Fixes#26669
The Blob case in `didReceiveBinaryData` was calling `decPendingActivityCount()`
inside the `postTask` callback without a matching `incPendingActivityCount()`
beforehand. This caused a crash ("Pure virtual function called!") when the
WebSocket client received binary data (like ping frames) with `binaryType =
"blob"` and no corresponding event listener attached.
The bug was introduced in #21471 when Blob support was added. The ArrayBuffer
and NodeBuffer cases correctly call `incPendingActivityCount()` before
`postTask`, but the Blob case was missing this call.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
### What does this PR do?
Extract NO_PROXY checking logic from getHttpProxyFor into a reusable
isNoProxy method on the env Loader. This allows both fetch() and
WebSocket to check NO_PROXY even when a proxy is explicitly provided via
the proxy option (not just via http_proxy env var).
Changes:
- env_loader.zig: Extract isNoProxy() from getHttpProxyFor()
- FetchTasklet.zig: Check isNoProxy() before using explicit proxy
- WebSocket.cpp: Check Bun__isNoProxy() before using explicit proxy
- virtual_machine_exports.zig: Export Bun__isNoProxy for C++ access
- Add NO_PROXY tests for both fetch and WebSocket proxy paths
### How did you verify your code works?
Tests
---------
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
### What does this PR do?
Updates WebKit to
5b6a0ac49b
### How did you verify your code works?
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Jarred Sumner <jarred@jarredsumner.com>
Co-authored-by: Claude Bot <claude-bot@bun.sh>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
## Summary
- Extracts credentials from WebSocket URL (`ws://user:pass@host`) and
sends them as Basic Authorization header
- User-provided `Authorization` header takes precedence over URL
credentials
- Credentials are properly URL-decoded before being Base64-encoded
Fixes#24388
## Test plan
- [x] Added regression test `test/regression/issue/24388.test.ts` with 5
test cases:
- Basic credentials in URL
- Empty password
- No credentials (no header sent)
- Custom Authorization header takes precedence
- Special characters (URL-encoded) in credentials
- [x] Tests pass with `bun bd test test/regression/issue/24388.test.ts`
- [x] Tests fail with `USE_SYSTEM_BUN=1 bun test` (confirming the bug
existed)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Bot <claude-bot@bun.sh>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- WTFMove → WTF::move / std::move: Replaced WTFMove() macro with
WTF::move() function for WTF types, std::move() for std types
- SortedArrayMap removed: Replaced with if-else chains in
EventFactory.cpp, JSCryptoKeyUsage.cpp
- Wasm::Memory::create signature changed: Removed VM parameter
- URLPattern allocation: Changed from WTF_MAKE_ISO_ALLOCATED to
WTF_MAKE_TZONE_ALLOCATED
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
## Summary
- Implements proper WebSocket subprotocol negotiation per RFC 6455 and
WHATWG standards
- Adds HeaderValueIterator utility for parsing comma-separated header
values
- Fixes WebSocket client to correctly validate server subprotocol
responses
- Sets WebSocket.protocol property to negotiated subprotocol per WHATWG
spec
- Includes comprehensive test coverage for all subprotocol scenarios
## Changes
**Core Implementation:**
- Add `HeaderValueIterator` utility for parsing comma-separated HTTP
header values
- Replace hash-based protocol matching with proper string set comparison
- Implement WHATWG compliant protocol property setting on successful
negotiation
**WebSocket Client (`WebSocketUpgradeClient.zig`):**
- Parse client subprotocols into StringSet using HeaderValueIterator
- Validate server response against requested protocols
- Set protocol property when server selects a matching subprotocol
- Allow connections when server omits Sec-WebSocket-Protocol header (per
spec)
- Reject connections when server sends unknown or empty subprotocol
values
**C++ Bindings:**
- Add `setProtocol` method to WebSocket class for updating protocol
property
- Export C binding for Zig integration
## Test Plan
Comprehensive test coverage for all subprotocol scenarios:
- ✅ Server omits Sec-WebSocket-Protocol header (connection allowed,
protocol="")
- ✅ Server sends empty Sec-WebSocket-Protocol header (connection
rejected)
- ✅ Server selects valid subprotocol from multiple client options
(protocol set correctly)
- ✅ Server responds with unknown subprotocol (connection rejected with
code 1002)
- ✅ Validates CloseEvent objects don't trigger [Circular] console bugs
All tests use proper WebSocket handshake implementation and validate
both client and server behavior per RFC 6455 requirements.
## Issues Fixed
Fixes#10459 - WebSocket client does not retrieve the protocol sent by
the server
Fixes#10672 - `obs-websocket-js` is not compatible with Bun
Fixes#17707 - Incompatibility with NodeJS when using obs-websocket-js
library
Fixes#19785 - Mismatch client protocol when connecting with multiple
Sec-WebSocket-Protocol
This enables obs-websocket-js and other libraries that rely on proper
RFC 6455 subprotocol negotiation to work correctly with Bun.
🤖 Generated with [Claude Code](https://claude.ai/code)
---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
## Summary
This PR fixes WebSocket to correctly emit an `error` event before the
`close` event when the handshake fails (e.g., 302 redirects, non-101
status codes, missing headers).
Fixes#14338
## Problem
Previously, when a WebSocket connection failed during handshake (like
receiving a 302 redirect or connecting to a non-WebSocket server), Bun
would only emit a `close` event. This behavior differed from the WHATWG
WebSocket specification and other runtimes (browsers, Node.js with `ws`,
Deno) which emit both `error` and `close` events.
## Solution
Modified `WebSocket::didFailWithErrorCode()` in `WebSocket.cpp` to pass
`isConnectionError = true` for all handshake failure error codes,
ensuring an error event is dispatched before the close event when the
connection is in the CONNECTING state.
## Changes
- Updated error handling in `src/bun.js/bindings/webcore/WebSocket.cpp`
to emit error events for handshake failures
- Added comprehensive test coverage in
`test/regression/issue/14338.test.ts`
## Test Coverage
The test file includes:
1. **Negative test**: 302 redirect response - verifies error event is
emitted
2. **Negative test**: Non-WebSocket HTTP server - verifies error event
is emitted
3. **Positive test**: Successful WebSocket connection - verifies NO
error event is emitted
All tests pass with the fix applied.
🤖 Generated with [Claude Code](https://claude.ai/code)
---------
Co-authored-by: Claude Bot <claude-bot@bun.sh>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Jarred Sumner <jarred@jarredsumner.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
* Enable more C++ warnings
* Only enable these ones in release builds
* Update MessagePortChannel.cpp
* Update BunProcess.cpp
---------
Co-authored-by: Jarred Sumner <709451+Jarred-Sumner@users.noreply.github.com>
* windows: fix some websocket tests
* this file should work now, report any errors
* make this change later
* add back running this with node
* add as const to these
---------
Co-authored-by: Jarred Sumner <jarred@jarredsumner.com>
* Use debug mode by default
* Enable build with assertions enabled
* Update cli.zig
* Update bun-linux-build.yml
* Fixes
* Fix `ASSERT_ENABLED`
* try this
* Update Dockerfile
* mimalloc debug
* Update CMakeLists.txt
* `Bun.deepMatch` - fix assertion failures
cc @dylan-conway, looks like we need to use `putDirectMayBeIndex` and check for `isCell` more carefully.
* Object.create support in code generator and callbacks wrapper
* Remove unused file
* zig upgrade
* zls
* Fix various errors
* Support `BuiltinAccessor` in create_hash_table script
* Fix assertion failure in `process.mainModule`
* Fix assertion failure in `onerror`
* Fix assertion failure when creating a Worker
* Fix asssertion failure when loading lots of files in bun test
* Fix assertion failure when termating a `Worker`
* Add helper for converting BunString to a WTFString
* Fix assertion failure in notifyNeedTermination
* Add more debug logs in `bun test`
* Fix compiler warning in usockets
* Fix assertion failure with `Worker` termination (another)
* Fix assertion failure in `coerceToInt64`
* Fix assertion failure in `BroadcastChannel`
* Fix assertion failure in `Headers.prototype.getAll`
* Fixes#7067
* Add heap analyzer label for CommonJS modules
* Fix assertion failure in module.require && module.require.resolve
* Remove unused code
* Fix assertion failure in debugger
* Fix crash in debugger
* Fix assertion failures in bun:sqlite
* Bump zig
* Bump WebKit
* Fix assertion failure in JSPromise::reject && JSInternalPromise::reject
* Fix assertion failure in ReadableStream::cancel
* Fix assertion failure in AsyncContextFrame::create
* Fix assertion failure in bun:sqlite
* Fix assertion failure in mocks
* Fix assertion failure in ServerWebSocket.close
* Fix assertion failure in N-API with subclasses
* [napi] Make promises cheaper
* undo
* Don't check for exceptions in ObjectInitializationScope
* Add separate entry point for test runner that doesn't generate code
* Don't deref builtin code
* Fix preload test
* Fix assertion failure in memoryUsage()
* Fix preload test, part 2
* Ensure that the env map for a Worker is empty after it is used
* The pointer for the Arena allocator used in parsing should not change
* Terminate thread on exit
* Start to implement scriptExecutionStatus
* Update worker.test.ts
* Fix Dirent.name setter
* Update settings.json
* Fix assertion failure in node:http
* Use correct value for `JSFinalObject::maxInlineCapacity`
* JSFinalObject::maxInlineCapacity x2
* Don't strip when assertions are enabled
* Make `m_wasTerminated` atomic
* Preserve directives in the transpiler
cc @ctjlewis
* Workaround assertion failure in ServerWebSocket.sendBinary and ServerWebSocket.sendText
* windows
* Buffer lockfile serialization in-memory
* PR feedback
* PR feedback
* PR feedback
* Windows
* quotes
* Update CMakeLists.txt
* Update bun-linux-build.yml
* Update bun-linux-build.yml
* Move this code to BunString.cpp
* Update BunString.cpp
---------
Co-authored-by: Jarred Sumner <709451+Jarred-Sumner@users.noreply.github.com>
* fix fetch
* oops
* revert
* fix checkServerIdentity
* check dns len
* use same checks on wsclient and fetch, fix tests
* more tests and more fixes
* fix node-http flask test
* orelse
* fix requestCert
* more fixes, but no data receiving
* fix pause on connect behavior on TLS
* WS Client + rejectUnauthorized progress
* move test to the right place
* more test
* oops
* oops 2
* fmt
* cleanup
* WIP: handle handshake properly on uWS
* handle rejectUnauthorized in uWS
* fmt
* duplicated test
* fix leak
* add rejectUnauthorized option in WS types
* fix merge
* fix merge2
* Prepare for windows event loop
* More progress
* Update libuv.zig
* wip
* Make compiling each dependency a shell script
* Bump mimalloc
* Add the build scripts
* Update settings.json
* Fix a bunch of compiler warnings
* Remove more warnings
* more warnings
* cmake works
* Update JSSQLStatement.h
* put it in the zig file
* Fix usockets warnings
* Fixup
* Fix one of the compiler errors
* chunk
* draw the rest of the owl
* theres more
* Rename Process -> BunProcess
Works around a Windows issue
* Add musl polyfill for memmem on Windows
* More
* 12 mb
* Fix getenvZ
* fix variosu issues
* Add fast-ish path for bun install on Windows
* Update windows.zig
* Update windows.zig
* Fix build issue
* it works
* hmmm
* Rename file
* Fixups
* Update wtf-bindings.cpp
* Update src/bun.js/bindings/headers-handwritten.h
Co-authored-by: Dylan Conway <35280289+dylan-conway@users.noreply.github.com>
* further!
* more
* Update .gitignore
* hm
* quite a lot of fixes
* Update CMakeLists.txt
* zig fmt
* Many more things are starting to work.
* reb
* regenaret
* Update JSSink.h
* fixup
* fetch works
* Bun.serve() and much of the event loop works now
* Make require() work
* bun install progress
* more things work
* use less std.os
* Fixes
* small fixes
* Bump
* Bummp
* Undo that change
* We have to bump the version of Debian because libarchive has a higher minimum requirement
* ok
* some clenaup
* windows
* Update bun.zig
* fixup
* avoid duplicate symbols
* avoid undefined symbols
* bump
* Remove issue template for install
It's not used, and use the bug issue instead.
* Add types for cp and cpSync
* Add types for watchFile and unwatchFile
* Add bun-types to 'bun fmt' script
* Update nodejs compat docs cp/cpSync/watchFile/unwatchFile (#4525)
* feat(fetch) rejectUnauthorized and checkServerIdentity (#4514)
* enable root certs on fetch
* rebase
* fix lookup
* some fixes and improvements
* fmt
* more fixes
* more fixes
* check detached onHandshake
* fix promise case
* fix cert non-Native
* add fetch tls tests
* more one test
* churn
* Update feature_flags.zig
* Update response.zig
* Revert "avoid undefined symbols"
This reverts commit ca835b726f.
* Revert "avoid duplicate symbols"
This reverts commit 4ac6ca8700.
* Update feature_flags.zig
* Set permissions
* more
* Update mimalloc
* Fix sqlite test failures
* Fix some test failures
* Make sure we remove libusockets is removed
* hm
* [dave]: fix webcrypto crash
* bump
* Update index.ts
* windows zig compiles
* cmake on mac works
* progress
* yay
* bun run build
* fix
* ok
* oops
* asdfasfdafdsafda
* fghjkl
* git ignore
* wow
* Process -> BunProcess
* hmm
* blah
* finalize merge
* now it only has linker errors on mac
* sdfadsf
* g
* getting farther
* sxdcvbnmk,
* adfhjskfjdhkas
* a
* fgh
* update build dot zig
* asdfg
* theoretical -DCANARY flag we can use
* asdf
* cool
* okay
* colorterm
* New build workflow
* Fix script
* Use sudo
* More sudo
* Tweak dependencies
* Another sudo attempt
* Tweak script
* 16.0 -> 16
* Tweak script
* Tweak script
* Tweak script
* Tweak script
* Tweak script
* bun install
* ssh into github actions
* add more to ssh
* Fix postinstal
* Skip llvm
* New dockerfile
* Build
* More changes to Dockerfile
* chaos chaos chaos
* okay
* a
* more cmake nonsense
* add unified sources code (does not work)
* stuff
* prepare for CI builds
* ok
* yay
* yeah
* make this more stable simply by trying again if it fails, 5 times, then lose. it fixes the stability issue i was running into L O L
* messing with ci
* x
* a
* clean dependencies before build
* oops
* this is not going to work but its closer
* not gonna work either
* a
* a
* did i do it
* a
* a
* work around weird fs+Bun.build issues
* properly pass debug flag correctly
* idk im sorry
* lose
* maybe
* run the tests please
* a
* fix zlib script
* a
* hi
* prevent stupid ci issue
* i totally didnt leave in a syntax error on cmakelists
* a
* lol
* relax
* 😭
* a
* SO SILLY
* 😡 one line mistake
* one character diff
* fix linking symbols missing
* work on dependency scripts
* does this work now?
* fix mac build
* a
* bump!
* woops
* add macos baseline build
* .
* fix sqlite and also enable $assert/$debug support in builtin functions
* okay
* oops
* zig upgrade lol
* Merge
* Fix spawn test issue
* Set a timeout
* yeah
* etc
* mi
---------
Co-authored-by: Jarred Sumner <709451+Jarred-Sumner@users.noreply.github.com>
Co-authored-by: Dylan Conway <dylan.conway567@gmail.com>
Co-authored-by: Dylan Conway <35280289+dylan-conway@users.noreply.github.com>
Co-authored-by: Ashcon Partovi <ashcon@partovi.net>
Co-authored-by: Birk Skyum <74932975+birkskyum@users.noreply.github.com>
Co-authored-by: dave caruso <me@paperdave.net>
* Allow zero length WebSocket client & server messages
* Add test
* Clean this up a little
* Clean up these tests a little
* Hopefully fix the test failure in release build
* Don't copy into the receive buffer
* Less flaky
---------
Co-authored-by: Jarred Sumner <709451+Jarred-Sumner@users.noreply.github.com>
* [internal] Show the file path to the calling function from JS
* [internal] Make `JSC.NewFunction` more type safe
* Upgrade WebKit
* Finish
---------
Co-authored-by: Jarred Sumner <709451+Jarred-Sumner@users.noreply.github.com>
