umd-tough-cookie.js

	// elsewhere), except it returns a Date
	Cookie.prototype.expiryDate = function expiryDate(now) {
	  var millisec = this.expiryTime(now);
	  if (millisec == Infinity) {
	    return new Date(MAX_TIME);
	  } else if (millisec == -Infinity) {
	    return new Date(MIN_TIME);
	  } else {
	    return new Date(millisec);
	  }
	};

	// This replaces the "persistent-flag" parts of S5.3 step 3
	Cookie.prototype.isPersistent = function isPersistent() {
	  return (this.maxAge != null || this.expires != Infinity);
	};

	// Mostly S5.1.2 and S5.2.3:
	Cookie.prototype.cdomain =
	Cookie.prototype.canonicalizedDomain = function canonicalizedDomain() {
	  if (this.domain == null) {
	    return null;
	  }
	  return canonicalDomain(this.domain);
	};

	function CookieJar(store, options) {
	  if (typeof options === "boolean") {
	    options = {rejectPublicSuffixes: options};
	  } else if (options == null) {
	    options = {};
	  }
	  if (options.rejectPublicSuffixes != null) {
	    this.rejectPublicSuffixes = options.rejectPublicSuffixes;
	  }
	  if (options.looseMode != null) {
	    this.enableLooseMode = options.looseMode;
	  }

	  if (!store) {
	    store = new MemoryCookieStore();
	  }
	  this.store = store;
	}
	CookieJar.prototype.store = null;
	CookieJar.prototype.rejectPublicSuffixes = true;
	CookieJar.prototype.enableLooseMode = false;
	var CAN_BE_SYNC = [];

	CAN_BE_SYNC.push('setCookie');
	CookieJar.prototype.setCookie = function(cookie, url, options, cb) {
	  var err;
	  var context = getCookieContext(url);
	  if (options instanceof Function) {
	    cb = options;
	    options = {};
	  }

	  var host = canonicalDomain(context.hostname);
	  var loose = this.enableLooseMode;
	  if (options.loose != null) {
	    loose = options.loose;
	  }

	  // S5.3 step 1
	  if (typeof(cookie) === 'string' || cookie instanceof String) {
	    cookie = Cookie.parse(cookie, { loose: loose });
	    if (!cookie) {
	      err = new Error("Cookie failed to parse");
	      return cb(options.ignoreError ? null : err);
	    }
	  }
	  else if (!(cookie instanceof Cookie)) {
	    // If you're seeing this error, and are passing in a Cookie object, 
	    // it *might* be a Cookie object from another loaded version of tough-cookie.
	    err = new Error("First argument to setCookie must be a Cookie object or string");
	    return cb(options.ignoreError ? null : err);
	  }

	  // S5.3 step 2
	  var now = options.now || new Date(); // will assign later to save effort in the face of errors

	  // S5.3 step 3: NOOP; persistent-flag and expiry-time is handled by getCookie()

	  // S5.3 step 4: NOOP; domain is null by default

	  // S5.3 step 5: public suffixes
	  if (this.rejectPublicSuffixes && cookie.domain) {
	    var suffix = pubsuffix.getPublicSuffix(cookie.cdomain());
	    if (suffix == null) { // e.g. "com"
	      err = new Error("Cookie has domain set to a public suffix");
	      return cb(options.ignoreError ? null : err);
	    }
	  }

	  // S5.3 step 6:
	  if (cookie.domain) {
	    if (!domainMatch(host, cookie.cdomain(), false)) {
	      err = new Error("Cookie not in this host's domain. Cookie:"+cookie.cdomain()+" Request:"+host);
	      return cb(options.ignoreError ? null : err);
	    }

	    if (cookie.hostOnly == null) { // don't reset if already set
	      cookie.hostOnly = false;
	    }

	  } else {
	    cookie.hostOnly = true;
	    cookie.domain = host;
	  }

	  //S5.2.4 If the attribute-value is empty or if the first character of the
	  //attribute-value is not %x2F ("/"):
	  //Let cookie-path be the default-path.
	  if (!cookie.path || cookie.path[0] !== '/') {
	    cookie.path = defaultPath(context.pathname);
	    cookie.pathIsDefault = true;
	  }

	  // S5.3 step 8: NOOP; secure attribute
	  // S5.3 step 9: NOOP; httpOnly attribute

	  // S5.3 step 10
	  if (options.http === false && cookie.httpOnly) {
	    err = new Error("Cookie is HttpOnly and this isn't an HTTP API");
	    return cb(options.ignoreError ? null : err);
	  }

	  var store = this.store;

	  if (!store.updateCookie) {
	    store.updateCookie = function(oldCookie, newCookie, cb) {
	      this.putCookie(newCookie, cb);
	    };
	  }

	  function withCookie(err, oldCookie) {
	    if (err) {
	      return cb(err);
	    }

	    var next = function(err) {
	      if (err) {
	        return cb(err);
	      } else {
	        cb(null, cookie);
	      }
	    };

	    if (oldCookie) {
	      // S5.3 step 11 - "If the cookie store contains a cookie with the same name,
	      // domain, and path as the newly created cookie:"
	      if (options.http === false && oldCookie.httpOnly) { // step 11.2
	        err = new Error("old Cookie is HttpOnly and this isn't an HTTP API");
	        return cb(options.ignoreError ? null : err);
	      }
	      cookie.creation = oldCookie.creation; // step 11.3
	      cookie.creationIndex = oldCookie.creationIndex; // preserve tie-breaker
	      cookie.lastAccessed = now;
	      // Step 11.4 (delete cookie) is implied by just setting the new one:
	      store.updateCookie(oldCookie, cookie, next); // step 12

	    } else {
	      cookie.creation = cookie.lastAccessed = now;
	      store.putCookie(cookie, next); // step 12
	    }
	  }

	  store.findCookie(cookie.domain, cookie.path, cookie.key, withCookie);
	};

	// RFC6365 S5.4
	CAN_BE_SYNC.push('getCookies');
	CookieJar.prototype.getCookies = function(url, options, cb) {
	  var context = getCookieContext(url);
	  if (options instanceof Function) {
	    cb = options;
	    options = {};
	  }

	  var host = canonicalDomain(context.hostname);
	  var path = context.pathname || '/';

	  var secure = options.secure;
	  if (secure == null && context.protocol &&
	      (context.protocol == 'https:' || context.protocol == 'wss:'))
	  {
	    secure = true;
	  }

	  var http = options.http;
	  if (http == null) {
	    http = true;
	  }

	  var now = options.now || Date.now();
	  var expireCheck = options.expire !== false;
	  var allPaths = !!options.allPaths;
	  var store = this.store;

	  function matchingCookie(c) {
	    // "Either:
	    //   The cookie's host-only-flag is true and the canonicalized
	    //   request-host is identical to the cookie's domain.
	    // Or:
	    //   The cookie's host-only-flag is false and the canonicalized
	    //   request-host domain-matches the cookie's domain."
	    if (c.hostOnly) {
	      if (c.domain != host) {
	        return false;
	      }
	    } else {
	      if (!domainMatch(host, c.domain, false)) {
	        return false;
	      }
	    }

	    // "The request-uri's path path-matches the cookie's path."
	    if (!allPaths && !pathMatch(path, c.path)) {
	      return false;
	    }

	    // "If the cookie's secure-only-flag is true, then the request-uri's
	    // scheme must denote a "secure" protocol"
	    if (c.secure && !secure) {
	      return false;
	    }

	    // "If the cookie's http-only-flag is true, then exclude the cookie if the
	    // cookie-string is being generated for a "non-HTTP" API"
	    if (c.httpOnly && !http) {
	      return false;
	    }

	    // deferred from S5.3
	    // non-RFC: allow retention of expired cookies by choice
	    if (expireCheck && c.expiryTime() <= now) {
	      store.removeCookie(c.domain, c.path, c.key, function(){}); // result ignored
	      return false;
	    }

	    return true;
	  }

	  store.findCookies(host, allPaths ? null : path, function(err,cookies) {
	    if (err) {
	      return cb(err);
	    }

	    cookies = cookies.filter(matchingCookie);

	    // sorting of S5.4 part 2
	    if (options.sort !== false) {
	      cookies = cookies.sort(cookieCompare);
	    }

	    // S5.4 part 3
	    var now = new Date();
	    cookies.forEach(function(c) {
	      c.lastAccessed = now;
	    });
	    // TODO persist lastAccessed

	    cb(null,cookies);
	  });
	};

	CAN_BE_SYNC.push('getCookieString');
	CookieJar.prototype.getCookieString = function(/*..., cb*/) {
	  var args = Array.prototype.slice.call(arguments,0);
	  var cb = args.pop();
	  var next = function(err,cookies) {
	    if (err) {
	      cb(err);
	    } else {
	      cb(null, cookies
	        .sort(cookieCompare)
	        .map(function(c){
	          return c.cookieString();
	        })
	        .join('; '));
	    }
	  };
	  args.push(next);
	  this.getCookies.apply(this,args);
	};

	CAN_BE_SYNC.push('getSetCookieStrings');
	CookieJar.prototype.getSetCookieStrings = function(/*..., cb*/) {
	  var args = Array.prototype.slice.call(arguments,0);
	  var cb = args.pop();
	  var next = function(err,cookies) {
	    if (err) {
	      cb(err);
	    } else {
	      cb(null, cookies.map(function(c){
	        return c.toString();
	      }));
	    }
	  };
	  args.push(next);
	  this.getCookies.apply(this,args);
	};

	CAN_BE_SYNC.push('serialize');
	CookieJar.prototype.serialize = function(cb) {
	  var type = this.store.constructor.name;
	  if (type === 'Object') {
	    type = null;
	  }

	  // update README.md "Serialization Format" if you change this, please!
	  var serialized = {
	    // The version of tough-cookie that serialized this jar. Generally a good
	    // practice since future versions can make data import decisions based on
	    // known past behavior. When/if this matters, use `semver`.
	    version: 'tough-cookie@'+VERSION,

	    // add the store type, to make humans happy:
	    storeType: type,

	    // CookieJar configuration:
	    rejectPublicSuffixes: !!this.rejectPublicSuffixes,

	    // this gets filled from getAllCookies:
	    cookies: []
	  };

	  if (!(this.store.getAllCookies &&
	        typeof this.store.getAllCookies === 'function'))
	  {
	    return cb(new Error('store does not support getAllCookies and cannot be serialized'));
	  }

	  this.store.getAllCookies(function(err,cookies) {
	    if (err) {
	      return cb(err);
	    }

	    serialized.cookies = cookies.map(function(cookie) {
	      // convert to serialized 'raw' cookies
	      cookie = (cookie instanceof Cookie) ? cookie.toJSON() : cookie;

	      // Remove the index so new ones get assigned during deserialization
	      delete cookie.creationIndex;

	      return cookie;
	    });

	    return cb(null, serialized);
	  });
	};

	// well-known name that JSON.stringify calls
	CookieJar.prototype.toJSON = function() {
	  return this.serializeSync();
	};

	// use the class method CookieJar.deserialize instead of calling this directly
	CAN_BE_SYNC.push('_importCookies');
	CookieJar.prototype._importCookies = function(serialized, cb) {
	  var jar = this;
	  var cookies = serialized.cookies;
	  if (!cookies || !Array.isArray(cookies)) {
	    return cb(new Error('serialized jar has no cookies array'));
	  }
	  cookies = cookies.slice(); // do not modify the original

	  function putNext(err) {
	    if (err) {
	      return cb(err);
	    }

	    if (!cookies.length) {
	      return cb(err, jar);
	    }

	    var cookie;
	    try {
	      cookie = fromJSON(cookies.shift());
	    } catch (e) {
	      return cb(e);
	    }

	    if (cookie === null) {
	      return putNext(null); // skip this cookie
	    }

	    jar.store.putCookie(cookie, putNext);
	  }

	  putNext();
	};

	CookieJar.deserialize = function(strOrObj, store, cb) {
	  if (arguments.length !== 3) {
	    // store is optional
	    cb = store;
	    store = null;
	  }

	  var serialized;
	  if (typeof strOrObj === 'string') {
	    serialized = jsonParse(strOrObj);
	    if (serialized instanceof Error) {
	      return cb(serialized);
	    }
	  } else {
	    serialized = strOrObj;
	  }

	  var jar = new CookieJar(store, serialized.rejectPublicSuffixes);
	  jar._importCookies(serialized, function(err) {
	    if (err) {
	      return cb(err);
	    }
	    cb(null, jar);
	  });
	};

	CookieJar.deserializeSync = function(strOrObj, store) {
	  var serialized = typeof strOrObj === 'string' ?
	    JSON.parse(strOrObj) : strOrObj;
	  var jar = new CookieJar(store, serialized.rejectPublicSuffixes);

	  // catch this mistake early:
	  if (!jar.store.synchronous) {
	    throw new Error('CookieJar store is not synchronous; use async API instead.');
	  }

	  jar._importCookiesSync(serialized);
	  return jar;
	};
	CookieJar.fromJSON = CookieJar.deserializeSync;

	CookieJar.prototype.clone = function(newStore, cb) {
	  if (arguments.length === 1) {
	    cb = newStore;
	    newStore = null;
	  }

	  this.serialize(function(err,serialized) {
	    if (err) {
	      return cb(err);
	    }
	    CookieJar.deserialize(serialized, newStore, cb);
	  });
	};

	CAN_BE_SYNC.push('removeAllCookies');
	CookieJar.prototype.removeAllCookies = function(cb) {
	  var store = this.store;

	  // Check that the store implements its own removeAllCookies(). The default
	  // implementation in Store will immediately call the callback with a "not
	  // implemented" Error.
	  if (store.removeAllCookies instanceof Function &&
	      store.removeAllCookies !== Store.prototype.removeAllCookies)
	  {
	    return store.removeAllCookies(cb);
	  }

	  store.getAllCookies(function(err, cookies) {
	    if (err) {
	      return cb(err);
	    }

	    if (cookies.length === 0) {
	      return cb(null);
	    }

	    var completedCount = 0;
	    var removeErrors = [];

	    function removeCookieCb(removeErr) {
	      if (removeErr) {
	        removeErrors.push(removeErr);
	      }

	      completedCount++;

	      if (completedCount === cookies.length) {
	        return cb(removeErrors.length ? removeErrors[0] : null);
	      }
	    }

	    cookies.forEach(function(cookie) {
	      store.removeCookie(cookie.domain, cookie.path, cookie.key, removeCookieCb);
	    });
	  });
	};

	CookieJar.prototype._cloneSync = syncWrap('clone');
	CookieJar.prototype.cloneSync = function(newStore) {
	  if (!newStore.synchronous) {
	    throw new Error('CookieJar clone destination store is not synchronous; use async API instead.');
	  }
	  return this._cloneSync(newStore);
	};

	// Use a closure to provide a true imperative API for synchronous stores.
	function syncWrap(method) {
	  return function() {
	    if (!this.store.synchronous) {
	      throw new Error('CookieJar store is not synchronous; use async API instead.');
	    }

	    var args = Array.prototype.slice.call(arguments);
	    var syncErr, syncResult;
	    args.push(function syncCb(err, result) {
	      syncErr = err;
	      syncResult = result;
	    });
	    this[method].apply(this, args);

	    if (syncErr) {
	      throw syncErr;
	    }
	    return syncResult;
	  };
	}

	// wrap all declared CAN_BE_SYNC methods in the sync wrapper
	CAN_BE_SYNC.forEach(function(method) {
	  CookieJar.prototype[method+'Sync'] = syncWrap(method);
	});

	exports.version = VERSION;
	exports.CookieJar = CookieJar;
	exports.Cookie = Cookie;
	exports.Store = Store;
	exports.MemoryCookieStore = MemoryCookieStore;
	exports.parseDate = parseDate;
	exports.formatDate = formatDate;
	exports.parse = parse;
	exports.fromJSON = fromJSON;
	exports.domainMatch = domainMatch;
	exports.defaultPath = defaultPath;
	exports.pathMatch = pathMatch;
	exports.getPublicSuffix = pubsuffix.getPublicSuffix;
	exports.cookieCompare = cookieCompare;
	exports.permuteDomain = __webpack_require__(19).permuteDomain;
	exports.permutePath = permutePath;
	exports.canonicalDomain = canonicalDomain;


/***/ }),
/* 1 */
/***/ (function(module, exports, __webpack_require__) {

	// Copyright Joyent, Inc. and other Node contributors.
	//
	// Permission is hereby granted, free of charge, to any person obtaining a
	// copy of this software and associated documentation files (the
	// "Software"), to deal in the Software without restriction, including
	// without limitation the rights to use, copy, modify, merge, publish,
	// distribute, sublicense, and/or sell copies of the Software, and to permit
	// persons to whom the Software is furnished to do so, subject to the
	// following conditions:
	//
	// The above copyright notice and this permission notice shall be included
	// in all copies or substantial portions of the Software.
	//
	// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
	// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
	// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
	// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
	// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
	// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
	// USE OR OTHER DEALINGS IN THE SOFTWARE.

	'use strict';

	var punycode = __webpack_require__(2);
	var util = __webpack_require__(4);

	exports.parse = urlParse;
	exports.resolve = urlResolve;
	exports.resolveObject = urlResolveObject;
	exports.format = urlFormat;

	exports.Url = Url;

	function Url() {
	  this.protocol = null;
	  this.slashes = null;
	  this.auth = null;
	  this.host = null;
	  this.port = null;
	  this.hostname = null;
	  this.hash = null;
	  this.search = null;
	  this.query = null;
	  this.pathname = null;
	  this.path = null;
	  this.href = null;
	}

	// Reference: RFC 3986, RFC 1808, RFC 2396

	// define these here so at least they only have to be
	// compiled once on the first module load.
	var protocolPattern = /^([a-z0-9.+-]+:)/i,
	    portPattern = /:[0-9]*$/,

	    // Special case for a simple path URL
	    simplePathPattern = /^(\/\/?(?!\/)[^\?\s]*)(\?[^\s]*)?$/,

	    // RFC 2396: characters reserved for delimiting URLs.
	    // We actually just auto-escape these.
	    delims = ['<', '>', '"', '`', ' ', '\r', '\n', '\t'],

	    // RFC 2396: characters not allowed for various reasons.
	    unwise = ['{', '}', '|', '\\', '^', '`'].concat(delims),

	    // Allowed by RFCs, but cause of XSS attacks.  Always escape these.
	    autoEscape = ['\''].concat(unwise),
	    // Characters that are never ever allowed in a hostname.
	    // Note that any invalid chars are also handled, but these
	    // are the ones that are *expected* to be seen, so we fast-path
	    // them.
	    nonHostChars = ['%', '/', '?', ';', '#'].concat(autoEscape),
	    hostEndingChars = ['/', '?', '#'],
	    hostnameMaxLen = 255,
	    hostnamePartPattern = /^[+a-z0-9A-Z_-]{0,63}$/,
	    hostnamePartStart = /^([+a-z0-9A-Z_-]{0,63})(.*)$/,
	    // protocols that can allow "unsafe" and "unwise" chars.
	    unsafeProtocol = {
	      'javascript': true,
	      'javascript:': true
	    },
	    // protocols that never have a hostname.
	    hostlessProtocol = {
	      'javascript': true,
	      'javascript:': true
	    },
	    // protocols that always contain a // bit.
	    slashedProtocol = {
	      'http': true,
	      'https': true,
	      'ftp': true,
	      'gopher': true,
	      'file': true,
	      'http:': true,
	      'https:': true,
	      'ftp:': true,
	      'gopher:': true,
	      'file:': true
	    },
	    querystring = __webpack_require__(5);

	function urlParse(url, parseQueryString, slashesDenoteHost) {
	  if (url && util.isObject(url) && url instanceof Url) return url;

	  var u = new Url;
	  u.parse(url, parseQueryString, slashesDenoteHost);
	  return u;
	}

	Url.prototype.parse = function(url, parseQueryString, slashesDenoteHost) {
	  if (!util.isString(url)) {
	    throw new TypeError("Parameter 'url' must be a string, not " + typeof url);
	  }

	  // Copy chrome, IE, opera backslash-handling behavior.
	  // Back slashes before the query string get converted to forward slashes
	  // See: https://code.google.com/p/chromium/issues/detail?id=25916
	  var queryIndex = url.indexOf('?'),
	      splitter =
	          (queryIndex !== -1 && queryIndex < url.indexOf('#')) ? '?' : '#',
	      uSplit = url.split(splitter),
	      slashRegex = /\\/g;
	  uSplit[0] = uSplit[0].replace(slashRegex, '/');
	  url = uSplit.join(splitter);

	  var rest = url;

	  // trim before proceeding.
	  // This is to support parse stuff like "  http://foo.com  \n"
	  rest = rest.trim();

	  if (!slashesDenoteHost && url.split('#').length === 1) {
	    // Try fast path regexp
	    var simplePath = simplePathPattern.exec(rest);
	    if (simplePath) {
	      this.path = rest;
	      this.href = rest;
	      this.pathname = simplePath[1];
	      if (simplePath[2]) {
	        this.search = simplePath[2];
	        if (parseQueryString) {
	          this.query = querystring.parse(this.search.substr(1));
	        } else {
	          this.query = this.search.substr(1);
	        }
	      } else if (parseQueryString) {
	        this.search = '';
	        this.query = {};
	      }
	      return this;
	    }
	  }

	  var proto = protocolPattern.exec(rest);
	  if (proto) {
	    proto = proto[0];
	    var lowerProto = proto.toLowerCase();
	    this.protocol = lowerProto;
	    rest = rest.substr(proto.length);
	  }

	  // figure out if it's got a host
	  // user@server is *always* interpreted as a hostname, and url
	  // resolution will treat //foo/bar as host=foo,path=bar because that's
	  // how the browser resolves relative URLs.
	  if (slashesDenoteHost || proto || rest.match(/^\/\/[^@\/]+@[^@\/]+/)) {
	    var slashes = rest.substr(0, 2) === '//';
	    if (slashes && !(proto && hostlessProtocol[proto])) {
	      rest = rest.substr(2);
	      this.slashes = true;
	    }
	  }

	  if (!hostlessProtocol[proto] &&
	      (slashes || (proto && !slashedProtocol[proto]))) {

	    // there's a hostname.
	    // the first instance of /, ?, ;, or # ends the host.
	    //
	    // If there is an @ in the hostname, then non-host chars *are* allowed
	    // to the left of the last @ sign, unless some host-ending character
	    // comes *before* the @-sign.
	    // URLs are obnoxious.
	    //
	    // ex:
	    // http://a@b@c/ => user:a@b host:c
	    // http://a@b?@c => user:a host:c path:/?@c

	    // v0.12 TODO(isaacs): This is not quite how Chrome does things.
	    // Review our test case against browsers more comprehensively.

	    // find the first instance of any hostEndingChars
	    var hostEnd = -1;
	    for (var i = 0; i < hostEndingChars.length; i++) {
	      var hec = rest.indexOf(hostEndingChars[i]);
	      if (hec !== -1 && (hostEnd === -1 || hec < hostEnd))
	        hostEnd = hec;
	    }

	    // at this point, either we have an explicit point where the
	    // auth portion cannot go past, or the last @ char is the decider.
	    var auth, atSign;
	    if (hostEnd === -1) {
	      // atSign can be anywhere.
	      atSign = rest.lastIndexOf('@');
	    } else {
	      // atSign must be in auth portion.
	      // http://a@b/c@d => host:b auth:a path:/c@d
	      atSign = rest.lastIndexOf('@', hostEnd);
	    }

	    // Now we have a portion which is definitely the auth.
	    // Pull that off.
	    if (atSign !== -1) {
	      auth = rest.slice(0, atSign);
	      rest = rest.slice(atSign + 1);
	      this.auth = decodeURIComponent(auth);
	    }

	    // the host is the remaining to the left of the first non-host char
	    hostEnd = -1;
	    for (var i = 0; i < nonHostChars.length; i++) {
	      var hec = rest.indexOf(nonHostChars[i]);
	      if (hec !== -1 && (hostEnd === -1 || hec < hostEnd))
	        hostEnd = hec;
	    }
	    // if we still have not hit it, then the entire thing is a host.
	    if (hostEnd === -1)
	      hostEnd = rest.length;

	    this.host = rest.slice(0, hostEnd);
	    rest = rest.slice(hostEnd);

	    // pull out port.
	    this.parseHost();

	    // we've indicated that there is a hostname,
	    // so even if it's empty, it has to be present.
	    this.hostname = this.hostname || '';

	    // if hostname begins with [ and ends with ]
	    // assume that it's an IPv6 address.
	    var ipv6Hostname = this.hostname[0] === '[' &&
	        this.hostname[this.hostname.length - 1] === ']';

	    // validate a little.
	    if (!ipv6Hostname) {
	      var hostparts = this.hostname.split(/\./);
	      for (var i = 0, l = hostparts.length; i < l; i++) {
	        var part = hostparts[i];
	        if (!part) continue;
	        if (!part.match(hostnamePartPattern)) {
	          var newpart = '';
	          for (var j = 0, k = part.length; j < k; j++) {
	            if (part.charCodeAt(j) > 127) {
	              // we replace non-ASCII char with a temporary placeholder
	              // we need this to make sure size of hostname is not
	              // broken by replacing non-ASCII by nothing
	              newpart += 'x';
	            } else {
	              newpart += part[j];
	            }
	          }
	          // we test again with ASCII char only
	          if (!newpart.match(hostnamePartPattern)) {
	            var validParts = hostparts.slice(0, i);
	            var notHost = hostparts.slice(i + 1);
	            var bit = part.match(hostnamePartStart);
	            if (bit) {
	              validParts.push(bit[1]);
	              notHost.unshift(bit[2]);
	            }
	            if (notHost.length) {
	              rest = '/' + notHost.join('.') + rest;
	            }
	            this.hostname = validParts.join('.');
	            break;
	          }
	        }
	      }
	    }

	    if (this.hostname.length > hostnameMaxLen) {
	      this.hostname = '';
	    } else {
	      // hostnames are always lower case.
	      this.hostname = this.hostname.toLowerCase();
	    }

	    if (!ipv6Hostname) {
	      // IDNA Support: Returns a punycoded representation of "domain".
	      // It only converts parts of the domain name that
	      // have non-ASCII characters, i.e. it doesn't matter if
	      // you call it with a domain that already is ASCII-only.
	      this.hostname = punycode.toASCII(this.hostname);
	    }

	    var p = this.port ? ':' + this.port : '';
	    var h = this.hostname || '';
	    this.host = h + p;
	    this.href += this.host;

	    // strip [ and ] from the hostname
	    // the host field still retains them, though
	    if (ipv6Hostname) {
	      this.hostname = this.hostname.substr(1, this.hostname.length - 2);
	      if (rest[0] !== '/') {
	        rest = '/' + rest;
	      }
	    }
	  }

	  // now rest is set to the post-host stuff.
	  // chop off any delim chars.
	  if (!unsafeProtocol[lowerProto]) {

	    // First, make 100% sure that any "autoEscape" chars get
	    // escaped, even if encodeURIComponent doesn't think they
	    // need to be.
	    for (var i = 0, l = autoEscape.length; i < l; i++) {
	      var ae = autoEscape[i];
	      if (rest.indexOf(ae) === -1)
	        continue;
	      var esc = encodeURIComponent(ae);
	      if (esc === ae) {
	        esc = escape(ae);
	      }
	      rest = rest.split(ae).join(esc);
	    }
	  }


	  // chop off from the tail first.
	  var hash = rest.indexOf('#');
	  if (hash !== -1) {
	    // got a fragment string.
	    this.hash = rest.substr(hash);
	    rest = rest.slice(0, hash);
	  }
	  var qm = rest.indexOf('?');
	  if (qm !== -1) {
	    this.search = rest.substr(qm);
	    this.query = rest.substr(qm + 1);
	    if (parseQueryString) {
	      this.query = querystring.parse(this.query);
	    }
	    rest = rest.slice(0, qm);
	  } else if (parseQueryString) {
	    // no query string, but parseQueryString still requested
	    this.search = '';
	    this.query = {};
	  }
	  if (rest) this.pathname = rest;
	  if (slashedProtocol[lowerProto] &&
	      this.hostname && !this.pathname) {
	    this.pathname = '/';
	  }

	  //to support http.request
	  if (this.pathname || this.search) {
	    var p = this.pathname || '';
	    var s = this.search || '';
	    this.path = p + s;
	  }

	  // finally, reconstruct the href based on what has been validated.
	  this.href = this.format();
	  return this;
	};

	// format a parsed object into a url string
	function urlFormat(obj) {
	  // ensure it's an object, and not a string url.
	  // If it's an obj, this is a no-op.
	  // this way, you can call url_format() on strings
	  // to clean up potentially wonky urls.
	  if (util.isString(obj)) obj = urlParse(obj);
	  if (!(obj instanceof Url)) return Url.prototype.format.call(obj);
	  return obj.format();
	}

	Url.prototype.format = function() {
	  var auth = this.auth || '';
	  if (auth) {
	    auth = encodeURIComponent(auth);
	    auth = auth.replace(/%3A/i, ':');
	    auth += '@';
	  }

	  var protocol = this.protocol || '',
	      pathname = this.pathname || '',
	      hash = this.hash || '',
	      host = false,
	      query = '';

	  if (this.host) {
	    host = auth + this.host;
	  } else if (this.hostname) {
	    host = auth + (this.hostname.indexOf(':') === -1 ?
	        this.hostname :
	        '[' + this.hostname + ']');
	    if (this.port) {
	      host += ':' + this.port;
	    }
	  }

	  if (this.query &&
	      util.isObject(this.query) &&
	      Object.keys(this.query).length) {
	    query = querystring.stringify(this.query);
	  }

	  var search = this.search || (query && ('?' + query)) || '';

	  if (protocol && protocol.substr(-1) !== ':') protocol += ':';

	  // only the slashedProtocols get the //.  Not mailto:, xmpp:, etc.
	  // unless they had them to begin with.
	  if (this.slashes ||
	      (!protocol || slashedProtocol[protocol]) && host !== false) {
	    host = '//' + (host || '');
	    if (pathname && pathname.charAt(0) !== '/') pathname = '/' + pathname;
	  } else if (!host) {
	    host = '';
	  }

	  if (hash && hash.charAt(0) !== '#') hash = '#' + hash;
	  if (search && search.charAt(0) !== '?') search = '?' + search;

	  pathname = pathname.replace(/[?#]/g, function(match) {
	    return encodeURIComponent(match);
	  });
	  search = search.replace('#', '%23');

	  return protocol + host + pathname + search + hash;
	};

	function urlResolve(source, relative) {
	  return urlParse(source, false, true).resolve(relative);
	}

	Url.prototype.resolve = function(relative) {
	  return this.resolveObject(urlParse(relative, false, true)).format();
	};

	function urlResolveObject(source, relative) {
	  if (!source) return relative;
	  return urlParse(source, false, true).resolveObject(relative);
	}