npm - @decocms/start - Versions diffs - 1.3.3 → 1.3.5 - Mend

@decocms/start 1.3.3 → 1.3.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@decocms/start",
-  "version": "1.3.3",
+  "version": "1.3.5",
   "type": "module",
   "description": "Deco framework for TanStack Start - CMS bridge, admin protocol, hooks, schema generation",
   "main": "./src/index.ts",

package/src/routes/cmsRoute.ts CHANGED Viewed

@@ -27,7 +27,6 @@ import {
   getRequest,
   getRequestHeader,
   getRequestUrl,
-  setResponseHeader,
 } from "@tanstack/react-start/server";
 import { createElement } from "react";
 import { preloadSectionComponents } from "../cms/registry";
@@ -229,11 +228,6 @@ export const loadDeferredSection = createServerFn({ method: "POST" })
     });
     const enriched = await runSingleSectionLoader(section, request);
-    // Signal to the worker entry that this response is safe to edge-cache.
-    // Without this header, POST _serverFn responses are passed through
-    // without caching (checkout actions, invoke mutations, etc.).
-    setResponseHeader("X-Deco-Cacheable", "true");
     return normalizeUrlsInObject(enriched);
   });

package/src/sdk/cacheHeaders.ts CHANGED Viewed

@@ -267,6 +267,7 @@ const builtinPatterns: CachePattern[] = [
     test: (p) =>
       p.startsWith("/api/") ||
       p.startsWith("/deco/") ||
+      p.startsWith("/_server") ||
       p.startsWith("/_build"),
     profile: "none",
   },

package/src/sdk/workerEntry.ts CHANGED Viewed

@@ -436,7 +436,7 @@ export const DEFAULT_SECURITY_HEADERS: Record<string, string> = {
   "Cross-Origin-Opener-Policy": "same-origin-allow-popups",
 };
-const DEFAULT_BYPASS_PATHS = ["/_build", "/deco/", "/live/", "/.decofile"];
+const DEFAULT_BYPASS_PATHS = ["/_build", "/deco/", "/live/", "/.decofile", "/_server"];
 /**
  * Cookie names that are safe for caching — they carry anonymous/public
@@ -548,14 +548,6 @@ const IMMUTABLE_HEADERS: Record<string, string> = {
   Vary: "Accept-Encoding",
 };
-/** SHA-256 hex hash of a string — used for POST body cache keys. */
-async function hashText(text: string): Promise<string> {
-  const data = new TextEncoder().encode(text);
-  const buf = await crypto.subtle.digest("SHA-256", data);
-  return Array.from(new Uint8Array(buf))
-    .map((b) => b.toString(16).padStart(2, "0"))
-    .join("");
-}
 // ---------------------------------------------------------------------------
 // Factory
@@ -1015,168 +1007,6 @@ export function createDecoWorkerEntry(
         return origin;
       }
-      // -----------------------------------------------------------------
-      // POST _serverFn — edge-cacheable using body-hash as cache key.
-      // These carry public CMS section data (shelves, deferred sections)
-      // that benefits from edge caching despite being POST requests.
-      // -----------------------------------------------------------------
-      if (
-        request.method === "POST" &&
-        (url.pathname.startsWith("/_serverFn/") || url.pathname.startsWith("/_server/"))
-      ) {
-        const serverFnCache =
-          typeof caches !== "undefined"
-            ? ((caches as unknown as { default?: Cache }).default ?? null)
-            : null;
-        // Build segment once — used for logged-in check and cache key
-        const sfnSegment = buildSegment ? buildSegment(request) : undefined;
-        // Logged-in users always bypass — personalized content must not leak
-        if (sfnSegment?.loggedIn) {
-          const body = await request.text();
-          const originReq = new Request(request, { body, method: "POST" });
-          const origin = await serverEntry.fetch(originReq, env, ctx);
-          const resp = new Response(origin.body, origin);
-          resp.headers.set("Cache-Control", "private, no-cache, no-store, must-revalidate");
-          resp.headers.set("X-Cache", "BYPASS");
-          resp.headers.set("X-Cache-Reason", "logged-in");
-          return resp;
-        }
-        // Read body once and create a cloned request for origin fetch
-        const body = await request.text();
-        const bodyHash = await hashText(body);
-        // Build a synthetic GET cache key from the URL + body hash + segment
-        // Includes device, salesChannel, regionId, flags — so users in
-        // different regions or channels get separate cache entries.
-        const cacheKeyUrl = new URL(request.url);
-        cacheKeyUrl.searchParams.set("__body", bodyHash);
-        if (cacheVersionEnv !== false) {
-          const version = (env[cacheVersionEnv] as string) || "";
-          if (version) cacheKeyUrl.searchParams.set("__v", version);
-        }
-        if (sfnSegment) {
-          cacheKeyUrl.searchParams.set("__seg", hashSegment(sfnSegment));
-        } else if (deviceSpecificKeys) {
-          const device = isMobileUA(request.headers.get("user-agent") ?? "") ? "mobile" : "desktop";
-          cacheKeyUrl.searchParams.set("__cf_device", device);
-        }
-        // Include CF geo data so location-based content doesn't leak across geos
-        const cf = (request as unknown as { cf?: Record<string, string> }).cf;
-        if (cf) {
-          const geoParts: string[] = [];
-          if (cf.country) geoParts.push(cf.country);
-          if (cf.region) geoParts.push(cf.region);
-          if (cf.city) geoParts.push(cf.city);
-          if (geoParts.length) cacheKeyUrl.searchParams.set("__cf_geo", geoParts.join("|"));
-        }
-        const sfnCacheKey = new Request(cacheKeyUrl.toString(), { method: "GET" });
-        // Use "listing" profile for server function responses
-        const sfnProfile: CacheProfileName = "listing";
-        const sfnEdge = edgeCacheConfig(sfnProfile);
-        // Check edge cache
-        let sfnCached: Response | undefined;
-        if (serverFnCache) {
-          try {
-            sfnCached = await serverFnCache.match(sfnCacheKey) ?? undefined;
-          } catch { /* Cache API unavailable */ }
-        }
-        if (sfnCached && sfnEdge.fresh > 0) {
-          const storedAt = Number(sfnCached.headers.get("X-Deco-Stored-At") || "0");
-          const ageSec = storedAt > 0 ? (Date.now() - storedAt) / 1000 : Infinity;
-          if (ageSec < sfnEdge.fresh) {
-            const out = new Response(sfnCached.body, sfnCached);
-            const hdrs = cacheHeaders(sfnProfile);
-            for (const [k, v] of Object.entries(hdrs)) out.headers.set(k, v);
-            out.headers.set("X-Cache", "HIT");
-            out.headers.set("X-Cache-Profile", sfnProfile);
-            return out;
-          }
-          if (ageSec < sfnEdge.fresh + sfnEdge.swr) {
-            // Stale-while-revalidate: serve stale, refresh in background
-            ctx.waitUntil(
-              (async () => {
-                try {
-                  const bgReq = new Request(request, { body, method: "POST" });
-                  const bgOrigin = await serverEntry.fetch(bgReq, env, ctx);
-                  if (
-                    bgOrigin.status === 200 &&
-                    bgOrigin.headers.get("X-Deco-Cacheable") === "true" &&
-                    !bgOrigin.headers.has("set-cookie") &&
-                    serverFnCache
-                  ) {
-                    const ttl = sfnEdge.fresh + Math.max(sfnEdge.swr, sfnEdge.sie);
-                    const toStore = bgOrigin.clone();
-                    toStore.headers.set("Cache-Control", `public, max-age=${ttl}`);
-                    toStore.headers.set("X-Deco-Stored-At", String(Date.now()));
-                    toStore.headers.delete("CDN-Cache-Control");
-                    toStore.headers.delete("X-Deco-Cacheable");
-                    await serverFnCache.put(sfnCacheKey, toStore);
-                  }
-                } catch { /* background revalidation failed */ }
-              })(),
-            );
-            const out = new Response(sfnCached.body, sfnCached);
-            const hdrs = cacheHeaders(sfnProfile);
-            for (const [k, v] of Object.entries(hdrs)) out.headers.set(k, v);
-            out.headers.set("X-Cache", "STALE-HIT");
-            out.headers.set("X-Cache-Profile", sfnProfile);
-            out.headers.set("X-Cache-Age", String(Math.round(ageSec)));
-            return out;
-          }
-        }
-        // Cache MISS — fetch origin with the body we already read
-        const originReq = new Request(request, { body, method: "POST" });
-        const origin = await serverEntry.fetch(originReq, env, ctx);
-        // Only cache responses explicitly marked as cacheable by the handler
-        // (loadDeferredSection sets X-Deco-Cacheable: true). Checkout actions,
-        // invoke mutations, and other server functions are passed through.
-        const isCacheableResponse =
-          origin.headers.get("X-Deco-Cacheable") === "true" &&
-          !origin.headers.has("set-cookie") &&
-          origin.status === 200;
-        if (!isCacheableResponse) {
-          const resp = new Response(origin.body, origin);
-          resp.headers.delete("X-Deco-Cacheable");
-          resp.headers.set("X-Cache", "BYPASS");
-          resp.headers.set("X-Cache-Reason", origin.headers.has("set-cookie")
-            ? "set-cookie"
-            : "not-cacheable");
-          return resp;
-        }
-        // Store in edge cache
-        if (serverFnCache) {
-          try {
-            const ttl = sfnEdge.fresh + Math.max(sfnEdge.swr, sfnEdge.sie);
-            const toStore = origin.clone();
-            toStore.headers.set("Cache-Control", `public, max-age=${ttl}`);
-            toStore.headers.set("X-Deco-Stored-At", String(Date.now()));
-            toStore.headers.delete("CDN-Cache-Control");
-            toStore.headers.delete("X-Deco-Cacheable");
-            ctx.waitUntil(serverFnCache.put(sfnCacheKey, toStore));
-          } catch { /* Cache API unavailable */ }
-        }
-        const resp = new Response(origin.body, origin);
-        resp.headers.delete("X-Deco-Cacheable");
-        const hdrs = cacheHeaders(sfnProfile);
-        for (const [k, v] of Object.entries(hdrs)) resp.headers.set(k, v);
-        resp.headers.set("X-Cache", "MISS");
-        resp.headers.set("X-Cache-Profile", sfnProfile);
-        return resp;
-      }
       // Non-cacheable requests — pass through but protect against accidental caching
       if (!isCacheable(request, url)) {
         const origin = await serverEntry.fetch(request, env, ctx);