diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/bun.js/bindings/webcore/FetchHeaders.cpp | 18 | ||||
| -rw-r--r-- | src/bun.js/bindings/webcore/HTTPHeaderMap.h | 2 | ||||
| -rw-r--r-- | src/bun.js/bindings/webcore/HTTPParsers.cpp | 60 |
3 files changed, 42 insertions, 38 deletions
diff --git a/src/bun.js/bindings/webcore/FetchHeaders.cpp b/src/bun.js/bindings/webcore/FetchHeaders.cpp index 7834836c7..9d8572faf 100644 --- a/src/bun.js/bindings/webcore/FetchHeaders.cpp +++ b/src/bun.js/bindings/webcore/FetchHeaders.cpp @@ -46,8 +46,6 @@ static ExceptionOr<bool> canWriteHeader(const HTTPHeaderName name, const String& return Exception { TypeError, makeString("Header '", name, "' has invalid value: '", value, "'") }; if (guard == FetchHeaders::Guard::Immutable) return Exception { TypeError, "Headers object's guard is 'immutable'"_s }; - if (guard == FetchHeaders::Guard::RequestNoCors && !combinedValue.isEmpty()) - return false; return true; } @@ -60,12 +58,6 @@ static ExceptionOr<bool> canWriteHeader(const String& name, const String& value, return Exception { TypeError, makeString("Header '", name, "' has invalid value: '", value, "'") }; if (guard == FetchHeaders::Guard::Immutable) return Exception { TypeError, "Headers object's guard is 'immutable'"_s }; - if (guard == FetchHeaders::Guard::Request && isForbiddenHeaderName(name)) - return false; - if (guard == FetchHeaders::Guard::RequestNoCors && !combinedValue.isEmpty() && !isSimpleHeader(name, combinedValue)) - return false; - if (guard == FetchHeaders::Guard::Response && isForbiddenResponseHeaderName(name)) - return false; return true; } @@ -173,6 +165,16 @@ ExceptionOr<void> FetchHeaders::fill(const Init& headerInit) ExceptionOr<void> FetchHeaders::fill(const FetchHeaders& otherHeaders) { + if (this->size() == 0) { + HTTPHeaderMap headers; + headers.commonHeaders().appendVector(otherHeaders.m_headers.commonHeaders()); + headers.uncommonHeaders().appendVector(otherHeaders.m_headers.uncommonHeaders()); + headers.getSetCookieHeaders().appendVector(otherHeaders.m_headers.getSetCookieHeaders()); + setInternalHeaders(WTFMove(headers)); + m_updateCounter++; + return {}; + } + for (auto& header : otherHeaders.m_headers) { auto result = appendToHeaderMap(header, m_headers, m_guard); if (result.hasException()) diff --git a/src/bun.js/bindings/webcore/HTTPHeaderMap.h b/src/bun.js/bindings/webcore/HTTPHeaderMap.h index 0e4d9b565..e96e31f86 100644 --- a/src/bun.js/bindings/webcore/HTTPHeaderMap.h +++ b/src/bun.js/bindings/webcore/HTTPHeaderMap.h @@ -220,10 +220,12 @@ public: template<size_t length> bool remove(const char (&)[length]) = delete; const Vector<String, 0> &getSetCookieHeaders() const { return m_setCookieHeaders; } + const CommonHeadersVector &commonHeaders() const { return m_commonHeaders; } const UncommonHeadersVector &uncommonHeaders() const { return m_uncommonHeaders; } CommonHeadersVector &commonHeaders() { return m_commonHeaders; } UncommonHeadersVector &uncommonHeaders() { return m_uncommonHeaders; } + Vector<String, 0> &getSetCookieHeaders() { return m_setCookieHeaders; } const_iterator begin() const { return const_iterator(*this, m_commonHeaders.begin(), m_uncommonHeaders.begin(), m_setCookieHeaders.begin()); } const_iterator end() const { return const_iterator(*this, m_commonHeaders.end(), m_uncommonHeaders.end(), m_setCookieHeaders.end()); } diff --git a/src/bun.js/bindings/webcore/HTTPParsers.cpp b/src/bun.js/bindings/webcore/HTTPParsers.cpp index d3e4d4c3a..cb4985281 100644 --- a/src/bun.js/bindings/webcore/HTTPParsers.cpp +++ b/src/bun.js/bindings/webcore/HTTPParsers.cpp @@ -996,36 +996,36 @@ bool isCrossOriginSafeRequestHeader(HTTPHeaderName name, const String& value) if (value.length() > 128) return false; - switch (name) { - case HTTPHeaderName::Accept: - if (!isValidAcceptHeaderValue(value)) - return false; - break; - case HTTPHeaderName::AcceptLanguage: - case HTTPHeaderName::ContentLanguage: - if (!isValidLanguageHeaderValue(value)) - return false; - break; - case HTTPHeaderName::ContentType: { - // Preflight is required for MIME types that can not be sent via form submission. - if (containsCORSUnsafeRequestHeaderBytes(value)) - return false; - auto parsedContentType = ParsedContentType::create(value); - if (!parsedContentType) - return false; - String mimeType = parsedContentType->mimeType(); - if (!(equalLettersIgnoringASCIICase(mimeType, "application/x-www-form-urlencoded"_s) || equalLettersIgnoringASCIICase(mimeType, "multipart/form-data"_s) || equalLettersIgnoringASCIICase(mimeType, "text/plain"_s))) - return false; - break; - } - case HTTPHeaderName::Range: - if (!isSimpleRangeHeaderValue(value)) - return false; - break; - default: - // FIXME: Should we also make safe other headers (DPR, Downlink, Save-Data...)? That would require validating their values. - return false; - } + // switch (name) { + // case HTTPHeaderName::Accept: + // if (!isValidAcceptHeaderValue(value)) + // return false; + // break; + // case HTTPHeaderName::AcceptLanguage: + // case HTTPHeaderName::ContentLanguage: + // if (!isValidLanguageHeaderValue(value)) + // return false; + // break; + // case HTTPHeaderName::ContentType: { + // // Preflight is required for MIME types that can not be sent via form submission. + // if (containsCORSUnsafeRequestHeaderBytes(value)) + // return false; + // auto parsedContentType = ParsedContentType::create(value); + // if (!parsedContentType) + // return false; + // String mimeType = parsedContentType->mimeType(); + // if (!(equalLettersIgnoringASCIICase(mimeType, "application/x-www-form-urlencoded"_s) || equalLettersIgnoringASCIICase(mimeType, "multipart/form-data"_s) || equalLettersIgnoringASCIICase(mimeType, "text/plain"_s))) + // return false; + // break; + // } + // case HTTPHeaderName::Range: + // if (!isSimpleRangeHeaderValue(value)) + // return false; + // break; + // default: + // // FIXME: Should we also make safe other headers (DPR, Downlink, Save-Data...)? That would require validating their values. + // return false; + // } return true; } |