Skip to content

fix(eventsource): set use-URL-credentials flag#5475

Open
Ram-blip wants to merge 1 commit into
nodejs:mainfrom
Ram-blip:fix/eventsource-use-url-credentials
Open

fix(eventsource): set use-URL-credentials flag#5475
Ram-blip wants to merge 1 commit into
nodejs:mainfrom
Ram-blip:fix/eventsource-use-url-credentials

Conversation

@Ram-blip

@Ram-blip Ram-blip commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

This relates to...

Fixes EventSource potential-CORS request creation so it sets the correct use-URL-credentials flag.

Rationale

The HTML potential-CORS request algorithm requires the returned request’s use-URL-credentials flag to be set.

createPotentialCORSRequest() previously passed useCredentials: true to makeRequest(), but Undici stores useCredentials and useURLCredentials as separate fields. The Fetch authentication logic consumes useURLCredentials, so the intended flag was not being set.

WebSocket already uses useURLCredentials: true for the same internal request flag.

Specification: https://html.spec.whatwg.org/multipage/urls-and-fetching.html#create-a-potential-cors-request

Changes

Changed useCredentials: true to useURLCredentials: true in createPotentialCORSRequest().

Added unit coverage for both EventSource CORS states:

  • anonymous: cors mode with same-origin credentials
  • use-credentials: cors mode with include credentials

The test also verifies useURLCredentials, destination, urlList, and url.

Features

N/A

Bug Fixes

Fixes EventSource request creation so the use-URL-credentials flag is set on the internal Fetch request.

Breaking Changes and Deprecations

N/A

Status

Testing

node --test test/eventsource/util.js
npm run test:eventsource
npm run lint

Signed-off-by: Ram-blip <ramcruze2000@gmail.com>
@codecov-commenter

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.46%. Comparing base (ce7bf4f) to head (b1f36c2).

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #5475   +/-   ##
=======================================
  Coverage   93.46%   93.46%           
=======================================
  Files         110      110           
  Lines       37124    37124           
=======================================
  Hits        34698    34698           
  Misses       2426     2426           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@KhafraDev KhafraDev left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the test is completely useless... what is it testing?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants