fix(fetch): reject Request body for GET and HEAD methods

[HiteshShonak]

This Pull Request fixes/closes #5200.

It changes the following:

• into_request_builder now checks if the method is GET or HEAD and throws a TypeError if a body is provided, matching the Fetch Standard.
• Added regression tests for both GET and HEAD cases.

Testing:

cargo test -p boa_runtime request -- --nocapture

Spec reference: https://fetch.spec.whatwg.org/#dom-request

[Copilot]

Pull request overview

This PR aligns Boa’s Request constructor with the Fetch Standard by rejecting request bodies for GET and HEAD methods, addressing issue #5200.

Changes:

• Add a GET/HEAD + body validation in RequestInit::into_request_builder, returning a TypeError when violated.
• Add regression tests asserting new Request(..., { method: "GET"/"HEAD", body: "x" }) throws a TypeError.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
core/runtime/src/fetch/request.rs	Adds GET/HEAD body rejection logic during request construction.
core/runtime/src/fetch/tests/request.rs	Adds regression tests for GET/HEAD requests with an explicit body.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[github-actions]

Test262 conformance changes

Test result	main count	PR count	difference
Total	53,125	53,125	0
Passed	51,049	51,049	0
Ignored	1,482	1,482	0
Failed	594	594	0
Panics	0	0	0
Conformance	96.09%	96.09%	0.00%

Tested main commit: 352ec3dd2e814e9b2b5ee322c684605533b96344
Tested PR commit: 97a7c2309f3b67a7aef0f9966e46892d2dbe381d
Compare commits: 352ec3d...97a7c23

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 59.71%. Comparing base (6ddc2b4) to head (97a7c23).
⚠️ Report is 946 commits behind head on main.

Additional details and impacted files

@@             Coverage Diff             @@
##             main    #5201       +/-   ##
===========================================
+ Coverage   47.24%   59.71%   +12.46%     
===========================================
  Files         476      589      +113     
  Lines       46892    63679    +16787     
===========================================
+ Hits        22154    38023    +15869     
- Misses      24738    25656      +918     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[jedel1043]

Can you link the specific part of the spec that handles inherited bodies? I was looking through it and I didn't see it doing this. The only thing it checked was the parent request and the RequestInit object.

[jedel1043]

In general I would like to see this being commented with the specific spec lines it's implementing, since it makes maintainance much easier.

[HiteshShonak]

hey, added spec comments to both places. the HasBody extension is there because boa stores body as Vec, so an empty string body and no body both look the same. needed a way to track if body was explicitly set, which is what inputBody is non-null checks in the spec: https://fetch.spec.whatwg.org/#dom-request

[jedel1043]

That sounds kinda suboptimal. What about just changing body to an Option<Vec<u8>>? That avoids having to use an extension to something that should be "native" in a way.

[HiteshShonak]

switched to Option<Vec<u8>> and removed the HasBody extension. let me know if this looks good