-
Notifications
You must be signed in to change notification settings - Fork 28.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fetch response content #53713
Comments
Certain websites have certain settings that make fetching them without certain information return a different response. Node.js doesn't control these sites, so your request must conform to their standards. |
In your case, it appears that Facebook wants the following headers: fetch('https://www.facebook.com/.well-known/oauth/openid/jwks/', {
headers: {
'sec-fetch-site': '<...>'
}
}); Edit: I see you mentioned that in your issue, sorry to reiterate a known point 😄 |
Obviously. The point is that fetch without headers work fine in browsers and node-fetch (and curl, and...), so it's kind of surprising it doesn't work with nodejs' built-in fetch. |
fetch in Deno v1.44.4 and Bun v1.1.17 also work fine without any extra headers. |
If you'd like to like to suggest an improvement to the default fetch headers, please refer to https://github.com/nodejs/undici and https://github.com/whatwg/fetch |
Version
v20.15.0
Platform
Subsystem
fetch
What steps will reproduce the bug?
fetch('https://www.facebook.com/.well-known/oauth/openid/jwks/')
How often does it reproduce? Is there a required condition?
💯
What is the expected behavior? Why is that the expected behavior?
I expect to get a response from fetch that contains a JSON body, since that's what Firefox's, Edge's, and node-fetch's
fetch
return. It's also what curl 8.x gets and what browsers show if you paste the URL in the address bar.What do you see instead?
I response that contains text/html.
Additional information
I also tried
fetch('https://www.facebook.com/.well-known/oauth/openid/jwks/', { headers: { accept: 'application/json' } })
(andaccept: '*/*'
), but it made no difference. I tried the fetch generated by a browser using "copy as fetch," and that worked. After a bit of binary search between the minimal fetch and the browser generated fetch, I found thatfetch('https://www.facebook.com/.well-known/oauth/openid/jwks/')
responds with HTMLfetch('https://www.facebook.com/.well-known/oauth/openid/jwks/', { headers: { 'Sec-Fetch-Site': 'none' } })
responds with JSONI've also seen (closed) APIs from Azure API Management that respond 500 to nodejs' fetch, but works as expected with all the above mentioned alternatives. The issue is also there in 20.15.0 from https://deb.nodesource.com/node_20.x in a debian:bookworm-20240513 container.
The text was updated successfully, but these errors were encountered: