refactor: allow server-side headers

[Kikobeats]

Hello,

At Edge Runtime, we are patching the undici Request implementation to be more server-side friendly, allowing to pass connection header.

I guess connection and the rest of headers are forbidden to follow with fetch spec. Potentially there are more headers that should to be forbidden according to https://developer.mozilla.org/en-US/docs/Glossary/Forbidden_header_name

but since undici can be used in servers too, is it any chance to be less restrictive?

MDN is pointing something that could be key:

Modifying such headers is forbidden because the user agent retains full control over them.

Maybe setup user-agent: undefined could be the way to discriminate these headers in any way?

Related:

• Can't remove default headers. Can't overwrite "sec-fetch-mode", "connection" headers. #1305
• Allow user provided connection header #1307
• docs: forbidden headers not documented #1470

[ronag]

I'm not so sure about this. Need to think a bit.

[mcollina]

I think the best avenue to discuss this is https://github.com/wintercg/fetch

[ronag]

I don't understand the use case. Most of these headers is something the user should not be touching or using. Do you have some examples?

[KhafraDev]

This is needed if undici implements a WebSocket client.

        The request MUST contain an |Upgrade| header field whose value
        MUST include the "websocket" keyword.

        The request MUST contain a |Connection| header field whose value
        MUST include the "Upgrade" token.