/*
All material copyright ESRI, All Rights Reserved, unless otherwise specified.
See https://js.arcgis.com/4.25/esri/copyright.txt for details.
*/
import e from"./config.js";import{id as r}from"./kernel.js";import t from"./core/Error.js";import has from"./core/has.js";import{clone as s}from"./core/lang.js";import{unwrap as o}from"./core/maybe.js";import{onAbort as a,isAbortError as n,createAbortError as i,isAborted as l}from"./core/promiseUtils.js";import{isDataProtocol as u,isBlobProtocol as c,normalize as d,getInterceptor as p,isTrustedServer as m,getOrigin as h,toHTTPS as f,addQueryParameter as y,objectToQuery as w,getProxyRule as g,getProxyUrl as b,addQueryParameters as q,hasSameOrigin as T,getAppUrl as k,addProxyRule as O}from"./core/urlUtils.js";import{isSecureProxyService as S}from"./portal/support/urlUtils.js";import{supportsApiKey as v}from"./support/apiKeyUtils.js";import{registerNoCorsDomains as C,isNoCorsRequestRequired as x,sendNoCorsRequest as E,loadImageAsync as L}from"./support/requestUtils.js";async function U(e,r){const t=u(e),s=c(e);s||t||(e=d(e));const n={url:e,requestOptions:{...o(r)}};let i=p(e);if(i){const e=await G(i,n);if(null!=e)return{data:e,getHeader:M,requestOptions:n.requestOptions,url:n.url};i.after||i.error||(i=null)}if(e=n.url,"image"===(r=n.requestOptions).responseType){if(has("host-webworker")||has("host-node"))throw N("request:invalid-parameters",new Error("responseType 'image' is not supported in Web Workers or Node environment"),n)}else if(t)throw N("request:invalid-parameters",new Error("Data URLs are not supported for responseType = "+r.responseType),n);if("head"===r.method){if(r.body)throw N("request:invalid-parameters",new Error("body parameter cannot be set when method is 'head'"),n);if(t||s)throw N("request:invalid-parameters",new Error("data and blob URLs are not supported for method 'head'"),n)}if(await B(),j)return j.execute(e,r);const l=new AbortController;a(r,(()=>l.abort()));const m={controller:l,credential:void 0,credentialToken:void 0,fetchOptions:void 0,hasToken:!1,interceptor:i,params:n,redoRequest:!1,useIdentity:P.useIdentity,useProxy:!1,useSSL:!1,withCredentials:!1},h=await Q(m);return i?.after?.(h),h}let j;const P=e.request,D="FormData"in globalThis,_=[499,498,403,401],F=["COM_0056","COM_0057","SB_0008"],I=[/\/arcgis\/tokens/i,/\/sharing(\/rest)?\/generatetoken/i,/\/rest\/info/i],M=()=>null,R=Symbol();function A(e){const r=h(e);r&&!U._corsServers.includes(r)&&U._corsServers.push(r)}function H(e){const r=h(e);return!r||r.endsWith(".arcgis.com")||U._corsServers.includes(r)||m(r)}function N(e,r,o,a){let l="Error";const u={url:o.url,requestOptions:o.requestOptions,getHeader:M,ssl:!1};if(r instanceof t)return r.details?(r.details=s(r.details),r.details.url=o.url,r.details.requestOptions=o.requestOptions):r.details=u,r;if(r){const e=a&&(e=>a.headers.get(e)),t=a&&a.status,s=r.message;s&&(l=s),e&&(u.getHeader=e),u.httpStatus=(null!=r.httpCode?r.httpCode:r.code)||t||0,u.subCode=r.subcode,u.messageCode=r.messageCode,"string"==typeof r.details?u.messages=[r.details]:u.messages=r.details,u.raw=R in r?r[R]:r}return n(r)?i():new t(e,l,u)}async function B(){has("host-webworker")?j||(j=await import("./core/workers/request.js")):U._abortableFetch||(U._abortableFetch=globalThis.fetch.bind(globalThis))}async function $(){r||await import("./identity/IdentityManager.js")}async function z(t){const s=t.params.url,o=t.params.requestOptions,a=t.controller.signal,n=o.body;let i=null,u=null;if(D&&"HTMLFormElement"in globalThis&&(n instanceof FormData?i=n:n instanceof HTMLFormElement&&(i=new FormData(n))),"string"==typeof n&&(u=n),t.fetchOptions={cache:o.cacheBust&&!U._abortableFetch.polyfill?"no-cache":"default",credentials:"same-origin",headers:o.headers||{},method:"head"===o.method?"HEAD":"GET",mode:"cors",priority:P.priority,redirect:"follow",signal:a},(i||u)&&(t.fetchOptions.body=i||u),"anonymous"===o.authMode&&(t.useIdentity=!1),t.hasToken=!!(/token=/i.test(s)||o.query?.token||i?.get("token")),!t.hasToken&&e.apiKey&&v(s)&&(o.query||(o.query={}),o.query.token=e.apiKey,t.hasToken=!0),t.useIdentity&&!t.hasToken&&!t.credentialToken&&!K(s)&&!l(a)){let e;"immediate"===o.authMode?(await $(),e=await r.getCredential(s,{signal:a}),t.credential=e):"no-prompt"===o.authMode?(await $(),e=await r.getCredential(s,{prompt:!1,signal:a}).catch((()=>{})),t.credential=e):r&&(e=r.findCredential(s)),e&&(t.credentialToken=e.token,t.useSSL=!!e.ssl)}}function K(e){return I.some((r=>r.test(e)))}async function W(e){let t=e.params.url;const s=e.params.requestOptions,o=e.fetchOptions??{},a=c(t)||u(t),n=s.responseType||"json",l=a?0:null!=s.timeout?s.timeout:P.timeout;let d=!1;if(!a){e.useSSL&&(t=f(t)),s.cacheBust&&"default"===o.cache&&(t=y(t,"request.preventCache",Date.now()));let a={...s.query};e.credentialToken&&(a.token=e.credentialToken);let n=w(a);has("esri-url-encodes-apostrophe")&&(n=n.replace(/'/g,"%27"));const i=t.length+1+n.length;let l;d="delete"===s.method||"post"===s.method||"put"===s.method||!!s.body||i>P.maxUrlLength;const u=s.useProxy||!!g(t);if(u){const e=b(t);l=e.path,!d&&l.length+1+i>P.maxUrlLength&&(d=!0),e.query&&(a={...e.query,...a})}if("HEAD"===o.method&&(d||u)){if(d){if(i>P.maxUrlLength)throw N("request:invalid-parameters",new Error("URL exceeds maximum length"),e.params);throw N("request:invalid-parameters",new Error("cannot use POST request when method is 'head'"),e.params)}if(u)throw N("request:invalid-parameters",new Error("cannot use proxy when method is 'head'"),e.params)}if(d?(o.method="delete"===s.method?"DELETE":"put"===s.method?"PUT":"POST",s.body?t=q(t,a):(o.body=w(a),o.headers||(o.headers={}),o.headers["Content-Type"]="application/x-www-form-urlencoded")):t=q(t,a),u&&(e.useProxy=!0,t=`${l}?${t}`),a.token&&D&&o.body instanceof FormData&&!S(t)&&o.body.set("token",a.token),s.hasOwnProperty("withCredentials"))e.withCredentials=s.withCredentials;else if(!T(t,k()))if(m(t))e.withCredentials=!0;else if(r){const s=r.findServerInfo(t);s&&s.webTierAuth&&(e.withCredentials=!0)}e.withCredentials&&(o.credentials="include",x(t)&&await E(d?q(t,a):t))}let p,v,C=0,L=!1;l>0&&(C=setTimeout((()=>{L=!0,e.controller.abort()}),l));try{if("native-request-init"===s.responseType)v=o,v.url=t;else if("image"!==s.responseType||"default"!==o.cache||"GET"!==o.method||d||J(s.headers)||!a&&!e.useProxy&&P.proxyUrl&&!H(t)){if(p=await U._abortableFetch(t,o),e.useProxy||A(t),"native"===s.responseType)v=p;else if("HEAD"!==o.method)if(p.ok){switch(n){case"array-buffer":v=await p.arrayBuffer();break;case"blob":case"image":v=await p.blob();break;default:v=await p.text()}if(C&&(clearTimeout(C),C=0),"json"===n||"xml"===n||"document"===n)if(v)switch(n){case"json":v=JSON.parse(v);break;case"xml":v=X(v,"application/xml");break;case"document":v=X(v,"text/html")}else v=null;if(v){if("array-buffer"===n||"blob"===n){const e=p.headers.get("Content-Type");if(e&&/application\/json|text\/plain/i.test(e)&&v["blob"===n?"size":"byteLength"]<=750)try{const e=await new Response(v).json();e.error&&(v=e)}catch{}}"image"===n&&v instanceof Blob&&(v=await Y(URL.createObjectURL(v),e,!0))}}else v=await p.text()}else v=await Y(t,e)}catch(j){if("AbortError"===j.name){if(L)throw new Error("Timeout exceeded");throw i("Request canceled")}if(!(!p&&j instanceof TypeError&&P.proxyUrl)||s.body||"delete"===s.method||"head"===s.method||"post"===s.method||"put"===s.method||e.useProxy||H(t))throw j;e.redoRequest=!0,O({proxyUrl:P.proxyUrl,urlPrefix:h(t)??""})}finally{C&&clearTimeout(C)}return[p,v]}async function G(e,r){if(null!=e.responseData)return e.responseData;if(e.headers&&(r.requestOptions.headers={...r.requestOptions.headers,...e.headers}),e.query&&(r.requestOptions.query={...r.requestOptions.query,...e.query}),e.before){let o,a;try{a=await e.before(r)}catch(s){o=N("request:interceptor",s,r)}if((a instanceof Error||a instanceof t)&&(o=N("request:interceptor",a,r)),o)throw e.error&&e.error(o),o;return a}}function J(e){if(e)for(const r of Object.getOwnPropertyNames(e))if(e[r])return!0;return!1}function X(e,r){let t;try{t=(new DOMParser).parseFromString(e,r)}catch{}if(!t||t.getElementsByTagName("parsererror").length)throw new SyntaxError("XML Parse error");return t}async function Q(e){let t,s;await z(e);try{do{[t,s]=await W(e)}while(!await V(e,t,s))}catch(n){const r=N("request:server",n,e.params,t);throw r.details.ssl=e.useSSL,e.interceptor&&e.interceptor.error&&e.interceptor.error(r),r}const o=e.params.url;if(s&&/\/sharing\/rest\/(accounts|portals)\/self/i.test(o)){if(!e.hasToken&&!e.credentialToken&&s.user?.username&&!m(o)){const e=h(o,!0);e&&P.trustedServers.push(e)}Array.isArray(s.authorizedCrossOriginNoCorsDomains)&&C(s.authorizedCrossOriginNoCorsDomains)}const a=e.credential;if(a&&r){const e=r.findServerInfo(a.server);let t=e&&e.owningSystemUrl;if(t){t=t.replace(/\/?$/,"/sharing");const e=r.findCredential(t,a.userId);e&&-1===r._getIdenticalSvcIdx(t,e)&&e.resources.unshift(t)}}return{data:s,getHeader:t?e=>t?.headers.get(e):M,requestOptions:e.params.requestOptions,ssl:e.useSSL,url:e.params.url}}async function V(e,t,s){if(e.redoRequest)return e.redoRequest=!1,!1;const o=e.params.requestOptions;if(!t||"native"===o.responseType||"native-request-init"===o.responseType)return!0;let a,n;if(!t.ok)throw a=new Error(`Unable to load ${t.url} status: ${t.status}`),a[R]=s,a;s&&(s.error?a=s.error:"error"===s.status&&Array.isArray(s.messages)&&(a={...s},a[R]=s,a.details=s.messages));let i,l=null;a&&(n=Number(a.code),l=a.hasOwnProperty("subcode")?Number(a.subcode):null,i=a.messageCode,i=i&&i.toUpperCase());const u=o.authMode;if(403===n&&(4===l||a.message&&a.message.toLowerCase().includes("ssl")&&!a.message.toLowerCase().includes("permission"))){if(!e.useSSL)return e.useSSL=!0,!1}else if(!e.hasToken&&e.useIdentity&&("no-prompt"!==u||498===n)&&void 0!==n&&_.includes(n)&&!K(e.params.url)&&(403!==n||i&&!F.includes(i)&&(null==l||2===l&&e.credentialToken))){await $();try{const t=await r.getCredential(e.params.url,{error:N("request:server",a,e.params),prompt:"no-prompt"!==u,signal:e.controller.signal,token:e.credentialToken});return e.credential=t,e.credentialToken=t.token,e.useSSL=e.useSSL||t.ssl,!1}catch(c){if("no-prompt"===u)return e.credential=void 0,e.credentialToken=void 0,!1;a=c}}if(a)throw a;return!0}function Y(e,r,t=!1){const s=r.controller.signal,o=new Image;return r.withCredentials?o.crossOrigin="use-credentials":o.crossOrigin="anonymous",o.alt="",o.fetchPriority=P.priority,o.src=e,L(o,e,t,s)}U._abortableFetch=null,U._corsServers=["https://server.arcgisonline.com","https://services.arcgisonline.com"];export{U as default};