This is working as documented, the request is cancelled if you don't call followRedirect inside the redirect event when redirect mode is manual.

Ref: https://www.electronjs.org/docs/latest/api/client-request#event-redirect

I see ClientRequest being return from net.request, but I don't see how I would get a ClientRequest with net.fetch. It seems the only way for redirect: 'manual' to work with net.fetch, the returned Response would have to hold the redirect status. This is how Node.js' fetch implements redirect: 'manual'.

I'm trying use net.fetch as a drop-in for the global fetch from Node.js because net.fetch comes with proxy support and loads certificates from the OS.

@MarshallOfSound this might be a bug in our net.fetch implementation. The spec mentions if mode is not navigate then an opaqueResponse should be provided. We are missing the handling of redirect event in the implementation today.

Node.js fetch response also seems different from the spec, ref wpt tests https://github.com/web-platform-tests/wpt/blob/master/fetch/api/redirect/redirect-mode.any.js

> fetch(`http://localhost:3001/redirect`, { redirect: 'manual' }).then(console.log, console.error)
Promise {
  <pending>,
  [Symbol(async_id_symbol)]: 140,
  [Symbol(trigger_async_id_symbol)]: 139
}
> Response {
  status: 302,
  statusText: 'Found',
  headers: Headers {
    location: '/',
    date: 'Sat, 14 Sep 2024 01:55:46 GMT',
    connection: 'keep-alive',
    'keep-alive': 'timeout=5',
    'transfer-encoding': 'chunked'
  },
  body: ReadableStream { locked: false, state: 'readable', supportsBYOB: true },
  bodyUsed: false,
  ok: false,
  redirected: false,
  type: 'basic',
  url: 'http://localhost:3001/redirect'
}

Okay Node.js implementation was initially following the spec but it was later changed per nodejs/undici#1193.

What should be the behavior we match in our net.Fetch API for this case ?

For browsers opaque responses are needed for preventing xss attacks https://fetch.spec.whatwg.org/#atomic-http-redirect-handling. In Electron, users already can use Node.js fetch in these process to get those responses, so if we were to align net.fetch behavior we are not increasing the risk any higher. Also, the api is meant to offer easy migration for users from Node.js fetch to use chromium network stack, so aligning their behaviors would be better in this case.

#43774

this also prevents (AFAIK) conditionally but completely intercepting http/s protocol by preventing the browser from following redirects.

Appologies for the dumb question but Is anyone aware of an alternative solution to implement this currently using net.request (the issue here being a complete reproduction of the GlobalRequest to ClientRequest to listen for the 'redirect' event)?

protocol.handle('http', (request) => {
  if (shouldOverride) {
    // do my own thing
  } else {
    // if I want to leverage Chromium for Kerberos SSO and other benefits but the renderer must follow redirects so orgin is correct on future requests
   return net.fetch(request, {
     bypassCustomProtocolHandlers: true,
     redirect: 'manual'
    });
  }
}