feat: implement net.fetch

docs/api/client-request.md

@@ -23,12 +23,14 @@ following properties:
     with which the request is associated. Defaults to the empty string. The
     `session` option supersedes `partition`. Thus if a `session` is explicitly
     specified, `partition` is ignored.
-  * `credentials` string (optional) - Can be `include` or `omit`. Whether to
-    send [credentials](https://fetch.spec.whatwg.org/#credentials) with this
+  * `credentials` string (optional) - Can be `include`, `omit` or
+    `same-origin`. Whether to send
+    [credentials](https://fetch.spec.whatwg.org/#credentials) with this
     request. If set to `include`, credentials from the session associated with
     the request will be used. If set to `omit`, credentials will not be sent
     with the request (and the `'login'` event will not be triggered in the
-    event of a 401). This matches the behavior of the
+    event of a 401). If set to `same-origin`, `origin` must also be specified.
+    This matches the behavior of the
     [fetch](https://fetch.spec.whatwg.org/#concept-request-credentials-mode)
     option of the same name. If this option is not specified, authentication
     data from the session will be sent, and cookies will not be sent (unless
@@ -49,6 +51,13 @@ following properties:
     [`request.followRedirect`](#requestfollowredirect) is invoked synchronously
     during the [`redirect`](#event-redirect) event.  Defaults to `follow`.
   * `origin` string (optional) - The origin URL of the request.
+  * `referrerPolicy` string (optional) - can be `""`, `no-referrer`,
+    `no-referrer-when-downgrade`, `origin`, `origin-when-cross-origin`,
+    `unsafe-url`, `same-origin`, `strict-origin`, or
+    `strict-origin-when-cross-origin`. Defaults to
+    `strict-origin-when-cross-origin`.
+  * `cache` string (optional) - can be `""`, `default`, `no-store`, `reload`,
+    `no-cache`, `force-cache` or `only-if-cached`.
 
 `options` properties such as `protocol`, `host`, `hostname`, `port` and `path`
 strictly follow the Node.js model as described in the

docs/api/net.md

@@ -63,6 +63,28 @@ Creates a [`ClientRequest`](./client-request.md) instance using the provided
 The `net.request` method would be used to issue both secure and insecure HTTP
 requests according to the specified protocol scheme in the `options` object.
 
+### `net.fetch(input[, init])`
+
+* `input` RequestInfo
+* `init` RequestInit (optional)
+
+Returns `Promise<Response>`.
+
+Sends a request, similarly to how `fetch()` works in the renderer, using
+Chrome's network stack. This differs from Node's `fetch()`, which uses an
+entirely separate HTTP stack, with different limitations.
+
+See the MDN documentation for
+[`fetch()`](https://developer.mozilla.org/en-US/docs/Web/API/fetch) for more
+details.
+
+Limitations:
+
+* `net.fetch()` does not support the `data:` or `blob:` schemes.
+* The value of the `integrity` option is ignored.
+* The `.type` and `.url` values of the returned `Response` object are
+  incorrect.
+
 ### `net.isOnline()`
 
 Returns `boolean` - Whether there is currently internet connection.

lib/browser/api/net.ts

@@ -255,7 +255,9 @@ function parseOptions (optionsIn: ClientRequestConstructorOptions | string): Nod
     body: null as any,
     useSessionCookies: options.useSessionCookies,
     credentials: options.credentials,
-    origin: options.origin
+    origin: options.origin,
+    referrerPolicy: options.referrerPolicy,
+    cache: options.cache
   };
   const headers: Record<string, string | string[]> = options.headers || {};
   for (const [name, value] of Object.entries(headers)) {
@@ -310,6 +312,7 @@ export class ClientRequest extends Writable implements Electron.ClientRequest {
     }
 
     const { redirectPolicy, ...urlLoaderOptions } = parseOptions(options);
+    if (urlLoaderOptions.credentials === 'same-origin' && !urlLoaderOptions.origin) { throw new Error('credentials: same-origin requires origin to be set'); }
     this._urlLoaderOptions = urlLoaderOptions;
     this._redirectPolicy = redirectPolicy;
   }
@@ -526,6 +529,121 @@ export function request (options: ClientRequestConstructorOptions | string, call
   return new ClientRequest(options, callback);
 }
 
+function createDeferredPromise<T, E extends Error = Error> (): { promise: Promise<T>; resolve: (x: T) => void; reject: (e: E) => void; } {
+  let res: (x: T) => void;
+  let rej: (e: E) => void;
+  const promise = new Promise<T>((resolve, reject) => {
+    res = resolve;
+    rej = reject;
+  });
+
+  return { promise, resolve: res!, reject: rej! };
+}
+
+export function fetch (input: RequestInfo, init?: RequestInit): Promise<Response> {
+  const p = createDeferredPromise<Response>();
+  let req: Request;
+  try {
+    req = new Request(input, init);
+  } catch (e: any) {
+    p.reject(e);
+    return p.promise;
+  }
+
+  if (req.signal.aborted) {
+    // 1. Abort the fetch() call with p, request, null, and
+    //    requestObject’s signal’s abort reason.
+    const error = (req.signal as any).reason ?? new DOMException('The operation was aborted.', 'AbortError');
+    p.reject(error);
+
+    if (req.body != null /* && isReadable(req.body) */) {
+      req.body.cancel(error).catch((err) => {
+        if (err.code === 'ERR_INVALID_STATE') {
+          // Node bug?
+          return;
+        }
+        throw err;
+      });
+    }
+
+    // 2. Return p.
+    return p.promise;
+  }
+
+  let locallyAborted = false;
+  req.signal.addEventListener(
+    'abort',
+    () => {
+      // 1. Set locallyAborted to true.
+      locallyAborted = true;
+
+      // 2. Abort the fetch() call with p, request, responseObject,
+      //    and requestObject’s signal’s abort reason.
+      const error = (req.signal as any).reason ?? new DOMException('The operation was aborted.', 'AbortError');
+      p.reject(error);
+      if (req.body != null /* && isReadable(req.body) */) {
+        req.body.cancel(error).catch((err) => {
+          if (err.code === 'ERR_INVALID_STATE') {
+            // Node bug?
+            return;
+          }
+          throw err;
+        });
+      }
+
+      r.abort();
+    },
+    { once: true }
+  );
+
+  const origin = req.headers.get('origin') ?? undefined;
+  // We can't set credentials to same-origin unless there's an origin set.
+  const credentials = req.credentials === 'same-origin' && !origin ? 'include' : req.credentials;
+
+  const r = request({
+    // TODO: session
+    method: req.method,
+    url: req.url,
+    origin,
+    credentials,
+    cache: req.cache,
+    referrerPolicy: req.referrerPolicy,
+    redirect: req.redirect
+  });
+
+  if (req.mode) {
+    r.setHeader('Sec-Fetch-Mode', req.mode);
+  }
+
+  for (const [k, v] of req.headers) {
+    r.setHeader(k, v);
+  }
+
+  r.on('response', (resp: IncomingMessage) => {
+    if (locallyAborted) return;
+    const headers = new Headers();
+    for (const [k, v] of Object.entries(resp.headers)) { headers.set(k, Array.isArray(v) ? v.join(', ') : v); }
+    // TODO: this loses trailers and httpVersion info
+    const nullBodyStatus = [101, 204, 205, 304];
+    const body = nullBodyStatus.includes(resp.statusCode) || req.method === 'HEAD' ? null : Readable.toWeb(resp) as ReadableStream;
+    const rResp = new Response(body, {
+      headers,
+      status: resp.statusCode,
+      statusText: resp.statusMessage
+    });
+    p.resolve(rResp);
+  });
+
+  r.on('error', (err) => {
+    // TODO: abort..?
+    p.reject(err);
+  });
+
+  if (!req.body?.pipeTo(Writable.toWeb(r)).then(() => r.end())) { r.end(); }
+
+  return p.promise;
+}
+
 exports.isOnline = isOnline;
 
 Object.defineProperty(exports, 'online', {

shell/browser/api/electron_api_url_loader.cc

@@ -32,6 +32,8 @@
 #include "shell/common/gin_helper/dictionary.h"
 #include "shell/common/gin_helper/object_template_builder.h"
 #include "shell/common/node_includes.h"
+#include "third_party/blink/public/common/loader/referrer_utils.h"
+#include "third_party/blink/public/mojom/fetch/fetch_api_request.mojom.h"
 
 namespace gin {
 
@@ -59,15 +61,84 @@ struct Converter<network::mojom::CredentialsMode> {
       *out = network::mojom::CredentialsMode::kOmit;
     else if (mode == "include")
       *out = network::mojom::CredentialsMode::kInclude;
+    else if (mode == "same-origin")
+      // Note: This only makes sense if the request specifies the "origin"
+      // option.
+      *out = network::mojom::CredentialsMode::kSameOrigin;
     else
-      // "same-origin" is technically a member of this enum as well, but it
-      // doesn't make sense in the context of `net.request()`, so don't convert
-      // it.
       return false;
     return true;
   }
 };
 
+template <>
+struct Converter<blink::mojom::FetchCacheMode> {
+  static bool FromV8(v8::Isolate* isolate,
+                     v8::Local<v8::Value> val,
+                     blink::mojom::FetchCacheMode* out) {
+    std::string cache;
+    if (!ConvertFromV8(isolate, val, &cache))
+      return false;
+    if (cache == "default" || cache == "") {
+      *out = blink::mojom::FetchCacheMode::kDefault;
+    } else if (cache == "no-store") {
+      *out = blink::mojom::FetchCacheMode::kNoStore;
+    } else if (cache == "reload") {
+      *out = blink::mojom::FetchCacheMode::kBypassCache;
+    } else if (cache == "no-cache") {
+      *out = blink::mojom::FetchCacheMode::kValidateCache;
+    } else if (cache == "force-cache") {
+      *out = blink::mojom::FetchCacheMode::kForceCache;
+    } else if (cache == "only-if-cached") {
+      *out = blink::mojom::FetchCacheMode::kOnlyIfCached;
+    } else {
+      return false;
+    }
+    return true;
+  }
+};
+
+template <>
+struct Converter<net::ReferrerPolicy> {
+  static bool FromV8(v8::Isolate* isolate,
+                     v8::Local<v8::Value> val,
+                     net::ReferrerPolicy* out) {
+    std::string referrer_policy;
+    if (!ConvertFromV8(isolate, val, &referrer_policy))
+      return false;
+    if (base::CompareCaseInsensitiveASCII(referrer_policy, "no-referrer") ==
+        0) {
+      *out = net::ReferrerPolicy::NO_REFERRER;
+    } else if (base::CompareCaseInsensitiveASCII(
+                   referrer_policy, "no-referrer-when-downgrade") == 0) {
+      *out = net::ReferrerPolicy::CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE;
+    } else if (base::CompareCaseInsensitiveASCII(referrer_policy, "origin") ==
+               0) {
+      *out = net::ReferrerPolicy::ORIGIN;
+    } else if (base::CompareCaseInsensitiveASCII(
+                   referrer_policy, "origin-when-cross-origin") == 0) {
+      *out = net::ReferrerPolicy::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN;
+    } else if (base::CompareCaseInsensitiveASCII(referrer_policy,
+                                                 "unsafe-url") == 0) {
+      *out = net::ReferrerPolicy::NEVER_CLEAR;
+    } else if (base::CompareCaseInsensitiveASCII(referrer_policy,
+                                                 "same-origin") == 0) {
+      *out = net::ReferrerPolicy::CLEAR_ON_TRANSITION_CROSS_ORIGIN;
+    } else if (base::CompareCaseInsensitiveASCII(referrer_policy,
+                                                 "strict-origin") == 0) {
+      *out = net::ReferrerPolicy::
+          ORIGIN_CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE;
+    } else if (referrer_policy == "" ||
+               base::CompareCaseInsensitiveASCII(
+                   referrer_policy, "strict-origin-when-cross-origin") == 0) {
+      *out = net::ReferrerPolicy::REDUCE_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN;
+    } else {
+      return false;
+    }
+    return true;
+  }
+};
+
 }  // namespace gin
 
 namespace electron::api {
@@ -401,6 +472,9 @@ gin::Handle<SimpleURLLoaderWrapper> SimpleURLLoaderWrapper::Create(
   opts.Get("url", &request->url);
   request->site_for_cookies = net::SiteForCookies::FromUrl(request->url);
   opts.Get("referrer", &request->referrer);
+  request->referrer_policy =
+      blink::ReferrerUtils::GetDefaultNetReferrerPolicy();
+  opts.Get("referrerPolicy", &request->referrer_policy);
   std::string origin;
   opts.Get("origin", &origin);
   if (!origin.empty()) {
@@ -484,6 +558,36 @@ gin::Handle<SimpleURLLoaderWrapper> SimpleURLLoaderWrapper::Create(
     }
   }
 
+  blink::mojom::FetchCacheMode cache_mode =
+      blink::mojom::FetchCacheMode::kDefault;
+  opts.Get("cache", &cache_mode);
+  switch (cache_mode) {
+    case blink::mojom::FetchCacheMode::kNoStore:
+      request->load_flags |= net::LOAD_DISABLE_CACHE;
+      break;
+    case blink::mojom::FetchCacheMode::kValidateCache:
+      request->load_flags |= net::LOAD_VALIDATE_CACHE;
+      break;
+    case blink::mojom::FetchCacheMode::kBypassCache:
+      request->load_flags |= net::LOAD_BYPASS_CACHE;
+      break;
+    case blink::mojom::FetchCacheMode::kForceCache:
+      request->load_flags |= net::LOAD_SKIP_CACHE_VALIDATION;
+      break;
+    case blink::mojom::FetchCacheMode::kOnlyIfCached:
+      request->load_flags |=
+          net::LOAD_ONLY_FROM_CACHE | net::LOAD_SKIP_CACHE_VALIDATION;
+      break;
+    case blink::mojom::FetchCacheMode::kUnspecifiedOnlyIfCachedStrict:
+      request->load_flags |= net::LOAD_ONLY_FROM_CACHE;
+      break;
+    case blink::mojom::FetchCacheMode::kDefault:
+      break;
+    case blink::mojom::FetchCacheMode::kUnspecifiedForceCacheMiss:
+      request->load_flags |= net::LOAD_ONLY_FROM_CACHE | net::LOAD_BYPASS_CACHE;
+      break;
+  }
+
   bool use_session_cookies = false;
   opts.Get("useSessionCookies", &use_session_cookies);
   int options = 0;

typings/internal-ambient.d.ts

@@ -130,11 +130,13 @@ declare namespace NodeJS {
     url: string;
     extraHeaders?: Record<string, string>;
     useSessionCookies?: boolean;
-    credentials?: 'include' | 'omit';
+    credentials?: 'include' | 'omit' | 'same-origin';
     body: Uint8Array | BodyFunc;
     session?: Electron.Session;
     partition?: string;
     referrer?: string;
+    referrerPolicy?: string;
+    cache?: string;
     origin?: string;
     hasUserActivation?: boolean;
     mode?: string;