1.3.0

This may break compatibility with code that was written for
`http-browserify`. Fixes #7

README.md

@@ -1,6 +1,6 @@
 # stream-http [![Build Status](https://travis-ci.org/jhiesey/stream-http.svg?branch=master)](https://travis-ci.org/jhiesey/stream-http)
 
-[![Sauce Test Status](https://saucelabs.com/browser-matrix/jhiesey.svg)](https://saucelabs.com/u/jhiesey)
+[![Sauce Test Status](https://saucelabs.com/browser-matrix/stream-http.svg)](https://saucelabs.com/u/stream-http)
 
 This module is an implementation of node's native `http` module for the browser.
 It tries to match node's api and behavior as closely as possible, but some features

index.js

@@ -25,9 +25,6 @@ http.request = function (opts, cb) {
 	opts.hostname = opts.hostname || hostHostname || window.location.hostname
 	opts.port = opts.port || hostPort || defaultPort
 
-	if (opts.withCredentials === undefined)
-		opts.withCredentials = true
-
 	// Also valid opts.auth, opts.mode
 
 	var req = new ClientRequest(opts)

lib/request.js

@@ -1,10 +1,11 @@
 // var Base64 = require('Base64')
 var capability = require('./capability')
 var foreach = require('foreach')
+var indexOf = require('indexof')
+var inherits = require('inherits')
 var keys = require('object-keys')
 var response = require('./response')
 var stream = require('stream')
-var inherits = require('inherits')
 
 var IncomingMessage = response.IncomingMessage
 var rStates = response.readyStates
@@ -63,7 +64,14 @@ inherits(ClientRequest, stream.Writable)
 
 ClientRequest.prototype.setHeader = function (name, value) {
 	var self = this
-	self._headers[name.toLowerCase()] = {
+	var lowerName = name.toLowerCase()
+	// This check is not necessary, but it prevents warnings from browsers about setting unsafe
+	// headers. To be honest I'm not entirely sure hiding these warnings is a good thing, but
+	// http-browserify did it, so I will too.
+	if (indexOf(unsafeHeaders, lowerName) !== -1)
+		return
+
+	self._headers[lowerName] = {
 		name: name,
 		value: value
 	}
@@ -82,6 +90,8 @@ ClientRequest.prototype.removeHeader = function (name) {
 ClientRequest.prototype._onFinish = function () {
 	var self = this
 
+	if (self._destroyed)
+		return
 	var opts = self._opts
 
 	var headersObj = self._headers
@@ -109,7 +119,7 @@ ClientRequest.prototype._onFinish = function () {
 			headers: headers,
 			body: body,
 			mode: 'cors',
-			credentials: opts.withCredentials ? 'include' : 'omit'
+			credentials: opts.withCredentials ? 'include' : 'same-origin'
 		}).then(function (response) {
 			self._fetchResponse = response
 			self._connect()
@@ -159,6 +169,8 @@ ClientRequest.prototype._onFinish = function () {
 		}
 
 		xhr.onerror = function () {
+			if (self._destroyed)
+				return
 			self.emit('error', new Error('XHR error'))
 		}
 
@@ -188,7 +200,7 @@ function statusValid (xhr) {
 ClientRequest.prototype._onXHRProgress = function () {
 	var self = this
 
-	if (!statusValid(self._xhr) || self._failed)
+	if (!statusValid(self._xhr) || self._destroyed)
 		return
 
 	if (!self._response)
@@ -200,6 +212,9 @@ ClientRequest.prototype._onXHRProgress = function () {
 ClientRequest.prototype._connect = function () {
 	var self = this
 
+	if (self._destroyed)
+		return
+
 	self._response = new IncomingMessage(self._xhr, self._fetchResponse, self._mode)
 	self.emit('response', self._response)
 }
@@ -211,10 +226,15 @@ ClientRequest.prototype._write = function (chunk, encoding, cb) {
 	cb()
 }
 
-ClientRequest.prototype.abort = function () {
+ClientRequest.prototype.abort = ClientRequest.prototype.destroy = function () {
 	var self = this
+	self._destroyed = true
+	if (self._response)
+		self._response._destroyed = true
 	if (self._xhr)
 		self._xhr.abort()
+	// Currently, there isn't a way to truly abort a fetch.
+	// If you like bikeshedding, see https://github.com/whatwg/fetch/issues/27
 }
 
 ClientRequest.prototype.end = function (data, encoding, cb) {
@@ -234,3 +254,28 @@ ClientRequest.prototype.flushHeaders = function () {}
 ClientRequest.prototype.setTimeout = function () {}
 ClientRequest.prototype.setNoDelay = function () {}
 ClientRequest.prototype.setSocketKeepAlive = function () {}
+
+// Taken from http://www.w3.org/TR/XMLHttpRequest/#the-setrequestheader%28%29-method
+var unsafeHeaders = [
+	'accept-charset',
+	'accept-encoding',
+	'access-control-request-headers',
+	'access-control-request-method',
+	'connection',
+	'content-length',
+	'cookie',
+	'cookie2',
+	'date',
+	'dnt',
+	'expect',
+	'host',
+	'keep-alive',
+	'origin',
+	'referer',
+	'te',
+	'trailer',
+	'transfer-encoding',
+	'upgrade',
+	'user-agent',
+	'via'
+]

lib/response.js

@@ -1,7 +1,7 @@
 var capability = require('./capability')
 var foreach = require('foreach')
-var stream = require('stream')
 var inherits = require('inherits')
+var stream = require('stream')
 
 var rStates = exports.readyStates = {
 	UNSENT: 0,
@@ -21,6 +21,14 @@ var IncomingMessage = exports.IncomingMessage = function (xhr, response, mode) {
 	self.trailers = {}
 	self.rawTrailers = []
 
+	// Fake the 'close' event, but only once 'end' fires
+	self.on('end', function () {
+		// The nextTick is necessary to prevent the 'request' module from causing an infinite loop
+		process.nextTick(function () {
+			self.emit('close')
+		})
+	})
+
 	if (mode === 'fetch') {
 		self._fetchResponse = response
 
@@ -37,6 +45,8 @@ var IncomingMessage = exports.IncomingMessage = function (xhr, response, mode) {
 		var reader = response.body.getReader()
 		function read () {
 			reader.read().then(function (result) {
+				if (self._destroyed)
+					return
 				if (result.done) {
 					self.push(null)
 					return

package.json

@@ -1,6 +1,6 @@
 {
   "name": "stream-http",
-  "version": "1.1.0",
+  "version": "1.3.0",
   "description": "Streaming http in the browser",
   "main": "index.js",
   "repository": {
@@ -15,9 +15,17 @@
   },
   "author": "John Hiesey",
   "license": "MIT",
+  "keywords": [
+    "http",
+    "stream",
+    "streaming",
+    "xhr",
+    "http-browserify"
+  ],
   "dependencies": {
     "builtin-status-codes": "~1.0.0",
     "foreach": "^2.0.5",
+    "indexof": "0.0.1",
     "inherits": "^2.0.1",
     "object-keys": "1.0.4",
     "xtend": "^4.0.0"
@@ -25,6 +33,7 @@
   "devDependencies": {
     "basic-auth": "^1.0.3",
     "brfs": "^1.4.0",
+    "cookie-parser": "^1.3.5",
     "express": "^4.13.0",
     "tape": "^4.0.0",
     "ua-parser-js": "^0.7.7",

test/browser/abort.js

@@ -0,0 +1,48 @@
+var Buffer = require('buffer').Buffer
+var fs = require('fs')
+var test = require('tape')
+
+var http = require('../..')
+
+test('abort before response', function (t) {
+	var req = http.get('/basic.txt', function (res) {
+		t.fail('unexpected response')
+	})
+	req.abort()
+	t.end()
+})
+
+test('abort on response', function (t) {
+	var req = http.get('/basic.txt', function (res) {
+		req.abort()
+		t.end()
+
+		res.on('end', function () {
+			t.fail('unexpected end')
+		})
+
+		res.on('data', function (data) {
+			t.fail('unexpected data')
+		})
+	})
+})
+
+test('abort on data', function (t) {
+	var req = http.get('/browserify.png?copies=5', function (res) {
+		var firstData = true
+
+		res.on('end', function () {
+			t.fail('unexpected end')
+		})
+
+		res.on('data', function (data) {
+			if (firstData) {
+				firstData = false
+				req.abort()
+				t.end()
+			} else {
+				t.fail('unexpected data')
+			}
+		})
+	})
+})

test/browser/cookie.js

@@ -0,0 +1,25 @@
+var Buffer = require('buffer').Buffer
+var test = require('tape')
+
+var http = require('../..')
+
+test('cookie', function (t) {
+  var cookie = 'hello=world'
+  window.document.cookie = cookie
+
+  http.get({
+    path: '/cookie',
+    withCredentials: false
+  }, function (res) {
+    var buffers = []
+
+    res.on('end', function () {
+      t.ok(new Buffer(cookie).equals(Buffer.concat(buffers)), 'hello cookie echoed')
+      t.end()
+    })
+
+    res.on('data', function (data) {
+      buffers.push(data)
+    })
+  })
+})

test/node/http-browserify.js

@@ -85,7 +85,7 @@ test('Test withCredentials param', function(t) {
 	t.equal( request._xhr.withCredentials, true, 'xhr.withCredentials should be true')
 
 	var request = http.get({ url: url }, noop)
-	t.equal( request._xhr.withCredentials, true, 'xhr.withCredentials should be true')
+	t.equal( request._xhr.withCredentials, false, 'xhr.withCredentials should be false')
 
 	t.end()
 })

test/server/index.js

@@ -1,3 +1,4 @@
+var cookieParser = require('cookie-parser')
 var basicAuth = require('basic-auth')
 var express = require('express')
 var fs = require('fs')
@@ -46,6 +47,12 @@ app.get('/testHeaders', function (req, res) {
 	res.end()
 })
 
+app.get('/cookie', cookieParser(), function (req, res) {
+	res.setHeader('Content-Type', 'text/plain')
+	res.write('hello=' + req.cookies.hello)
+	res.end()
+})
+
 app.get('/auth', function (req, res) {
 	var user = basicAuth(req)