(fetchParams, response)
| 13977 | } |
| 13978 | __name(httpFetch, "httpFetch"); |
| 13979 | function httpRedirectFetch(fetchParams, response) { |
| 13980 | const request = fetchParams.request; |
| 13981 | const actualResponse = response.internalResponse ? response.internalResponse : response; |
| 13982 | let locationURL; |
| 13983 | try { |
| 13984 | locationURL = responseLocationURL( |
| 13985 | actualResponse, |
| 13986 | requestCurrentURL(request).hash |
| 13987 | ); |
| 13988 | if (locationURL == null) { |
| 13989 | return response; |
| 13990 | } |
| 13991 | } catch (err) { |
| 13992 | return Promise.resolve(makeNetworkError(err)); |
| 13993 | } |
| 13994 | if (!urlIsHttpHttpsScheme(locationURL)) { |
| 13995 | return Promise.resolve(makeNetworkError("URL scheme must be a HTTP(S) scheme")); |
| 13996 | } |
| 13997 | if (request.redirectCount === 20) { |
| 13998 | return Promise.resolve(makeNetworkError("redirect count exceeded")); |
| 13999 | } |
| 14000 | request.redirectCount += 1; |
| 14001 | if (request.mode === "cors" && (locationURL.username || locationURL.password) && !sameOrigin(request, locationURL)) { |
| 14002 | return Promise.resolve(makeNetworkError('cross origin not allowed for request mode "cors"')); |
| 14003 | } |
| 14004 | if (request.responseTainting === "cors" && (locationURL.username || locationURL.password)) { |
| 14005 | return Promise.resolve(makeNetworkError( |
| 14006 | 'URL cannot contain credentials for request mode "cors"' |
| 14007 | )); |
| 14008 | } |
| 14009 | if (actualResponse.status !== 303 && request.body != null && request.body.source == null) { |
| 14010 | return Promise.resolve(makeNetworkError()); |
| 14011 | } |
| 14012 | if ([301, 302].includes(actualResponse.status) && request.method === "POST" || actualResponse.status === 303 && !GET_OR_HEAD.includes(request.method)) { |
| 14013 | request.method = "GET"; |
| 14014 | request.body = null; |
| 14015 | for (const headerName of requestBodyHeader) { |
| 14016 | request.headersList.delete(headerName); |
| 14017 | } |
| 14018 | } |
| 14019 | if (!sameOrigin(requestCurrentURL(request), locationURL)) { |
| 14020 | request.headersList.delete("authorization", true); |
| 14021 | request.headersList.delete("proxy-authorization", true); |
| 14022 | request.headersList.delete("cookie", true); |
| 14023 | request.headersList.delete("host", true); |
| 14024 | } |
| 14025 | if (request.body != null) { |
| 14026 | assert(request.body.source != null); |
| 14027 | request.body = safelyExtractBody(request.body.source)[0]; |
| 14028 | } |
| 14029 | const timingInfo = fetchParams.timingInfo; |
| 14030 | timingInfo.redirectEndTime = timingInfo.postRedirectStartTime = coarsenedSharedCurrentTime(fetchParams.crossOriginIsolatedCapability); |
| 14031 | if (timingInfo.redirectStartTime === 0) { |
| 14032 | timingInfo.redirectStartTime = timingInfo.startTime; |
| 14033 | } |
| 14034 | request.urlList.push(locationURL); |
| 14035 | setRequestReferrerPolicyOnRedirect(request, actualResponse); |
| 14036 | return mainFetch(fetchParams, true); |
no test coverage detected
searching dependent graphs…