forked from waja/action-debian-package
152 lines
4 KiB
JavaScript
152 lines
4 KiB
JavaScript
'use strict'
|
|
|
|
const { MessageChannel, receiveMessageOnPort } = require('worker_threads')
|
|
|
|
const corsSafeListedMethods = ['GET', 'HEAD', 'POST']
|
|
const corsSafeListedMethodsSet = new Set(corsSafeListedMethods)
|
|
|
|
const nullBodyStatus = [101, 204, 205, 304]
|
|
|
|
const redirectStatus = [301, 302, 303, 307, 308]
|
|
const redirectStatusSet = new Set(redirectStatus)
|
|
|
|
// https://fetch.spec.whatwg.org/#block-bad-port
|
|
const badPorts = [
|
|
'1', '7', '9', '11', '13', '15', '17', '19', '20', '21', '22', '23', '25', '37', '42', '43', '53', '69', '77', '79',
|
|
'87', '95', '101', '102', '103', '104', '109', '110', '111', '113', '115', '117', '119', '123', '135', '137',
|
|
'139', '143', '161', '179', '389', '427', '465', '512', '513', '514', '515', '526', '530', '531', '532',
|
|
'540', '548', '554', '556', '563', '587', '601', '636', '989', '990', '993', '995', '1719', '1720', '1723',
|
|
'2049', '3659', '4045', '5060', '5061', '6000', '6566', '6665', '6666', '6667', '6668', '6669', '6697',
|
|
'10080'
|
|
]
|
|
|
|
const badPortsSet = new Set(badPorts)
|
|
|
|
// https://w3c.github.io/webappsec-referrer-policy/#referrer-policies
|
|
const referrerPolicy = [
|
|
'',
|
|
'no-referrer',
|
|
'no-referrer-when-downgrade',
|
|
'same-origin',
|
|
'origin',
|
|
'strict-origin',
|
|
'origin-when-cross-origin',
|
|
'strict-origin-when-cross-origin',
|
|
'unsafe-url'
|
|
]
|
|
const referrerPolicySet = new Set(referrerPolicy)
|
|
|
|
const requestRedirect = ['follow', 'manual', 'error']
|
|
|
|
const safeMethods = ['GET', 'HEAD', 'OPTIONS', 'TRACE']
|
|
const safeMethodsSet = new Set(safeMethods)
|
|
|
|
const requestMode = ['navigate', 'same-origin', 'no-cors', 'cors']
|
|
|
|
const requestCredentials = ['omit', 'same-origin', 'include']
|
|
|
|
const requestCache = [
|
|
'default',
|
|
'no-store',
|
|
'reload',
|
|
'no-cache',
|
|
'force-cache',
|
|
'only-if-cached'
|
|
]
|
|
|
|
// https://fetch.spec.whatwg.org/#request-body-header-name
|
|
const requestBodyHeader = [
|
|
'content-encoding',
|
|
'content-language',
|
|
'content-location',
|
|
'content-type',
|
|
// See https://github.com/nodejs/undici/issues/2021
|
|
// 'Content-Length' is a forbidden header name, which is typically
|
|
// removed in the Headers implementation. However, undici doesn't
|
|
// filter out headers, so we add it here.
|
|
'content-length'
|
|
]
|
|
|
|
// https://fetch.spec.whatwg.org/#enumdef-requestduplex
|
|
const requestDuplex = [
|
|
'half'
|
|
]
|
|
|
|
// http://fetch.spec.whatwg.org/#forbidden-method
|
|
const forbiddenMethods = ['CONNECT', 'TRACE', 'TRACK']
|
|
const forbiddenMethodsSet = new Set(forbiddenMethods)
|
|
|
|
const subresource = [
|
|
'audio',
|
|
'audioworklet',
|
|
'font',
|
|
'image',
|
|
'manifest',
|
|
'paintworklet',
|
|
'script',
|
|
'style',
|
|
'track',
|
|
'video',
|
|
'xslt',
|
|
''
|
|
]
|
|
const subresourceSet = new Set(subresource)
|
|
|
|
/** @type {globalThis['DOMException']} */
|
|
const DOMException = globalThis.DOMException ?? (() => {
|
|
// DOMException was only made a global in Node v17.0.0,
|
|
// but fetch supports >= v16.8.
|
|
try {
|
|
atob('~')
|
|
} catch (err) {
|
|
return Object.getPrototypeOf(err).constructor
|
|
}
|
|
})()
|
|
|
|
let channel
|
|
|
|
/** @type {globalThis['structuredClone']} */
|
|
const structuredClone =
|
|
globalThis.structuredClone ??
|
|
// https://github.com/nodejs/node/blob/b27ae24dcc4251bad726d9d84baf678d1f707fed/lib/internal/structured_clone.js
|
|
// structuredClone was added in v17.0.0, but fetch supports v16.8
|
|
function structuredClone (value, options = undefined) {
|
|
if (arguments.length === 0) {
|
|
throw new TypeError('missing argument')
|
|
}
|
|
|
|
if (!channel) {
|
|
channel = new MessageChannel()
|
|
}
|
|
channel.port1.unref()
|
|
channel.port2.unref()
|
|
channel.port1.postMessage(value, options?.transfer)
|
|
return receiveMessageOnPort(channel.port2).message
|
|
}
|
|
|
|
module.exports = {
|
|
DOMException,
|
|
structuredClone,
|
|
subresource,
|
|
forbiddenMethods,
|
|
requestBodyHeader,
|
|
referrerPolicy,
|
|
requestRedirect,
|
|
requestMode,
|
|
requestCredentials,
|
|
requestCache,
|
|
redirectStatus,
|
|
corsSafeListedMethods,
|
|
nullBodyStatus,
|
|
safeMethods,
|
|
badPorts,
|
|
requestDuplex,
|
|
subresourceSet,
|
|
badPortsSet,
|
|
redirectStatusSet,
|
|
corsSafeListedMethodsSet,
|
|
safeMethodsSet,
|
|
forbiddenMethodsSet,
|
|
referrerPolicySet
|
|
}
|