The document is different from the runtime

[an5er]

Version

all

Platform

all

Subsystem

No response

What steps will reproduce the bug?

that's what it says in the documentation

but i test it

How often does it reproduce? Is there a required condition?

all

What is the expected behavior? Why is that the expected behavior?

It does not inherit the properties of the prototype

What do you see instead?

It inherits the properties of the prototype

Additional information

No response

[lpinca]

The "with method always set to GET." part is wrong but the other sentence is correct. The following example is what the documentation refers to.

const assert = require('assert');
const http = require('http');

function Options() {}

Options.prototype.method = 'POST';

const options = new Options();

assert.strictEqual(options.method, 'POST');

const server = http.createServer();

server.on('request', function (request, response) {
  console.log(request.method);
  response.end('OK');
});

server.listen(function () {
  const { port } = server.address();
  const request = http.get(`http://localhost:${port}`, options);

  request.on('response', function (response) {
    response.resume();
    response.on('end', function () {
      server.close();
    });
  });
});

[an5er]

The last sentence inherits attributes from the prototype to ignore ambiguities, which I understand as follows：

const http = require('http');

var obj = {};

obj.__proto__.method = 'POST';

const server = http.createServer();

server.on('request', function (request, response) {
    console.log(request.method);
    response.end('OK');
});

server.listen(function () {
    const { port } = server.address();
    const request = http.get(`http://localhost:${port}`);

    request.on('response', function (response) {
        response.resume();
        response.on('end', function () {
            server.close();
        });
    });
});

If the code written by the user has any prototype chain contamination, there may be a vulnerability hazard

[benjamingr]

Wanna open a docs PR? A fix would probably be: "With the method set to GET by default" or something?

[an5er]

Yes, I did, I originally wanted to fix this prototype inheritance issue because it could cause bugs, but I found I couldn't do it, so I fixed docs

[lpinca]

If the code written by the user has any prototype chain contamination, there may be a vulnerability hazard

Changing the global object prototype is a different thing and is at the user's risk. It is not limited to this but the whole runtime environment.