`@edge-runtime/node-utils`: `computeOrigin` ignores HTTP/2 `:authority`

[aui]

Bug Report

Package: @edge-runtime/node-utils
Version observed: 4.0.0

Current behavior

When converting a Node.js IncomingMessage into a Fetch Request, the computeOrigin function only reads headers.host. In HTTP/2 connections, the request authority is often provided via the :authority pseudo-header instead, leaving the host header unset. As a result, the adapter falls back to the defaultOrigin, causing Request.url to point to the wrong host even when the client provided the correct authority.

Expected behavior/code

Request.url should reflect the client's authority (e.g., https://example.test:5173/) when the :authority pseudo-header is present in the request headers.

Possible solution

Update computeOrigin to check for the :authority header if host is missing, and improve protocol inference to better handle TLS on non-standard ports.

function computeOrigin({ headers }, defaultOrigin) {
  // Check both host and :authority
  const authority = headers.host || headers[':authority'];
  if (!authority) {
    return defaultOrigin;
  }

  let protocol = 'http';
  if (defaultOrigin) {
    try {
      protocol = new URL(defaultOrigin).protocol.replace(':', '') || 'http';
    } catch {
      // keep default
    }
  }
  
  const [, port] = authority.split(':');
  // If port is 443, ensure we use https
  if (port === '443') {
    protocol = 'https';
  }
  
  return `${protocol}://${authority}`;
}