feat: allow setting the Origin header and Sec-Fetch-* headers in net.request() #26135
Conversation
004fd74 to
e1b1a7a
Compare
spec-main/api-net-spec.ts
Outdated
| }); | ||
|
|
||
| ['navigate', 'cors', 'no-cors', 'same-origin'].forEach((mode) => { | ||
| it('should set sec-fetch-mode if requested', async () => { |
There was a problem hiding this comment.
| it('should set sec-fetch-mode if requested', async () => { | |
| it(`should set sec-fetch-mode to ${mode} if requested`, async () => { |
spec-main/api-net-spec.ts
Outdated
| 'report', 'script', 'serviceworker', 'style', 'track', 'video', | ||
| 'worker', 'xslt' | ||
| ].forEach((dest) => { | ||
| it('should set sec-fetch-dest if requested', async () => { |
There was a problem hiding this comment.
| it('should set sec-fetch-dest if requested', async () => { | |
| it(`should set sec-fetch-dest to ${dest} if requested`, async () => { |
e1b1a7a to
3703749
Compare
dc93a03 to
26de6bd
Compare
Once this API is approved by wg-api, we can ask wg-releases for approval of backport. |
There was a problem hiding this comment.
Generally speaking we don't backport new features to stable branches unless there's a specific need. Backporting a new feature to a stable branch requires a minor version bump, and it's up to @electron/wg-releases to decide on a case-by-case basis whether to accept a feature backport.
In my opinion (as a non-member of the Releases WG), this feature presents a non-zero but quite small stability risk. Code paths are changed by this PR, but in such a way that it seems quite unlikely to cause any observable behavior change unless the caller is using the added features.
26de6bd to
709bf03
Compare
|
Hi, the cors request always fail with net error -2 and cors error kPreflightWildcardOriginNotAllowed. Do you have any idea what happens for this case? Response of preflight request: |
Ok, figured out this finally. We need backport 0e7d59d(#25284) too to fix this issue for stable branches. |
709bf03 to
2bacdc0
Compare
lib/browser/api/net.ts
Outdated
| @@ -409,6 +410,10 @@ export class ClientRequest extends Writable implements Electron.ClientRequest { | |||
| return ret; | |||
| }; | |||
| this._urlLoaderOptions.referrer = this._urlLoaderOptions.extraHeaders.referer || ''; | |||
| this._urlLoaderOptions.origin = this._urlLoaderOptions.origin || this._urlLoaderOptions.extraHeaders.origin || ''; | |||
There was a problem hiding this comment.
Headers are case insensitive when read by the networking stack but this assumes that origin is lowercase here. To be accurate this should somehow pull origin in a case insensitive way right?
There was a problem hiding this comment.
The header names are stored in lowercase internally. This is another issue we may fix in the future.
setHeader (name: string, value: string) {
...
const key = name.toLowerCase();
this._urlLoaderOptions.extraHeaders[key] = value;
}
There was a problem hiding this comment.
I just go ahead and fixed this issue too.
|
The API WG approved this PR at our Nov 9, 2020 meeting |
e4e0598 to
48c37d8
Compare
The origin of the request should be set if the mode is cors.
48c37d8 to
b8da31e
Compare
|
Release Notes Persisted
|
Description of Change
This pull request is based on #26134. It's possible to reproduce a request send by Chrome Browser with #26134 and this pull request.
Is ok to backport this PR to stable branches, such as 10-x-y?
Checklist
npm testpassesRelease Notes
Notes: Allowed setting the 'Origin' header and Sec-Fetch-* headers in net.request().