Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Matteo Collina <hello@matteocollina.com> CVE-ID: CVE-2023-23936, CVE-2023-24807 PR-URL: nodejs-private/node-private#388 Refs: GHSA-5r9g-qh6m-jxff Refs: GHSA-r6ch-mqf9-qc9w Refs: https://hackerone.com/bugs?subject=nodejs&report_id=1820955 Refs: https://hackerone.com/bugs?subject=nodejs&report_id=1784449 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Michael Dawson <midawson@redhat.com>
- Loading branch information
1 parent
b558e9f
commit 2d9ae4f
Showing
77 changed files
with
7,822 additions
and
7,122 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
# MIME Type Parsing | ||
|
||
## `MIMEType` interface | ||
|
||
* **type** `string` | ||
* **subtype** `string` | ||
* **parameters** `Map<string, string>` | ||
* **essence** `string` | ||
|
||
## `parseMIMEType(input)` | ||
|
||
Implements [parse a MIME type](https://mimesniff.spec.whatwg.org/#parse-a-mime-type). | ||
|
||
Parses a MIME type, returning its type, subtype, and any associated parameters. If the parser can't parse an input it returns the string literal `'failure'`. | ||
|
||
```js | ||
import { parseMIMEType } from 'undici' | ||
|
||
parseMIMEType('text/html; charset=gbk') | ||
// { | ||
// type: 'text', | ||
// subtype: 'html', | ||
// parameters: Map(1) { 'charset' => 'gbk' }, | ||
// essence: 'text/html' | ||
// } | ||
``` | ||
|
||
Arguments: | ||
|
||
* **input** `string` | ||
|
||
Returns: `MIMEType|'failure'` | ||
|
||
## `serializeAMimeType(input)` | ||
|
||
Implements [serialize a MIME type](https://mimesniff.spec.whatwg.org/#serialize-a-mime-type). | ||
|
||
Serializes a MIMEType object. | ||
|
||
```js | ||
import { serializeAMimeType } from 'undici' | ||
|
||
serializeAMimeType({ | ||
type: 'text', | ||
subtype: 'html', | ||
parameters: new Map([['charset', 'gbk']]), | ||
essence: 'text/html' | ||
}) | ||
// text/html;charset=gbk | ||
|
||
``` | ||
|
||
Arguments: | ||
|
||
* **mimeType** `MIMEType` | ||
|
||
Returns: `string` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,101 @@ | ||
# Cookie Handling | ||
|
||
## `Cookie` interface | ||
|
||
* **name** `string` | ||
* **value** `string` | ||
* **expires** `Date|number` (optional) | ||
* **maxAge** `number` (optional) | ||
* **domain** `string` (optional) | ||
* **path** `string` (optional) | ||
* **secure** `boolean` (optional) | ||
* **httpOnly** `boolean` (optional) | ||
* **sameSite** `'String'|'Lax'|'None'` (optional) | ||
* **unparsed** `string[]` (optional) Left over attributes that weren't parsed. | ||
|
||
## `deleteCookie(headers, name[, attributes])` | ||
|
||
Sets the expiry time of the cookie to the unix epoch, causing browsers to delete it when received. | ||
|
||
```js | ||
import { deleteCookie, Headers } from 'undici' | ||
|
||
const headers = new Headers() | ||
deleteCookie(headers, 'name') | ||
|
||
console.log(headers.get('set-cookie')) // name=; Expires=Thu, 01 Jan 1970 00:00:00 GMT | ||
``` | ||
|
||
Arguments: | ||
|
||
* **headers** `Headers` | ||
* **name** `string` | ||
* **attributes** `{ path?: string, domain?: string }` (optional) | ||
|
||
Returns: `void` | ||
|
||
## `getCookies(headers)` | ||
|
||
Parses the `Cookie` header and returns a list of attributes and values. | ||
|
||
```js | ||
import { getCookies, Headers } from 'undici' | ||
|
||
const headers = new Headers({ | ||
cookie: 'get=cookies; and=attributes' | ||
}) | ||
|
||
console.log(getCookies(headers)) // { get: 'cookies', and: 'attributes' } | ||
``` | ||
|
||
Arguments: | ||
|
||
* **headers** `Headers` | ||
|
||
Returns: `Record<string, string>` | ||
|
||
## `getSetCookies(headers)` | ||
|
||
Parses all `Set-Cookie` headers. | ||
|
||
```js | ||
import { getSetCookies, Headers } from 'undici' | ||
|
||
const headers = new Headers({ 'set-cookie': 'undici=getSetCookies; Secure' }) | ||
|
||
console.log(getSetCookies(headers)) | ||
// [ | ||
// { | ||
// name: 'undici', | ||
// value: 'getSetCookies', | ||
// secure: true | ||
// } | ||
// ] | ||
|
||
``` | ||
|
||
Arguments: | ||
|
||
* **headers** `Headers` | ||
|
||
Returns: `Cookie[]` | ||
|
||
## `setCookie(headers, cookie)` | ||
|
||
Appends a cookie to the `Set-Cookie` header. | ||
|
||
```js | ||
import { setCookie, Headers } from 'undici' | ||
|
||
const headers = new Headers() | ||
setCookie(headers, { name: 'undici', value: 'setCookie' }) | ||
|
||
console.log(headers.get('Set-Cookie')) // undici=setCookie | ||
``` | ||
|
||
Arguments: | ||
|
||
* **headers** `Headers` | ||
* **cookie** `Cookie` | ||
|
||
Returns: `void` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
# Fetch | ||
|
||
Undici exposes a fetch() method starts the process of fetching a resource from the network. | ||
|
||
Documentation and examples can be found on [MDN](https://developer.mozilla.org/en-US/docs/Web/API/fetch). | ||
|
||
## File | ||
|
||
This API is implemented as per the standard, you can find documentation on [MDN](https://developer.mozilla.org/en-US/docs/Web/API/File) | ||
|
||
## FormData | ||
|
||
This API is implemented as per the standard, you can find documentation on [MDN](https://developer.mozilla.org/en-US/docs/Web/API/FormData) | ||
|
||
## Response | ||
|
||
This API is implemented as per the standard, you can find documentation on [MDN](https://developer.mozilla.org/en-US/docs/Web/API/Response) | ||
|
||
## Request | ||
|
||
This API is implemented as per the standard, you can find documentation on [MDN](https://developer.mozilla.org/en-US/docs/Web/API/Request) | ||
|
||
## Header | ||
|
||
This API is implemented as per the standard, you can find documentation on [MDN](https://developer.mozilla.org/en-US/docs/Web/API/Headers) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.