diff --git a/CHANGELOG.md b/CHANGELOG.md
index 70e951da..1f142a69 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,21 @@
All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+## [8.0.0](https://github.com/npm/registry-fetch/compare/v7.0.1...v8.0.0) (2020-02-24)
+
+
+### ⚠ BREAKING CHANGES
+
+* Removes the 'opts.refer' option and the HTTP Referer
+header (unless explicitly added to the 'headers' option, of course).
+
+PR-URL: https://github.com/npm/npm-registry-fetch/pull/25
+Credit: @isaacs
+
+### Bug Fixes
+
+* remove referer header and opts.refer ([eb8f7af](https://github.com/npm/registry-fetch/commit/eb8f7af3c102834856604c1be664b00ca0fe8ef2)), closes [#25](https://github.com/npm/registry-fetch/issues/25)
+
### [7.0.1](https://github.com/npm/registry-fetch/compare/v7.0.0...v7.0.1) (2020-02-24)
## [7.0.0](https://github.com/npm/registry-fetch/compare/v6.0.2...v7.0.0) (2020-02-18)
diff --git a/README.md b/README.md
index da722827..31a10a72 100644
--- a/README.md
+++ b/README.md
@@ -501,14 +501,6 @@ using
If the request URI already has a query string, it will be merged with
`opts.query`, preferring `opts.query` values.
-##### `opts.refer`
-
-* Type: String
-* Default: null
-
-Value to use for the `Referer` header. The npm CLI itself uses this to serialize
-the npm command line using the given request.
-
##### `opts.registry`
* Type: URL
diff --git a/index.js b/index.js
index 2942db22..8e05f418 100644
--- a/index.js
+++ b/index.js
@@ -113,7 +113,6 @@ function regFetch (uri, /* istanbul ignore next */ opts_ = {}) {
method: method,
noProxy: opts.noProxy,
proxy: opts.httpsProxy || opts.proxy,
- referer: opts.refer,
retry: opts.retry ? opts.retry : {
retries: opts.fetchRetries,
factor: opts.fetchRetryFactor,
@@ -176,12 +175,17 @@ function getCacheMode (opts) {
function getHeaders (registry, uri, opts) {
const headers = Object.assign({
'npm-in-ci': !!opts.isFromCI,
- 'npm-scope': opts.projectScope,
- 'npm-session': opts.npmSession,
- 'user-agent': opts.userAgent,
- referer: opts.refer
+ 'user-agent': opts.userAgent
}, opts.headers || {})
+ if (opts.projectScope) {
+ headers['npm-scope'] = opts.projectScope
+ }
+
+ if (opts.npmSession) {
+ headers['npm-session'] = opts.npmSession
+ }
+
const auth = getAuth(registry, opts)
// If a tarball is hosted on a different place than the manifest, only send
// credentials on `alwaysAuth`
diff --git a/package-lock.json b/package-lock.json
index 5cd44d6a..705f3893 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
{
"name": "npm-registry-fetch",
- "version": "7.0.1",
+ "version": "8.0.0",
"lockfileVersion": 1,
"requires": true,
"dependencies": {
diff --git a/package.json b/package.json
index 987d6cb7..bfd52ce9 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "npm-registry-fetch",
- "version": "7.0.1",
+ "version": "8.0.0",
"description": "Fetch-based http client for use with npm registry APIs",
"main": "index.js",
"files": [
diff --git a/test/index.js b/test/index.js
index e618c3a6..5ad69170 100644
--- a/test/index.js
+++ b/test/index.js
@@ -497,6 +497,26 @@ test('npm-in-ci header with forced CI=false', t => {
// TODO
// * npm-session
// * npm-scope
-// * referer (opts.refer)
// * user-agent
-test('miscellaneous headers')
+test('miscellaneous headers', t => {
+ tnock(t, OPTS.registry)
+ .matchHeader('npm-session', session =>
+ t.strictSame(session, ['foobarbaz'], 'session set from options'))
+ .matchHeader('npm-scope', scope =>
+ t.strictSame(scope, ['@foo'], 'scope set from options'))
+ .matchHeader('user-agent', ua =>
+ t.strictSame(ua, ['agent of use'], 'UA set from options'))
+ .matchHeader('npm-in-ci', ci =>
+ t.strictSame(ci, ['false'], 'CI set from options'))
+ .get('/hello')
+ .reply(200, { hello: 'world' })
+
+ return fetch('/hello', {
+ ...OPTS,
+ npmSession: 'foobarbaz',
+ projectScope: '@foo',
+ userAgent: 'agent of use'
+ }).then(res => {
+ t.equal(res.status, 200, 'got successful response')
+ })
+})