Update browser polyfill to include better error message

[holm]

We are currently seeing some rare instances of the error Invalid character in header field name in the wild.

The change in whatwg-fetch at https://github.com/github/fetch/pull/880 will provide us with a better error message, so we can try to understand why this happens. It would be great if the polyfill could be updated and a new version released.

Thanks.

[ThisIsMissEm]

@holm I've just debugged this exact issue, and for us, it was because a header value included a \n / LF character, which the browser-ponyfill handles as being a new header, so:

content-length: 91\r\ncontent-type: application/json\r\nwww-authenticate: DPoP realm=\"Auth Server\"\nBearer realm=\"Auth Server\"\r\n

Get parsed into the following key/value pairs passed to header.append:

{ key: 'content-length', value: '91' }
{ key: 'content-type', value: 'application/json' }
{ key: 'www-authenticate', value: 'DPoP realm="Auth Server"' }
{ key: 'Bearer realm="Auth Server"', value: '' }

Though, I should note: I'm only seeing this in Firefox for some reason, where the ponyfill is being pulled in despite fetch being global there. I think this is because of 123b1a2ef13f279f444118398959fb3424abfca4 which seems to mean the polyfill is always used over the native fetch() implementation.

But basically, if you're encountering the Invalid character in header field name error, check that the header values do not include a \n character.

[lquixada]

I've been working on version 4 of cross-fetch and the whatwg-fetch was updated to the latest version (3.6.2). If anyone's interested in checking it out, please run npm install cross-fetch@latest-v4.x in your project to give it a try. Let me know if any issues come up.

[lquixada]

Version 4 has been officially released with whatwg-fetch@3.6.2. Please check it out: npm install cross-fetch.