MCPcopy Index your code
hub / github.com/nodejs/node / appendRequestOriginHeader

Function appendRequestOriginHeader

deps/undici/src/lib/web/fetch/util.js:256–308  ·  view source on GitHub ↗
(request)

Source from the content-addressed store, hash-verified

254
255// https://fetch.spec.whatwg.org/#append-a-request-origin-header
256function appendRequestOriginHeader (request) {
257 // 1. Let serializedOrigin be the result of byte-serializing a request origin
258 // with request.
259 // TODO: implement "byte-serializing a request origin"
260 let serializedOrigin = request.origin
261
262 // - "'client' is changed to an origin during fetching."
263 // This doesn't happen in undici (in most cases) because undici, by default,
264 // has no concept of origin.
265 // - request.origin can also be set to request.client.origin (client being
266 // an environment settings object), which is undefined without using
267 // setGlobalOrigin.
268 if (serializedOrigin === 'client' || serializedOrigin === undefined) {
269 return
270 }
271
272 // 2. If request’s response tainting is "cors" or request’s mode is "websocket",
273 // then append (`Origin`, serializedOrigin) to request’s header list.
274 // 3. Otherwise, if request’s method is neither `GET` nor `HEAD`, then:
275 if (request.responseTainting === 'cors' || request.mode === 'websocket') {
276 request.headersList.append('origin', serializedOrigin, true)
277 } else if (request.method !== 'GET' && request.method !== 'HEAD') {
278 // 1. Switch on request’s referrer policy:
279 switch (request.referrerPolicy) {
280 case 'no-referrer':
281 // Set serializedOrigin to `null`.
282 serializedOrigin = null
283 break
284 case 'no-referrer-when-downgrade':
285 case 'strict-origin':
286 case 'strict-origin-when-cross-origin':
287 // If request’s origin is a tuple origin, its scheme is "https", and
288 // request’s current URL’s scheme is not "https", then set
289 // serializedOrigin to `null`.
290 if (request.origin && urlHasHttpsScheme(request.origin) && !urlHasHttpsScheme(requestCurrentURL(request))) {
291 serializedOrigin = null
292 }
293 break
294 case 'same-origin':
295 // If request’s origin is not same origin with request’s current URL’s
296 // origin, then set serializedOrigin to `null`.
297 if (!sameOrigin(request, requestCurrentURL(request))) {
298 serializedOrigin = null
299 }
300 break
301 default:
302 // Do nothing.
303 }
304
305 // 2. Append (`Origin`, serializedOrigin) to request’s header list.
306 request.headersList.append('origin', serializedOrigin, true)
307 }
308}
309
310// https://w3c.github.io/hr-time/#dfn-coarsen-time
311function coarsenTime (timestamp, crossOriginIsolatedCapability) {

Callers 1

httpNetworkOrCacheFetchFunction · 0.70

Calls 4

urlHasHttpsSchemeFunction · 0.70
requestCurrentURLFunction · 0.70
sameOriginFunction · 0.70
appendMethod · 0.45

Tested by

no test coverage detected