Additional headers are lost with a server-side fetch

[illright]

Describe the bug

When a server-side load function makes a request to the same hostname (not necessarily the same domain) and includes additional headers with the Headers object instead of a regular object, these additional headers are replaced with a Cookie header.

There are two issues to address:

• Overwritten headers if they are passed as a Headers object
• Incorrect detection of similar hostnames (ports aren't considered)

Reproduction

https://github.com/illright/sveltekit-repro-headers-class

Logs

N/A

System Info

System:
    OS: Linux 5.10 Arch Linux
    CPU: (8) x64 Intel(R) Core(TM) i5-8265U CPU @ 1.60GHz
    Memory: 3.32 GB / 3.76 GB
    Container: Yes
    Shell: 3.3.1 - /bin/fish
  Binaries:
    Node: 17.1.0 - /usr/sbin/node
    npm: 8.1.3 - /usr/sbin/npm
  npmPackages:
    @sveltejs/adapter-auto: next => 1.0.0-next.3
    @sveltejs/kit: next => 1.0.0-next.201
    svelte: ^3.44.0 => 3.44.2

Severity

blocking all usage of SvelteKit

Additional Information

No response

[illright]

Actually, it seems like the ports should not be considered, according to RFC 6265:

Similarly, cookies for a given host are shared
across all the ports on that host, even though the usual "same-origin
policy" used by web browsers isolates content retrieved via different
ports.

That must mean this issue can be closed.