| 306 | request.headersList.append('origin', serializedOrigin, true) |
| 307 | } |
| 308 | } |
| 309 | |
| 310 | // https://w3c.github.io/hr-time/#dfn-coarsen-time |
| 311 | function coarsenTime (timestamp, crossOriginIsolatedCapability) { |
no test coverage detected