2 * Wrapper for built-in http.js to emulate the browser XMLHttpRequest object.
4 * This can be used with JS designed for browsers to improve reuse of code and
5 * allow the use of existing libraries.
7 * Usage: include("XMLHttpRequest.js") and use XMLHttpRequest per W3C specs.
9 * @author Dan DeFelippi <dan@driverdan.com>
10 * @contributor David Ellis <d.f.ellis@ieee.org>
14 var Url = require("url");
15 var spawn = require("child_process").spawn;
16 var fs = require("fs");
18 exports.XMLHttpRequest = function() {
25 var http = require("http");
26 var https = require("https");
28 // Holds http.js objects
35 // Disable header blacklist.
36 // Not part of XHR specs.
37 var disableHeaderCheck = false;
39 // Set some default headers
40 var defaultHeaders = {
41 "User-Agent": "node-XMLHttpRequest",
48 // These headers are not user setable.
49 // The following are allowed but banned in the spec:
51 var forbiddenRequestHeaders = [
54 "access-control-request-headers",
55 "access-control-request-method",
58 "content-transfer-encoding",
74 // These request methods are not allowed
75 var forbiddenRequestMethods = [
83 // Error flag, used when errors occur or abort is called
84 var errorFlag = false;
95 this.HEADERS_RECEIVED = 2;
104 this.readyState = this.UNSENT;
106 // default ready state change handler in case one is not set or is set late
107 this.onreadystatechange = null;
110 this.responseText = "";
111 this.responseXML = "";
113 this.statusText = null;
115 // Whether cross-site Access-Control requests should be made using
116 // credentials such as cookies or authorization headers
117 this.withCredentials = false;
124 * Check if the specified header is allowed.
126 * @param string header Header to validate
127 * @return boolean False if not allowed, otherwise true
129 var isAllowedHttpHeader = function(header) {
130 return disableHeaderCheck || (header && forbiddenRequestHeaders.indexOf(header.toLowerCase()) === -1);
134 * Check if the specified method is allowed.
136 * @param string method Request method to validate
137 * @return boolean False if not allowed, otherwise true
139 var isAllowedHttpMethod = function(method) {
140 return (method && forbiddenRequestMethods.indexOf(method) === -1);
148 * Open the connection. Currently supports local server requests.
150 * @param string method Connection method (eg GET, POST)
151 * @param string url URL for the connection.
152 * @param boolean async Asynchronous connection. Default is true.
153 * @param string user Username for basic authentication (optional)
154 * @param string password Password for basic authentication (optional)
156 this.open = function(method, url, async, user, password) {
160 // Check for valid request method
161 if (!isAllowedHttpMethod(method)) {
162 throw new Error("SecurityError: Request method not allowed");
167 "url": url.toString(),
168 "async": (typeof async !== "boolean" ? true : async),
169 "user": user || null,
170 "password": password || null
173 setState(this.OPENED);
177 * Disables or enables isAllowedHttpHeader() check the request. Enabled by default.
178 * This does not conform to the W3C spec.
180 * @param boolean state Enable or disable header checking.
182 this.setDisableHeaderCheck = function(state) {
183 disableHeaderCheck = state;
187 * Sets a header for the request or appends the value if one is already set.
189 * @param string header Header name
190 * @param string value Header value
192 this.setRequestHeader = function(header, value) {
193 if (this.readyState !== this.OPENED) {
194 throw new Error("INVALID_STATE_ERR: setRequestHeader can only be called when state is OPEN");
196 if (!isAllowedHttpHeader(header)) {
197 console.warn("Refused to set unsafe header \"" + header + "\"");
201 throw new Error("INVALID_STATE_ERR: send flag is true");
203 header = headersCase[header.toLowerCase()] || header;
204 headersCase[header.toLowerCase()] = header;
205 headers[header] = headers[header] ? headers[header] + ', ' + value : value;
209 * Gets a header from the server response.
211 * @param string header Name of header to get.
212 * @return string Text of the header or null if it doesn't exist.
214 this.getResponseHeader = function(header) {
215 if (typeof header === "string"
216 && this.readyState > this.OPENED
219 && response.headers[header.toLowerCase()]
222 return response.headers[header.toLowerCase()];
229 * Gets all the response headers.
231 * @return string A string with all response headers separated by CR+LF
233 this.getAllResponseHeaders = function() {
234 if (this.readyState < this.HEADERS_RECEIVED || errorFlag) {
239 for (var i in response.headers) {
240 // Cookie headers are excluded
241 if (i !== "set-cookie" && i !== "set-cookie2") {
242 result += i + ": " + response.headers[i] + "\r\n";
245 return result.substr(0, result.length - 2);
249 * Gets a request header
251 * @param string name Name of header to get
252 * @return string Returns the request header or empty string if not set
254 this.getRequestHeader = function(name) {
255 if (typeof name === "string" && headersCase[name.toLowerCase()]) {
256 return headers[headersCase[name.toLowerCase()]];
263 * Sends the request to the server.
265 * @param string data Optional data to send as request body.
267 this.send = function(data) {
268 if (this.readyState !== this.OPENED) {
269 throw new Error("INVALID_STATE_ERR: connection must be opened before send() is called");
273 throw new Error("INVALID_STATE_ERR: send has already been called");
276 var ssl = false, local = false;
277 var url = Url.parse(settings.url);
279 // Determine the server
280 switch (url.protocol) {
283 // SSL & non-SSL both need host, no break here.
299 throw new Error("Protocol not supported.");
302 // Load files off the local filesystem (file://)
304 if (settings.method !== "GET") {
305 throw new Error("XMLHttpRequest: Only GET method is supported");
308 if (settings.async) {
309 fs.readFile(url.pathname, "utf8", function(error, data) {
311 self.handleError(error);
314 self.responseText = data;
320 this.responseText = fs.readFileSync(url.pathname, "utf8");
331 // Default to port 80. If accessing localhost on another port be sure
332 // to use http://localhost:port/path
333 var port = url.port || (ssl ? 443 : 80);
334 // Add query string if one is used
335 var uri = url.pathname + (url.search ? url.search : "");
337 // Set the defaults if they haven't been set
338 for (var name in defaultHeaders) {
339 if (!headersCase[name.toLowerCase()]) {
340 headers[name] = defaultHeaders[name];
344 // Set the Host header or the server may reject the request
346 if (!((ssl && port === 443) || port === 80)) {
347 headers.Host += ":" + url.port;
350 // Set Basic Auth if necessary
352 if (typeof settings.password === "undefined") {
353 settings.password = "";
355 var authBuf = new Buffer(settings.user + ":" + settings.password);
356 headers.Authorization = "Basic " + authBuf.toString("base64");
359 // Set content length header
360 if (settings.method === "GET" || settings.method === "HEAD") {
363 headers["Content-Length"] = Buffer.isBuffer(data) ? data.length : Buffer.byteLength(data);
365 if (!headers["Content-Type"]) {
366 headers["Content-Type"] = "text/plain;charset=UTF-8";
368 } else if (settings.method === "POST") {
369 // For a post with no data set Content-Length: 0.
370 // This is required by buggy servers that don't meet the specs.
371 headers["Content-Length"] = 0;
378 method: settings.method,
381 withCredentials: self.withCredentials
387 // Handle async requests
388 if (settings.async) {
389 // Use the proper protocol
390 var doRequest = ssl ? https.request : http.request;
392 // Request is being sent, set send flag
395 // As per spec, this is called here for historical reasons.
396 self.dispatchEvent("readystatechange");
398 // Handler for the response
399 var responseHandler = function responseHandler(resp) {
400 // Set response var to the response we got back
401 // This is so it remains accessable outside this scope
403 // Check for redirect
404 // @TODO Prevent looped redirects
405 if (response.statusCode === 301 || response.statusCode === 302 || response.statusCode === 303 || response.statusCode === 307) {
406 // Change URL to the redirect location
407 settings.url = response.headers.location;
408 var url = Url.parse(settings.url);
409 // Set host var in case it's used later
411 // Options for the new request
413 hostname: url.hostname,
416 method: response.statusCode === 303 ? "GET" : settings.method,
418 withCredentials: self.withCredentials
421 // Issue the new request
422 request = doRequest(newOptions, responseHandler).on("error", errorHandler);
424 // @TODO Check if an XHR event needs to be fired here
428 response.setEncoding("utf8");
430 setState(self.HEADERS_RECEIVED);
431 self.status = response.statusCode;
433 response.on("data", function(chunk) {
434 // Make sure there's some data
436 self.responseText += chunk;
438 // Don't emit state changes if the connection has been aborted.
440 setState(self.LOADING);
444 response.on("end", function() {
446 // Discard the end event if the connection has been aborted
452 response.on("error", function(error) {
453 self.handleError(error);
457 // Error handler for the request
458 var errorHandler = function errorHandler(error) {
459 self.handleError(error);
462 // Create the request
463 request = doRequest(options, responseHandler).on("error", errorHandler);
465 // Node 0.4 and later won't accept empty data. Make sure it's needed.
472 self.dispatchEvent("loadstart");
473 } else { // Synchronous
474 // Create a temporary file for communication with the other Node process
475 var contentFile = ".node-xmlhttprequest-content-" + process.pid;
476 var syncFile = ".node-xmlhttprequest-sync-" + process.pid;
477 fs.writeFileSync(syncFile, "", "utf8");
478 // The async request the other Node process executes
479 var execString = "var http = require('http'), https = require('https'), fs = require('fs');"
480 + "var doRequest = http" + (ssl ? "s" : "") + ".request;"
481 + "var options = " + JSON.stringify(options) + ";"
482 + "var responseText = '';"
483 + "var req = doRequest(options, function(response) {"
484 + "response.setEncoding('utf8');"
485 + "response.on('data', function(chunk) {"
486 + " responseText += chunk;"
488 + "response.on('end', function() {"
489 + "fs.writeFileSync('" + contentFile + "', JSON.stringify({err: null, data: {statusCode: response.statusCode, headers: response.headers, text: responseText}}), 'utf8');"
490 + "fs.unlinkSync('" + syncFile + "');"
492 + "response.on('error', function(error) {"
493 + "fs.writeFileSync('" + contentFile + "', JSON.stringify({err: error}), 'utf8');"
494 + "fs.unlinkSync('" + syncFile + "');"
496 + "}).on('error', function(error) {"
497 + "fs.writeFileSync('" + contentFile + "', JSON.stringify({err: error}), 'utf8');"
498 + "fs.unlinkSync('" + syncFile + "');"
500 + (data ? "req.write('" + JSON.stringify(data).slice(1,-1).replace(/'/g, "\\'") + "');":"")
502 // Start the other Node Process, executing this string
503 var syncProc = spawn(process.argv[0], ["-e", execString]);
504 while(fs.existsSync(syncFile)) {
505 // Wait while the sync file is empty
507 var resp = JSON.parse(fs.readFileSync(contentFile, 'utf8'));
508 // Kill the child process once the file has data
509 syncProc.stdin.end();
510 // Remove the temporary file
511 fs.unlinkSync(contentFile);
514 self.handleError(resp.err);
516 response = resp.data;
517 self.status = resp.data.statusCode;
518 self.responseText = resp.data.text;
525 * Called when an error is encountered to deal with it.
527 this.handleError = function(error) {
529 this.statusText = error;
530 this.responseText = error.stack;
533 this.dispatchEvent('error');
539 this.abort = function() {
545 headers = defaultHeaders;
547 this.responseText = "";
548 this.responseXML = "";
552 if (this.readyState !== this.UNSENT
553 && (this.readyState !== this.OPENED || sendFlag)
554 && this.readyState !== this.DONE) {
558 this.readyState = this.UNSENT;
559 this.dispatchEvent('abort');
563 * Adds an event listener. Preferred method of binding to events.
565 this.addEventListener = function(event, callback) {
566 if (!(event in listeners)) {
567 listeners[event] = [];
569 // Currently allows duplicate callbacks. Should it?
570 listeners[event].push(callback);
574 * Remove an event callback that has already been bound.
575 * Only works on the matching funciton, cannot be a copy.
577 this.removeEventListener = function(event, callback) {
578 if (event in listeners) {
579 // Filter will return a new array with the callback removed
580 listeners[event] = listeners[event].filter(function(ev) {
581 return ev !== callback;
587 * Dispatch any events, including both "on" methods and events attached using addEventListener.
589 this.dispatchEvent = function(event) {
590 if (typeof self["on" + event] === "function") {
591 self["on" + event]();
593 if (event in listeners) {
594 for (var i = 0, len = listeners[event].length; i < len; i++) {
595 listeners[event][i].call(self);
601 * Changes readyState and calls onreadystatechange.
603 * @param int state New state
605 var setState = function(state) {
606 if (state == self.LOADING || self.readyState !== state) {
607 self.readyState = state;
609 if (settings.async || self.readyState < self.OPENED || self.readyState === self.DONE) {
610 self.dispatchEvent("readystatechange");
613 if (self.readyState === self.DONE && !errorFlag) {
614 self.dispatchEvent("load");
615 // @TODO figure out InspectorInstrumentation::didLoadXHR(cookie)
616 self.dispatchEvent("loadend");