I'm in the process of implementing an login against an oauth based third-party server. As part of the login procedure I need to make an HTTP requests to an endpoint that returns a 302 status code with new Location header and vital session cookies that I need to intercept. Unfortunately the XMLHTTPRequest and the fetch API will automatically follow these redirect so there is no way of accessing or intercepting the required HTTP headers that contain authorization information.

So what I would like to suggest is:

• Add a non standard nofollow = true property to these API's so we as users can handle the redirect logic our selfs.
• Provide a much lower level HTTP interface much like Node's http module so we can build our own requests modules and use the modules such as request from npm.
• Provide a tcp interface so we can add HTTP parsing and WebSocket frame parsing on top of it.