1 files changed, 42 insertions, 1 deletions

diff --git a/ext/fetch/lib.rs b/ext/fetch/lib.rs
index ec2bc5e4e..56e9ef1af 100644
--- a/ext/fetch/lib.rs
+++ b/ext/fetch/lib.rs
@@ -25,13 +25,15 @@ use deno_core::RcRef;
 use deno_core::Resource;
 use deno_core::ResourceId;
 use deno_core::ZeroCopyBuf;
-use deno_tls::create_http_client;
 use deno_tls::rustls::RootCertStore;
 use deno_tls::Proxy;
 use http::header::CONTENT_LENGTH;
+use reqwest::header::HeaderMap;
 use reqwest::header::HeaderName;
 use reqwest::header::HeaderValue;
 use reqwest::header::HOST;
+use reqwest::header::USER_AGENT;
+use reqwest::redirect::Policy;
 use reqwest::Body;
 use reqwest::Client;
 use reqwest::Method;
@@ -573,3 +575,42 @@ where
   let rid = state.resource_table.add(HttpClientResource::new(client));
   Ok(rid)
 }
+
+/// Create new instance of async reqwest::Client. This client supports
+/// proxies and doesn't follow redirects.
+pub fn create_http_client(
+  user_agent: String,
+  root_cert_store: Option<RootCertStore>,
+  ca_certs: Vec<Vec<u8>>,
+  proxy: Option<Proxy>,
+  unsafely_ignore_certificate_errors: Option<Vec<String>>,
+  client_cert_chain_and_key: Option<(String, String)>,
+) -> Result<Client, AnyError> {
+  let mut tls_config = deno_tls::create_client_config(
+    root_cert_store,
+    ca_certs,
+    unsafely_ignore_certificate_errors,
+    client_cert_chain_and_key,
+  )?;
+
+  tls_config.alpn_protocols = vec!["h2".into(), "http/1.1".into()];
+
+  let mut headers = HeaderMap::new();
+  headers.insert(USER_AGENT, user_agent.parse().unwrap());
+  let mut builder = Client::builder()
+    .redirect(Policy::none())
+    .default_headers(headers)
+    .use_preconfigured_tls(tls_config);
+
+  if let Some(proxy) = proxy {
+    let mut reqwest_proxy = reqwest::Proxy::all(&proxy.url)?;
+    if let Some(basic_auth) = &proxy.basic_auth {
+      reqwest_proxy =
+        reqwest_proxy.basic_auth(&basic_auth.username, &basic_auth.password);
+    }
+    builder = builder.proxy(reqwest_proxy);
+  }
+
+  // unwrap here because it can only fail when native TLS is used.
+  Ok(builder.build().unwrap())
+}