That covers RequestInit and ResponseInit:
-
RequestInit.method: ✅
-
RequestInit.headers: ✅
-
RequestInit.body: ✅ (Node.js diverges because it supports AsyncIterables here)
-
RequestInit.signal: ✅
-
RequestInit.redirect:
follow: ✅error: ✅manual: ✅, but divergence because the returned response is not opaque. On the browser it is opaque because of Atomic HTTP redirect handling - this security feature is not needed on servers.
-
RequestInit.integrity: 🟠
- Must be verified, and if the supported integrity string is not supported, must throw.
- At minimum must support
undefined and "".
- We think this may be useful on the server, but it should be up to the host to determine to what extent they implement this.
-
RequestInit.duplex: ✅
- We should spec what
duplex: full means
- We should try to get
duplex: full to be the default in browsers
- We should start enforcing
duplex: "half" if you want half duplex in server environments
-
RequestInit.cache: 🟠
- Verify the property is valid
- The default on server runtimes is
no-store or no-cache, not default
- Runtimes must send the correct cache control header corresponding to the specified option
- Runtimes do not actually have to cache responses in a client side cache
- Verify if the spec allows implementations to "downgrade" to lower cache level (like no-store) even if a higher value is specified, for example in Incognito windows. If so, we do not need to throw on unsupported valid values.
- Figure out how
default and Cloudflare's default behaviour differ - do we need another value to specify that behaviour?
-
RequestInit.priority: 🟠
- Either implement as specced, or completely ignore it
-
RequestInit.referrer: ❌ ignore completely (do not get off init)
- Servers don't have an active site/origin so there is no referrer
-
RequestInit.referrerPolicy: ❌ ignore completely
- If you don't have a referrer, you don't need a policy for them
-
RequestInit.mode: ❌ silently ignore
- CORS is not relevant on the server
-
RequestInit.credentials: ❌ silently ignore
- CORS is not relevant on the server
- Check that
credentials: omit does not remove explicitly set auth headers - if so, reconsider
-
RequestInit.keepalive: ❌ silently ignore
- Related to tab lifetime, not relevant to server runtimes
-
RequestInit.window: ❌ silently ignore
-
ResponseInit.status: ✅
-
ResponseInit.statusText: ✅
-
ResponseInit.headers: ✅
✅ = mandatory
🟠 = sometimes
❌ = ignore
That covers
RequestInitandResponseInit:RequestInit.method: ✅RequestInit.headers: ✅RequestInit.body: ✅ (Node.js diverges because it supports AsyncIterables here)RequestInit.signal: ✅RequestInit.redirect:follow: ✅error: ✅manual: ✅, but divergence because the returned response is not opaque. On the browser it is opaque because of Atomic HTTP redirect handling - this security feature is not needed on servers.RequestInit.integrity: 🟠undefinedand"".RequestInit.duplex: ✅duplex: fullmeansduplex: fullto be the default in browsersduplex: "half"if you want half duplex in server environmentsRequestInit.cache: 🟠no-storeorno-cache, notdefaultdefaultand Cloudflare's default behaviour differ - do we need another value to specify that behaviour?RequestInit.priority: 🟠RequestInit.referrer: ❌ ignore completely (do not get off init)RequestInit.referrerPolicy: ❌ ignore completelyRequestInit.mode: ❌ silently ignoreRequestInit.credentials: ❌ silently ignorecredentials: omitdoes not remove explicitly set auth headers - if so, reconsiderRequestInit.keepalive: ❌ silently ignoreRequestInit.window: ❌ silently ignoreResponseInit.status: ✅ResponseInit.statusText: ✅ResponseInit.headers: ✅✅ = mandatory
🟠 = sometimes
❌ = ignore