Skip to content

fix(client): sanitize Request init for Deno and Bun compatibility#4178

Open
jwulf wants to merge 1 commit into
hey-api:mainfrom
jwulf:fix/request-init-deno-bun-compat
Open

fix(client): sanitize Request init for Deno and Bun compatibility#4178
jwulf wants to merge 1 commit into
hey-api:mainfrom
jwulf:fix/request-init-deno-bun-compat

Conversation

@jwulf

@jwulf jwulf commented Jun 28, 2026

Copy link
Copy Markdown

What

Fixes the generated fetch and SSE clients throwing on Deno and Bun:

TypeError: Failed to construct 'Request': Argument 2 `client` must be a Deno.HttpClient

Closes #4177. Related: #554.

Why

The client-fetch runtime and the core SSE runtime spread their internal options object into new Request(url, init). Node, undici and browsers ignore unknown RequestInit keys, but Deno and Bun validate the init strictly (Deno treats client as a Deno.HttpClient) and throw on every request. A custom fetch cannot work around it because the Request is constructed before fetch runs.

How

  • Add a toRequestInit() helper to client-core/bundle/utils.ts that returns a RequestInit containing only standard fields (method, headers, body, signal, redirect, cache, credentials, mode, referrer, referrerPolicy, integrity, keepalive, duplex, priority, window).
  • Use it at the affected new Request(...) sites:
    • client-fetch/bundle/client.ts (main request path)
    • client-core/bundle/serverSentEvents.ts (SSE path; this also sanitizes the init handed to the onRequest callbacks of the fetch / ofetch / ky / next clients)
  • client-ofetch and client-ky already build clean inits on their main paths, so they need no change there.

Behaviour on Node and in the browser is unchanged — the removed keys were already ignored by those runtimes.

Tests

client-core/__tests__/utils.test.ts adds toRequestInit coverage, including a test that stubs globalThis.Request to reject the non-standard client key (emulating Deno/Bun) and asserts the sanitized init constructs successfully. Runs in the normal vitest suite (no Deno/Bun runtime needed). A changeset is included.

Downstream

Found while making @camunda8/orchestration-cluster-api run on Deno (camunda/orchestration-cluster-api-js#283 / #284). Once this lands, the downstream post-gen workaround can be removed.

The client-fetch and core SSE runtimes spread their internal options
object into new Request(url, init). Node, undici and browsers ignore
unknown RequestInit keys, but Deno and Bun validate the init strictly
(Deno treats client as a Deno.HttpClient) and throw on every request:

  TypeError: Failed to construct 'Request': Argument 2 `client`
  must be a Deno.HttpClient

Add a toRequestInit() helper that keeps only standard RequestInit fields
and use it before constructing the Request in the fetch and SSE clients.
No-op on Node and in the browser.

Co-authored-by: Copilot <[email protected]>
@bolt-new-by-stackblitz

Copy link
Copy Markdown

Review PR in StackBlitz Codeflow Run & review this pull request in StackBlitz Codeflow.

@changeset-bot

changeset-bot Bot commented Jun 28, 2026

Copy link
Copy Markdown

🦋 Changeset detected

Latest commit: 9a82aa0

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@hey-api/openapi-ts Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@vercel

vercel Bot commented Jun 28, 2026

Copy link
Copy Markdown

@jwulf is attempting to deploy a commit to the Hey API Team on Vercel.

A member of the Team first needs to authorize it.

@pullfrog pullfrog Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ No new issues found.

Reviewed changes — the PR adds a toRequestInit() sanitizer in @hey-api/client-core and uses it wherever the generated fetch client or core SSE runtime constructs a Request, dropping internal keys like client, fetch, and serializers that Deno/Bun reject.

  • Add toRequestInit() sanitizer to client-core/bundle/utils.ts
  • Sanitize RequestInit in client-fetch before constructing the main request
  • Sanitize RequestInit in core SSE runtime before constructing the request and handing it to onRequest callbacks
  • Add tests covering standard-key retention, non-standard-key removal, undefined filtering, and a stub of a strict runtime emulating Deno/Bun
  • Include changeset for @hey-api/openapi-ts

Pullfrog  | ⚠️ this action is pinned to a commit SHA, which freezes the cleanup step — switch to @v0 or keep the SHA fresh with Dependabot | View workflow run | Using Kimi K2 (free via Pullfrog for OSS) | 𝕏

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

client-fetch: generated client throws on Deno and Bun (internal options leak into Request init)

1 participant