adobe / fetch Goto Github PK

I'd like to use your api however I need an async based cache interface.

Is this something you would consider adding ?

It looks like your cache api isn't exposed so it seems like a feasible option

Description
sometimes I get:

 TypeError: res.headers.raw is not a function

but when I set: cache: 'no-store' it doesn't happen.

(even for PUT requests)

Is your feature request related to a problem? Please describe.
fetch-h2, the current underlying Fetch API implementation, has a serious scalability bottleneck: Parallel requests to the same HTTP/2 origin are effectively serialised, thus defeating the purpose of HTTP/2 Multiplexing. See #14.

Describe the solution you'd like
A. Replacing fetch-h2 with another Fetch API implementation which transparently supports HTTP/1(.1) and HTTP/2 and which provides better scalability for parallel requests. node-fetch-h2 seems to be a good candidate.

B. Alternatively, implement the relevant parts of the Fetch API and write a simple abstraction of the builtin http, https and http2 modules tailored to our needs.

Describe alternatives you've considered
I've created a fetch-h2 issue and looked into creating a PR. The code however is hardly documented and the flow hard to follow. The maintainer doesn't seem to be very responsive either.

Is your feature request related to a problem? Please describe.
Currently an in-memory cache with LRU eviction policy is used with a hardcoded max_entries limit.

Describe the solution you'd like
It should be possible to configure the cache with a size limit, i.e. the maximum amount of memory used by the cached entries. While it won't be possible to calculate an exact heap memory footprint an approximation should be fine.

Description

async function testFetch() {
  const context = fetchAPI.context({
    // httpProtocol: 'http1',
    // httpsProtocols: ['http1'],
  });
  try {
    const resp = await context.fetch('https://httpbin.org/post', {
      method: 'post',
      headers: {
        accept: 'application/json',
      }
    });
    console.log(resp.status);
    const text = await resp.text();
    return {
      statusCode: 200,
      body: text,
    };
  } finally {
    await context.disconnectAll();
  }
}

produces:

Error [ERR_HTTP2_STREAM_ERROR]: Stream closed with error code NGHTTP2_PROTOCOL_ERROR
    at ClientHttp2Stream._destroy (internal/http2/core.js:2095:13)
    at ClientHttp2Stream.destroy (internal/streams/destroy.js:37:8)
    at ClientHttp2Stream.[kMaybeDestroy] (internal/http2/core.js:2111:12)
    at Http2Stream.onStreamClose [as onstreamclose] (internal/http2/core.js:479:26)

Additional context
after forcing http1, it works.

Description

  const { fetch } = require('@adobe/helix-fetch');

  const method = 'PATCH';
  const body = { foo: 'bar' };
  const resp = await fetch('https://httpbin.org/patch', { method, body });

doesn't work

🚨 The automated release from the 3.x branch failed. 🚨

I recommend you give this issue a high priority, so other packages depending on you can benefit from your bug fixes and new features again.

You can find below the list of errors reported by semantic-release. Each one of them has to be resolved in order to automatically publish your package. I’m sure you can fix this 💪.

Errors are usually caused by a misconfiguration or an authentication problem. With each error reported below you will find explanation and guidance to help you to resolve it.

Once all the errors are resolved, semantic-release will release your package the next time you push a commit to the 3.x branch. You can also manually restart the failed CI job that runs semantic-release.

If you are not sure how to resolve this, here are some links that can help you:

• Usage documentation
• Frequently Asked Questions
• Support channels

If those don’t help, or if this issue is reporting something you think isn’t right, you can always ask the humans behind semantic-release.

The release 3.4.0 on branch 3.x cannot be published as it is out of range.

Based on the releases published on other branches, only versions within the range >=3.3.1 <3.4.0 can be published from branch 3.x.

The following commits are responsible for the invalid release:

• fix: branch release (4895d43)
• fix: branch release (4f1782e)
• feat: force new 3.x release (cb7be50)
• chore(deps): update external fixes (bb901c2)
• chore(deps): update external fixes (#340) (75c5d81)
• build(deps): bump json5 from 1.0.1 to 1.0.2 (#335) (566d164)
• chore(deps): update dependency husky to v8.0.3 (#334) (4628278)
• chore(deps): update dependency eslint to v8.31.0 (899cfe2)

Those commits should be moved to a valid branch with git merge or git cherry-pick and removed from branch 3.x with git revert or git reset.

A valid branch could be main.

See the workflow configuration documentation for more details.

Good luck with your project ✨

Your semantic-release bot 📦🚀

Description
when fetching content from a http2 server that sends redirects, the process just quits. no error, no trace, nothing.

when forcing http1, it works.

To Reproduce

async function testFetch() {
  const context = fetchAPI.context({
    // httpProtocol: 'http1',
    // httpsProtocols: ['http1'],
  });
  try {
    console.log('fetching....');
    const resp = await context.fetch('https://embed.spotify.com/?uri=spotify:artist:4gzpq5DPGxSnKTe4SA8HAU', {
      redirect: 'follow',
    });
    console.log(resp.ok, resp.status, resp.headers);

    console.log(await resp.text());
  } catch (e) {
    console.error(e);
    throw e;
  } finally {
    await context.disconnectAll();
  }
}

the url above sends the 2 redirects:

$ curl -I "https://embed.spotify.com/?uri=spotify:artist:4gzpq5DPGxSnKTe4SA8HAU"
HTTP/2 302
server: envoy
date: Thu, 28 May 2020 02:00:38 GMT
content-type: text/html
content-length: 154
location: https://open.spotify.com/embed/?uri=spotify:artist:4gzpq5DPGxSnKTe4SA8HAU
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: clear

$ curl -I "https://open.spotify.com/embed/?uri=spotify:artist:4gzpq5DPGxSnKTe4SA8HAU"
HTTP/2 301
server: envoy
date: Thu, 28 May 2020 02:00:52 GMT
content-type: text/html
content-length: 178
location: https://open.spotify.com/embed?uri=spotify:artist:4gzpq5DPGxSnKTe4SA8HAU
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: clear

$ curl -I "https://open.spotify.com/embed?uri=spotify:artist:4gzpq5DPGxSnKTe4SA8HAU"
HTTP/2 200
server: envoy
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
...

Is your feature request related to a problem? Please describe.
helix-fetch is transparently using the built-in http, https and http2 modules und the hood. The majority of testing tools like nock or pollyjs however only support the http/https modules.

Describe the solution you'd like
Provide an option to force e.g. the HTTP/1(.1) protocol.

Additional context
adobe/helix-pipeline#592 (comment)

Description

import { ALPNProtocol, context } from '@adobe/fetch';

const ctx = context({
    alpnProtocols: [ALPNProtocol.ALPN_HTTP1_1],
});

When transpiled into JS, this generates an error:

TypeError: Cannot read properties of undefined (reading 'ALPN_HTTP1_1')

This happens because the alpnProtocols line gets transpiled like this:

alpnProtocols: [fetch_1.ALPNProtocol.ALPN_HTTP1_1],

which is obviously incorrect.

To Reproduce

Please see above.

Expected behavior

• No error message
• ALPNProtocol.ALPN_HTTP1_1 gets transpiled as "http/1.1"

Version: 3.2.1

Additional context

• https://www.typescriptlang.org/docs/handbook/enums.html#enums-at-runtime
• https://www.typescriptlang.org/docs/handbook/enums.html#const-enums

Description
with the fix of #310 appending a value to the vary header creates an array, which is not expected, as the vary header is never a multi header.

reproduce

    const resp = new Response('Hello, world.', {
      headers: {
        vary: 'x-test-header',
      },
    });

    resp.headers.append('vary', 'content-encoding');

Is your feature request related to a problem? Please describe.
AbortController is part of the DOM Living standard. It allows to abort an in-progress fetch operation in a standard way via the signal option. Specifically it allows to apply a timeout to a fetch operation in a standard-compliant portable way.

Describe the solution you'd like
Export AbortController, AbortError and optionally a small helper timeoutSignal for specifying a timeout signal to support the following code snippets:

const { fetch, AbortController, AbortError } = require('@adobe/helix-fetch`);

const controller = new AbortController();
setTimeout(() => controller.abort(), 1000);

try {
  await fetch('https://httpbin.org/delay/2', { signal: controller.signal });
} catch (err) {
  if (err instanceof AbortError) {
    console.log('fetch timed out');
  }
}

or shorter:

const { fetch, timeoutSignal, AbortError } = require('@adobe/helix-fetch`);

try {
  await fetch('https://httpbin.org/delay/2', { signal: timeoutSignal(1000) });
} catch (err) {
  if (err instanceof AbortError) {
    console.log('fetch timed out');
  }
}

The existing non-standard timeout option and TimeoutError should be deprecated.

Additional context
Abortable fetch
fetch timeout discussion

Description
When I run a test to verify that the timeout option works, the process hangs if the timeout occurs.

To Reproduce
run:

const assert = require('assert');
const nock = require('nock');
const fetchAPI = require('@adobe/helix-fetch');

async function run() {
  nock('https://www.example.com')
    .get('/test.html')
    .delay(2000)
    .reply(200, 'foo');

  // create own context and disable http2
  const context = fetchAPI.context({
    httpProtocol: 'http1',
    httpsProtocols: ['http1'],
  });
  try {
    const resp = await context.fetch('https://www.example.com/test.html', {
      cache: 'no-store',
      redirect: 'follow',
      timeout: 1000,
    });
    const text = await resp.text();
    console.log(resp.ok, resp.status, resp.headers, text);
    assert.fail('should timeout');
  } catch (e) {
    console.error(e);
    assert.equal(e.message, 'GET https://www.example.com/test.html timed out after 1000 ms');
  } finally {
    // await context.disconnectAll();
  }
}

run().catch(console.error);

Expected behavior
don't know if this is expected. but the process hangs for a while.
calling context.disconnectAll() solves the problem.

Description
When a server returns more than one set-cookie response headers, the response.headers.get('set-cookie') will return one value, where all values are concatenated by commas.

To Reproduce
Steps to reproduce the behavior:

1. Fetch a URL from a server that returns multiple set-cookie headers, e.g. https://www.dropbox.com
2. Look at the value of response.headers.get('set-cookie')
3. When the response looks like this in curl:

set-cookie:  gvc=MjM0MDU4MTU5Nzg3MzE0MzE2Nzk4NTk1MDA0NDkxMTk5NTEzNTc2; expires=Sun, 10 Oct 2027 13:36:25 GMT; HttpOnly; Path=/; SameSite=None; Secure
set-cookie:  t=lTCMMujd5gvO17wv9zPLRrvC; Domain=dropbox.com; expires=Fri, 10 Oct 2025 13:36:24 GMT; HttpOnly; Path=/; SameSite=None; Secure
set-cookie:  __Host-js_csrf=lTCMMujd5gvO17wv9zPLRrvC; expires=Fri, 10 Oct 2025 13:36:24 GMT; Path=/; SameSite=None; Secure
set-cookie:  __Host-ss=jtJon8XHjQ; expires=Fri, 10 Oct 2025 13:36:24 GMT; HttpOnly; Path=/; SameSite=Strict; Secure
set-cookie:  locale=en; Domain=dropbox.com; expires=Sun, 10 Oct 2027 13:36:25 GMT; Path=/; SameSite=None; Secure

you'll notice that response.headers.get('set-cookie') looks like this (line feeds added for readibility):

gvc=MjM0MDU4MTU5Nzg3MzE0MzE2Nzk4NTk1MDA0NDkxMTk5NTEzNTc2; 
expires=Sun, 10 Oct 2027 13:36:25 GMT; HttpOnly; Path=/; SameSite=None;
Secure,t=lTCMMujd5gvO17wv9zPLRrvC; ... (rest omitted)

Using a standard cookie parser, it will report that there's a Secure,t cookie, because it is unable to determine that the former is a flag for the first gvc cookie.

Expected behavior
It should be possible to parse the cookies received, either by getting the initial N values for that header or by using a different delimiter.

Description
I didn't verify this, but based on the code, the following is possible:

new Response('foo', {
  headers: {
    bar: [ 1, 2, 3],
  }
});

according to https://fetch.spec.whatwg.org/#dom-headers-set, this should throw an error.

Description
In my test suite, I'm using @adobe/helix-fetch and its timeoutSignal to abort requests that exceed 20 seconds. If I run one of my tests isolated (with npx mocha -g '...', I notice that the test succeeds, but the node process keeps running for about 20 seconds. If I avoid the call to timeoutSignal, the node process terminates immediately after executing the test.

To Reproduce
Steps to reproduce the behavior:

1. Create a test that fetches some page with @adobe/helix-fetch
2. Optionally, nock that request, so it executes even faster
3. Add a timeoutSignal with a timeout of at least 20 seconds
4. Run the test isolated with npx mocha -g '...', the process will appear to hang after the test has executed.

Interestingly, this behaviour cannot be reproduced when running the test with it.only.

Expected behavior
Node process should exit when the test has been executed.

Version:
2.2.1

Additional context

Description
I use AbortController to control fetch timeout.
AbortError catched but nodejs still exit.
I tested it, not every timeout will crash the process.
Do I need to try-cathc the controller.abort() call?
I used it according to this example: https://github.com/adobe/helix-fetch#specify-a-timeout-for-a-fetch-operation

Expected behavior
process do not crash

Version:
"@adobe/helix-fetch": "^3.0.0"
nodejs v16.13.0

Log:

[2022/1/1 22:01:36][error] fetch data error: AbortError - fetching: The operation was aborted.
[2022/1/1 22:01:36][info] retry after 10s
D:\proj\node_modules\@adobe\helix-fetch\src\core\h2.js:235
      reject(new RequestAbortedError());
             ^
RequestAbortedError
    at EventEmitter.onAbortSignal (D:\proj\node_modules\@adobe\helix-fetch\src\core\h2.js:235:14)
    at EventEmitter.emit (node:events:390:28)
    at EventEmitter.emit (node:domain:475:12)
    at AbortSignal.dispatchEvent (D:\proj\node_modules\@adobe\helix-fetch\src\fetch\abort.js:67:41)
    at AbortSignal.fire (D:\proj\node_modules\@adobe\helix-fetch\src\fetch\abort.js:72:10)
    at AbortController.abort (D:\proj\node_modules\@adobe\helix-fetch\src\fetch\abort.js:137:39)
    at Timeout._onTimeout (D:\proj\src\utils\fetch.ts:44:49)
    at listOnTimeout (node:internal/timers:557:17)
    at processTimers (node:internal/timers:500:7)

Code:

const defaultTimeout = 30 * 1000
const defaultFetch = newFetchContext()
interface TimeoutRequestOptions extends RequestOptions {
    timeout?: number
}
export async function fetchWithTimeout(url: string, options: TimeoutRequestOptions = {}): Promise<Response> {
    const controller = new helixFetch.AbortController()
    const timerId = setTimeout(() => controller.abort(), options.timeout ? options.timeout : defaultTimeout)

    try {
        options.signal = controller.signal
        const response = await defaultFetch.fetch(url, options)
        return response
    } catch (err) {
        if (err.name === 'RequestAbortedError') {
            err = new Error('Fetch Timeout')             **<-- NOT HAPPEN.** 
        }
        throw err
    } finally {
        clearTimeout(timerId)
    }
}

call stack this:
while(true) {
    try {
        try {
            fetchWithTimeout(someUrl)
        } catch(e) {
            e.message = `fetching: ${e.message}`
            throw e
        }
    } catch(err) {
        logger.error('fetch data error: %s - %s', err.name, err.message)
        logger.info('retry after 10s')
        sleep(10s)
    }

    sleep(someTime)
}

Description
After a cached Http2Session gets discarded (due to an error, e.g. ECONNRESET, or idleSessionTimeout) in rare occasions subsequent Http/2 requests to the same host may encounter errors like ERR_HTTP2_SOCKET_BOUND, ERR_STREAM_DESTROYED or similar.

To Reproduce
Difficult to reproduce reliably

Description
A clear and concise description of what the bug is.

To Reproduce
Steps to reproduce the behavior:

1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Version:
run: $ hlx --version

Additional context
Add any other context about the problem here.

Description
it looks like the sockets are not closed when the body is not consumed; despite a call to disconnect all.

To Reproduce

const fetchAPI = require('@adobe/helix-fetch');

async function request(context, error) {
  const resp = await context.fetch('https://adobeioruntime.net/api/v1/web/helix/helix-services/word2md@v1?path=%2Fdefault.md&shareLink=https%3A%2F%2Fadobe.sharepoint.com%2Fsites%2FTheBlog%2FShared%2520Documents%2Ftheblog&rid=VqNCOOblZXzBlnpLTvgG39uWoAIrGDWF&src=adobe%2Ftheblog%2Fdd25127aa92f65fda6a0927ed3fb00bf5dcea069', {
    headers: {
      accept: 'application/json',
    }
  });
  if (error) {
    throw error;
  }
  const text = await resp.text();
  console.log(resp.status, text);
}

async function run() {
  const context = fetchAPI.context({});
  try {
    await request(context);
    await request(context, new Error('user error'));
  } finally {
    await context.disconnectAll();
  }
}
run().catch(console.error);

$ node src/simple.js
404 Error while converting document
Error: user error
    at run (src/simple.js:36:28)
    at processTicksAndRejections (internal/process/task_queues.js:97:5)
...(process hangs)...

Note

adding keepAlive: false seems to solve the problem:

  const context = fetchAPI.context({
    http1: {
      keepAlive: false,
    },
  });

Is your feature request related to a problem? Please describe.
helix-fetch uses a transparent default context which encapsulates the cache and provides options for the underlying fetch-h2 module. It's currently not possible to customise the helix-fetch context (e.g. cache limits, separate isolated caches, default protocols etc).

Describe the solution you'd like
helix-fetch should expose the context creation in order to allow different fetch configurations.

Additional context
Related issues:

• #8
• #9

allow something like

qs: {
name: ['foo', 'bar']
}

Description
when issuing several requests at once, they all return the same response, if the hostname resolves to the same IP.

• switching to http1 solves the problem
• adding an explicit host header solves the problem.

To Reproduce
run the following:

const { fetch } = require('@adobe/helix-fetch').context({
  // httpProtocol: 'http1',
  // httpsProtocols: ['http1'],
});
const crypto = require('crypto');

async function request(url) {
  console.log('requesting', url)
  const res = await fetch(url, {
    // headers: {
    //   host: new URL(url).hostname,
    // },
    cache: 'no-store',
  });
  const data = await res.text();
  const md5 = crypto.createHash('md5').update(data).digest().toString('hex');
  console.log('result', url, 'md5=', md5, res.headers.raw());
}

async function run() {
  await Promise.all([
    request('https://lr-landing-davidnuescheler.project-helix.page/'),
    request('https://n2-davidnuescheler.hlx.page/index.html'),
    request('https://theblog--adobe.hlx.page/index.html'),
  ]);
}

run().catch(console.error);

result:

$ node index.js
requesting https://lr-landing-davidnuescheler.project-helix.page/
requesting https://n2-davidnuescheler.hlx.page/index.html
requesting https://theblog--adobe.hlx.page/index.html
result https://theblog--adobe.hlx.page/index.html md5= 22971378ba99ace7ba88e6474e7e0c04 { 'cache-control': 'max-age=604800, must-revalidate, private',
  'content-type': 'text/html; charset=UTF-8',
  link:
   '<https://lr-landing-davidnuescheler.project-helix.page/index.html>; rel="canonical"',
  date: 'Thu, 11 Jun 2020 05:18:39 GMT',
  age: '0',
  vary: 'X-Debug,X-Strain,X-Request-Type',
  'strict-transport-security': 'max-age=31536000',
  'x-version': '332; src=332; cli=5.8.2; rev=online' }
result https://n2-davidnuescheler.hlx.page/index.html md5= 22971378ba99ace7ba88e6474e7e0c04 { 'cache-control': 'max-age=604800, must-revalidate, private',
  'content-type': 'text/html; charset=UTF-8',
  link:
   '<https://lr-landing-davidnuescheler.project-helix.page/index.html>; rel="canonical"',
  date: 'Thu, 11 Jun 2020 05:18:39 GMT',
  age: '0',
  vary: 'X-Debug,X-Strain,X-Request-Type',
  'strict-transport-security': 'max-age=31536000',
  'x-version': '332; src=332; cli=5.8.2; rev=online' }
result https://lr-landing-davidnuescheler.project-helix.page/ md5= 22971378ba99ace7ba88e6474e7e0c04 { 'cache-control': 'max-age=604800, must-revalidate, private',
  'content-type': 'text/html; charset=UTF-8',
  link:
   '<https://lr-landing-davidnuescheler.project-helix.page/index.html>; rel="canonical"',
  date: 'Thu, 11 Jun 2020 05:18:39 GMT',
  age: '0',
  vary: 'X-Debug,X-Strain,X-Request-Type',
  'strict-transport-security': 'max-age=31536000',
  'x-version': '332; src=332; cli=5.8.2; rev=online' }

🚨 The automated release from the master branch failed. 🚨

I recommend you give this issue a high priority, so other packages depending on you could benefit from your bug fixes and new features.

You can find below the list of errors reported by semantic-release. Each one of them has to be resolved in order to automatically publish your package. I’m sure you can resolve this 💪.

Errors are usually caused by a misconfiguration or an authentication problem. With each error reported below you will find explanation and guidance to help you to resolve it.

Once all the errors are resolved, semantic-release will release your package the next time you push a commit to the master branch. You can also manually restart the failed CI job that runs semantic-release.

If you are not sure how to resolve this, here is some links that can help you:

• Usage documentation
• Frequently Asked Questions
• Support channels

If those don’t help, or if this issue is reporting something you think isn’t right, you can always ask the humans behind semantic-release.

Invalid npm token.

The npm token configured in the NPM_TOKEN environment variable must be a valid token allowing to publish to the registry https://registry.npmjs.org/.

If you are using Two-Factor Authentication, make configure the auth-only level is supported. semantic-release cannot publish with the default auth-and-writes level.

Please make sure to set the NPM_TOKEN environment variable in your CI with the exact value of the npm token.

Good luck with your project ✨

Your semantic-release bot 📦🚀

Needed for adobe/helix-logging#450 - URL encoded form data is needed, multipart form data is optional.

Is your feature request related to a problem? Please describe.
Using helix-fetch behind corporate firewalls requires the need to configure proxy settings.

Describe the solution you'd like
In order to give the freedom to the caller how to best implement various setups, helix-fetch should allow to use a custom socket for requests. This enables callers to provide their own socket (e.g. using the tunnel package)

Describe alternatives you've considered
Alternatives would be for helix-fetch to accept some structured proxy settings and sets up all the sockets by itself. Given the variety of configuration options, this would come at a high cost in terms of API surface.

Additional context
We're happy to contribute this and to work with the team on a good path forward to unblock our users.

Description
When doing a POST request with a string passed in as the body, helix-fetch internally converts it to a Readable stream. When an ongoing request is aborted, the body stream is destroyed, sending along an error. The code that normalizes the body to a Readable stream adds a handler for the 'error' event, but currently does so only when the original body was a Readable stream. So if the original body is e.g. a string, then the Readable stream version of it will not have an error handler, and aborting the request will cause it to emit an 'error' event which is never caught, causing e.g. tests of the functionality to fail.

To Reproduce
Steps to reproduce the behavior:

1. run a test where you perform a POST fetch with string data
2. abort the request
3. get an error about an uncaught error, which happens after the test has already finished (this is because destroying the Readable stream schedules the error event on the next tick)

Expected behavior
The error should be caught (or not emitted at all).

Description
It seems that requesting a http/2 server starts to fail, if the DNS of the host changes to a server that doesn't support http/2.
Looking at the code in fetch-h2, it seems that the http/2 sessions are cached by hostname and not by ip.

To Reproduce

not so trivial...

Expected behavior
Ideally, the client wouldn't notice the switch and the request is internally restarted.

ghooks looks like a stale project (last published 4 years ago) and doesn't work with ESM modules. I suggest to switch to husky instead

The Fetch API allows both URLSearchParams and FormData as body. helix-fetch doesn't support it yet.

There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.

Location: config
Error type: Invalid allowedVersions
Message: The following allowedVersions does not parse as a valid version or range: "<15>"

Description
helix-fetch doesn't follow redirects by default. You have to explicitly set the redirect: 'follow' option. According to the Fetch spec redirect: 'follow'should be the implicit default.

To Reproduce

const resp = await fetch('https://httpstat.us/307');
assert.equal(resp.status, 200); // -> fails
assert.equal(resp.redirected, true); // -> fails

Expected behavior
Redirects should be followed by default, i.e. the above example should not fail

Description
the timeout that can be specified in the options only applies to the connection/first-byte response time, but not to the overall response time. if the caller wants to limit the time fetch spends downloading a resource, this is not possible.

To Reproduce

it('handles dripped response', async() => {
  const context = fetchAPI.context({
    // httpProtocol: 'http1',
    // httpsProtocols: ['http1'],
  });
  try {
    const resp = await context.fetch('https://httpbin.org/drip?duration=10&numbytes=10&code=200&delay=1', {
      cache: 'no-store',
      redirect: 'follow',
      timeout: 3000,
    });
    const text = await resp.text();
    console.log(resp.ok, resp.status, resp.headers, text);
    assert.fail('should timeout');
  } catch (e) {
    console.error(e);
    // ok!
  } finally {
    await context.disconnectAll();
  }
}).timeout(5000);

Expected behavior
the request should timeout and the test should pass.

Description

TypeScript build generates "Could not find a declaration file for module './fetch/errors'" error when trying to build a project that uses @adobe/helix-fetch.

To Reproduce

npm init -y
npm i -D typescript @types/node
npm i @adobe/helix-fetch

tsconfig.js:

{
  "compilerOptions": {
    "target": "es2016",
    "module": "commonjs",
    "esModuleInterop": true,
    "strict": true
  }
}

test.ts:

import { fetch } from '@adobe/helix-fetch';

Run tsc:

npx tsc

Expected behavior
No errors reported

Actual behavior

node_modules/@adobe/helix-fetch/src/api.d.ts:13:29 - error TS7016: Could not find a declaration file for module './fetch/errors'. '/test/node_modules/@adobe/helix-fetch/src/fetch/errors.js' implicitly has an 'any' type.

13 import { SystemError } from "./fetch/errors";
                               ~~~~~~~~~~~~~~~~


Found 1 error.

Version:
run: $ hlx --version: Command 'hlx' not found

npm ls @adobe/helix-fetch: @adobe/[email protected]

Additional information

When tsc sees import { SystemError } from "./fetch/errors", it expects to find at ./fetch/errors.ts or ./fetch/errors.d.ts, but neither exists. Moreover, SystemError does not exist in ./fetch/errors.js:

/test/node_modules/@adobe/helix-fetch/src$ grep class fetch/errors.js
/* eslint-disable max-classes-per-file */
class FetchBaseError extends Error {
class FetchError extends FetchBaseError {
class AbortError extends FetchBaseError {

Description
POST requests which are redirected by the server fail with an error.

To Reproduce

const method = 'POST';
const json = { foo: 'bar' };
const resp = await fetch('https://httpstat.us/307', { method, json });
// => Error: URL got redirected to https://httpstat.us/, which 'fetch-h2' doesn't support for POST

Expected behavior
POST requests should be redirected.

Workaround

const method = 'POST';
const json = { foo: 'bar' };
let resp = await fetch('https://httpstat.us/307', { method, json, redirect: 'manual' });
if (resp.status === 307) {
  resp = await fetch(resp.headers.get('location'), { method, json, redirect: 'manual' });
}

Additional context
Known limitation of underlying fetch-h2 implementation.

Is your feature request related to a problem? Please describe.
node-fetch automatically sets the content-type header, based on the body given to new Response():
https://github.com/node-fetch/node-fetch/blob/6ee9d3186f8b4bdc4288ccf92f0a776aa17644ae/src/request.js#L72

It would be convenient to do the same in helix-fetch.

Is your feature request related to a problem? Please describe.
The time to run parallel requests to the same http2 origin increases roughly linearly with the number of requests which is unexpected given HTTP/2 multiplexing.

Describe the solution you'd like
Either the underlying issue in fetch-h2 gets fixed or we use an alternative implementation under the hood, e.g. node-fetch-h2.

Describe alternatives you've considered
See above.

Additional context
grantila/fetch-h2#85

Would this be possible? It would reduce our required boilerplate quite a bit.

Description
process crashed with error when fetch in try-catch context
the exception was caught, but nodejs still exit.

Version:
"@adobe/helix-fetch": "^3.0.0"
nodejs v16.13.0

Crash log:
[2021/12/31 20:26:23][error] error: FetchError - Session closed with error code 1
[2021/12/31 20:26:23][info] retry after 10s
Error [ERR_HTTP2_SESSION_ERROR]: Session closed with error code 1
at new NodeError (node:internal/errors:371:5)
at Http2Session.onGoawayData (node:internal/http2/core:679:21) {
code: 'ERR_HTTP2_SESSION_ERROR'
}

Is your feature request related to a problem? Please describe.
Running multiple fetch requests in parallel may end up causing denial-of-service attacks if they are long-lived.

Describe the solution you'd like
Regular XHR requests support a timeout that will fail the request after a specific amount of time.
There is currently no clear spec for it in the fetch API, but some discussion around it exist (see links below)

Would be great to have a first draft implementation in the library to offer a decent enough implementation until the spec is finalized.

Describe alternatives you've considered
This can alternatively be implemented consumer-side by using timeouts and promises, and rejecting the promise before the request ends, but the socket is still left open until the fetch actually finishes so it doesn't fully removes the issue

Additional context
See:

• whatwg/fetch#20
• whatwg/fetch#179
• whatwg/fetch#180

Description
Concurrent http2 fetch requests to the same origin and using different contexts may lead to FetchError: The socket is already bound to an Http2Session.

To Reproduce

const doFetch = async (url) => {
  const ctx = context();
  try {
    return ctx.fetch(url);
  } finally {
    await ctx.reset();
  }
};

const N = 10; // # of parallel requests
const TEST_URL = 'https://httpbin.org/bytes/'; // HTTP2
// generete array of 'randomized' urls
const urls = Array.from({ length: N }, () => Math.floor(Math.random() * N)).map((num) => `${TEST_URL}${num}`);
// send requests
const responses = await Promise.all(urls.map((url) => doFetch(url)));

Is your feature request related to a problem? Please describe.
I think it would benefit to add querystring support; so every piece of code that uses query strings doesn't have to write its own implementation of appending them to the URL.

Describe the solution you'd like
just use URL.searchParams code

Describe alternatives you've considered
query-string library

when a http header value is not valid, it just reports:

invalid request header Invalid character in header content ["dummy"]

it would be useful, if the header name is included in the error instead of dummy.

Description
The .d.ts file specifies some exported symbols as types instead of as values, but users need to use those symbols as values. Specifically, at least:

• Example code in the README includes if (err instanceof AbortError) but this doesn't compile in TypeScript since currently the .d.ts exports AbortError as an interface instead of as a declare class
• To use the aborting (early cancellation) functionality, a user needs to create an AbortController but this is not possible in TypeScript since the current .d.ts exports the AbortController as a type instead of as a declare class

Is your feature request related to a problem? Please describe.
Rename default branch from master to main, on the git repo level as well as references in code and documentation.

Additional context
adobe/helix-home#140

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Repository problems

These problems occurred while renovating this repository. View logs.

• WARN: Encrypted value is using deprecated PKCS1 padding, please change to using PGP encryption.

Awaiting Schedule

These updates are awaiting their schedule. Click on a checkbox to get an update now.

• chore(deps): update dependency mocha to v10.7.3

Edited/Blocked

These updates have been manually edited so Renovate will no longer make changes. To discard all commits and start over, click on a checkbox.

• chore(deps): update external major (major) (c8, chai, chai-as-promised, codecov, eslint, husky, semantic-release, sinon)

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository

Description
Looking at https://github.com/grantila/fetch-h2/blob/master/lib/context.ts#L413, I don't see that there is a connect-timeout passed to the socket connection... AFAICS, the timeout is implemented as promise race. which leads to hanging sockets, if the connection is slow. so my tests fail (> 2000ms) sometimes, although I specify a timeout of 20ms.

This should be clarified.

Description
fetching a redirect response manually should not alter the location header. but since v2, it is made absolute.

eg:

$ curl -sD - 'https://httpbingo.org/redirect-to?url=/foo.html'
HTTP/2 302
access-control-allow-credentials: true
access-control-allow-origin: *
location: /foo.html
date: Thu, 04 Feb 2021 03:10:22 GMT
content-length: 0
server: Fly/7226d36 (2021-01-25)
via: 2 fly.io

but with fetch:

    it('supports redirect: manual with path location', async () => {
      const resp = await fetch(`${protocol}://httpbingo.org/redirect-to?url=/foo.html&status_code=307`, { redirect: 'manual', cache: 'no-store' });
      assert.strictEqual(resp.status, 307);
      assert.strictEqual(resp.headers.get('location'), '/foo.html');
      assert.strictEqual(resp.redirected, false);
    });

AssertionError [ERR_ASSERTION]: Expected values to be strictly equal:
+ actual - expected

+ 'http://httpbingo.org/foo.html'
- '/foo.html'
Expected :/foo.html
Actual   :http://httpbingo.org/foo.html

To Reproduce
see failing test in: #130

Test case to follow

in order to make it project helix/franklin independent, maybe consider rename it so a more generic name?

• @adobe/phetsch
• @adobe/phetch
• @adobe/fetch-hx (http1 + http2)
• @adobe/w3c-node-fetch
• ...

or even without @adobe/