UNPKG

h3

Version:

Minimal H(TTP) framework built for high performance and portability.

h3.dev

h3js/h3

32 lines (16 loc) 1.65 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
# Proxy > H3 proxy utilities. ### `fetchWithEvent(event, url, init?)` Make a fetch request with the event's context and headers. If the `url` starts with `/`, the request is dispatched internally via `event.app.fetch()` (sub-request) and never leaves the process. **Security:** Never pass unsanitized user input as the `url`. Callers are responsible for validating and restricting the URL. ### `getProxyRequestHeaders(event)` Get the request headers object without headers known to cause issues when proxying. ### `proxy(event, target, opts)` Make a proxy request to a target URL and send the response back to the client. If the `target` starts with `/`, the request is dispatched internally via `event.app.fetch()` (sub-request) and never leaves the process. This bypasses any external security layer (reverse proxy auth, IP allowlisting, mTLS). **Security:** Never pass unsanitized user input as the `target`. Callers are responsible for validating and restricting the target URL (e.g. allowlisting hosts, blocking internal paths, enforcing protocol). ### `proxyRequest(event, target, opts)` Proxy the incoming request to a target URL. If the `target` starts with `/`, the request is handled internally by the app router via `event.app.fetch()` instead of making an external HTTP request. **Security:** Never pass unsanitized user input as the `target`. Callers are responsible for validating and restricting the target URL (e.g. allowlisting hosts, blocking internal paths, enforcing protocol). Consider using `bodyLimit()` middleware to prevent large request bodies from consuming excessive resources when proxying untrusted input.