@qwik.dev/router 2.0.0-beta.29 → 2.0.0-beta.30

package/lib/middleware/request-handler/index.mjs

@@ -1,10 +1,27 @@
-import { isServer } from '@qwik.dev/core/build';
-import { k as isPromise, j as QDATA_KEY, Q as Q_ROUTE, f as QFN_KEY, m as QLOADER_KEY, h as QACTION_KEY, n as resolveRouteConfig, d as loadRoute } from '../../chunks/routing.qwik.mjs';
+import { Q as Q_ROUTE, m as resolveRouteConfig, n as QLOADER_KEY, h as QFN_KEY, j as QACTION_KEY, o as isPromise, k as QDATA_KEY, e as loadRoute } from '../../chunks/routing.qwik.mjs';
+import { isDev, _UNINITIALIZED, _deserialize, _verifySerializable, _serialize } from '@qwik.dev/core/internal';
 import { inlinedQrl } from '@qwik.dev/core';
-import { _serialize, isDev, _UNINITIALIZED, _deserialize, _verifySerializable } from '@qwik.dev/core/internal';
-import { _asyncRequestStore as _asyncRequestStore$1, ServerError as ServerError$1, RedirectMessage as RedirectMessage$1, RewriteMessage as RewriteMessage$1, AbortMessage as AbortMessage$1 } from '@qwik.dev/router/middleware/request-handler';
+import { R as RedirectMessage, A as AbortMessage } from '../../chunks/redirect-handler.mjs';
+import { isServer } from '@qwik.dev/core/build';
 import { g as getErrorHtml, m as minimalHtmlResponse } from '../../chunks/error-handler.mjs';
 
+const IsQData = "@isQData";
+const QDATA_JSON = "/q-data.json";
+function getRouteMatchPathname(pathname) {
+  const isInternal = pathname.endsWith(QDATA_JSON);
+  if (isInternal) {
+    const trimEnd = pathname.length - QDATA_JSON.length + (globalThis.__NO_TRAILING_SLASH__ ? 0 : 1);
+    pathname = pathname.slice(0, trimEnd);
+    if (pathname === "") {
+      pathname = "/";
+    }
+  }
+  return {
+    pathname,
+    isInternal
+  };
+}
+
 const MAX_CACHE_SIZE = typeof globalThis.__SSR_CACHE_SIZE__ === "number" ? globalThis.__SSR_CACHE_SIZE__ : 50;
 const ssrCache = /* @__PURE__ */ new Map();
 function resolveETag(eTagExport, headProps) {
@@ -116,460 +133,148 @@ var HttpStatus = /* @__PURE__ */ (function(HttpStatus2) {
   return HttpStatus2;
 })({});
 
-function createCacheControl(cacheControl) {
-  const controls = [];
-  if (cacheControl === "day") {
-    cacheControl = 60 * 60 * 24;
-  } else if (cacheControl === "week") {
-    cacheControl = 60 * 60 * 24 * 7;
-  } else if (cacheControl === "month") {
-    cacheControl = 60 * 60 * 24 * 30;
-  } else if (cacheControl === "year") {
-    cacheControl = 60 * 60 * 24 * 365;
-  } else if (cacheControl === "private") {
-    cacheControl = {
-      private: true,
-      noCache: true
-    };
-  } else if (cacheControl === "immutable") {
-    cacheControl = {
-      public: true,
-      immutable: true,
-      maxAge: 60 * 60 * 24 * 365
-    };
-  } else if (cacheControl === "no-cache") {
-    cacheControl = {
-      noCache: true
-    };
-  }
-  if (typeof cacheControl === "number") {
-    cacheControl = {
-      maxAge: cacheControl,
-      sMaxAge: cacheControl
-    };
-  }
-  if (cacheControl.immutable) {
-    controls.push("immutable");
-  }
-  if (cacheControl.maxAge) {
-    controls.push(`max-age=${cacheControl.maxAge}`);
-  }
-  if (cacheControl.sMaxAge) {
-    controls.push(`s-maxage=${cacheControl.sMaxAge}`);
-  }
-  if (cacheControl.noStore) {
-    controls.push("no-store");
-  }
-  if (cacheControl.noCache) {
-    controls.push("no-cache");
-  }
-  if (cacheControl.private) {
-    controls.push("private");
-  }
-  if (cacheControl.public) {
-    controls.push("public");
-  }
-  if (cacheControl.staleWhileRevalidate) {
-    controls.push(`stale-while-revalidate=${cacheControl.staleWhileRevalidate}`);
-  }
-  if (cacheControl.staleIfError) {
-    controls.push(`stale-if-error=${cacheControl.staleIfError}`);
-  }
-  return controls.join(", ");
+const RequestEvLoaders = /* @__PURE__ */ Symbol("RequestEvLoaders");
+const RequestEvMode = /* @__PURE__ */ Symbol("RequestEvMode");
+const RequestEvRoute = /* @__PURE__ */ Symbol("RequestEvRoute");
+const RequestEvLoaderSerializationStrategyMap = /* @__PURE__ */ Symbol("RequestEvLoaderSerializationStrategyMap");
+const RequestRouteName = "@routeName";
+const RequestEvSharedActionId = "@actionId";
+const RequestEvSharedActionFormData = "@actionFormData";
+const RequestEvSharedNonce = "@nonce";
+const RequestEvIsRewrite = "@rewrite";
+const RequestEvShareServerTiming = "@serverTiming";
+const RequestEvETagCacheKey = "@eTagCacheKey";
+const RequestEvHttpStatusMessage = "@httpStatusMessage";
+const RequestEvShareQData = "qData";
+function getRequestLoaders(requestEv) {
+  return requestEv[RequestEvLoaders];
 }
-
-const SAMESITE = {
-  lax: "Lax",
-  Lax: "Lax",
-  None: "None",
-  none: "None",
-  strict: "Strict",
-  Strict: "Strict"
-};
-const UNIT = {
-  seconds: 1,
-  minutes: 1 * 60,
-  hours: 1 * 60 * 60,
-  days: 1 * 60 * 60 * 24,
-  weeks: 1 * 60 * 60 * 24 * 7
-};
-function tryDecodeUriComponent(str) {
-  try {
-    return decodeURIComponent(str);
-  } catch {
-    return str;
-  }
+function getRequestLoaderSerializationStrategyMap(requestEv) {
+  return requestEv[RequestEvLoaderSerializationStrategyMap];
 }
-const parseCookieString = (cookieString) => {
-  const cookie = {};
-  if (typeof cookieString === "string" && cookieString !== "") {
-    const cookieSegments = cookieString.split(";");
-    for (const cookieSegment of cookieSegments) {
-      const separatorIndex = cookieSegment.indexOf("=");
-      if (separatorIndex !== -1) {
-        cookie[tryDecodeUriComponent(cookieSegment.slice(0, separatorIndex).trim())] = tryDecodeUriComponent(cookieSegment.slice(separatorIndex + 1).trim());
+function getRequestRoute(requestEv) {
+  return requestEv[RequestEvRoute];
+}
+function getRequestMode(requestEv) {
+  return requestEv[RequestEvMode];
+}
+const ABORT_INDEX = Number.MAX_SAFE_INTEGER;
+const isDangerousKey = (k) => k === "__proto__" || k === "constructor" || k === "prototype";
+const isArrayIndexKey = (k) => /^(0|[1-9]\d*)$/.test(k);
+const getArrayPaths = (formData) => {
+  const arrayCandidates = /* @__PURE__ */ new Map();
+  for (const [name] of formData) {
+    const keys = name.split(".");
+    let hasDangerousKey = false;
+    for (const key of keys) {
+      if (isDangerousKey(key)) {
+        hasDangerousKey = true;
+        break;
+      }
+    }
+    if (hasDangerousKey) {
+      continue;
+    }
+    let path = "";
+    for (let i = 0; i < keys.length - 1; i++) {
+      const key = keys[i];
+      if (key.endsWith("[]")) {
+        break;
+      }
+      path = path ? `${path}.${key}` : key;
+      if (!arrayCandidates.has(path)) {
+        arrayCandidates.set(path, true);
+      }
+      if (!isArrayIndexKey(keys[i + 1])) {
+        arrayCandidates.set(path, false);
       }
     }
   }
-  return cookie;
+  return new Set(Array.from(arrayCandidates.entries()).filter(([, isArrayPath]) => isArrayPath).map(([path]) => path));
 };
-function resolveSameSite(sameSite) {
-  if (sameSite === true) {
-    return "Strict";
-  }
-  if (sameSite === false) {
-    return "None";
+const formToObj = (formData) => {
+  const values = /* @__PURE__ */ Object.create(null);
+  const arrayPaths = getArrayPaths(formData);
+  for (const [name, value] of formData) {
+    const keys = name.split(".");
+    let hasDangerousKey = false;
+    for (let i = 0; i < keys.length; i++) {
+      if (isDangerousKey(keys[i])) {
+        hasDangerousKey = true;
+        break;
+      }
+    }
+    if (hasDangerousKey) {
+      continue;
+    }
+    let object = values;
+    let path = "";
+    for (let i = 0; i < keys.length; i++) {
+      const key = keys[i];
+      if (key.endsWith("[]")) {
+        const arrayKey = key.slice(0, -2);
+        if (isDangerousKey(arrayKey)) {
+          break;
+        }
+        const existingValue = object[arrayKey];
+        if (existingValue !== void 0 && !Array.isArray(existingValue)) {
+          break;
+        }
+        object[arrayKey] = existingValue || [];
+        object[arrayKey].push(value);
+        break;
+      }
+      if (Array.isArray(object) && !isArrayIndexKey(key)) {
+        break;
+      }
+      if (i < keys.length - 1) {
+        path = path ? `${path}.${key}` : key;
+        const nextValue = object[key];
+        if (nextValue !== void 0) {
+          object = nextValue;
+          continue;
+        }
+        object = object[key] = arrayPaths.has(path) ? [] : /* @__PURE__ */ Object.create(null);
+      } else {
+        object[key] = value;
+      }
+    }
   }
-  if (sameSite) {
-    return SAMESITE[sameSite];
+  return values;
+};
+const parseRequest = async (deps, { request, method, query }, sharedMap) => {
+  const type = deps.getContentType(request.headers);
+  if (type === "application/x-www-form-urlencoded" || type === "multipart/form-data") {
+    const formData = await request.formData();
+    sharedMap.set(RequestEvSharedActionFormData, formData);
+    return formToObj(formData);
+  } else if (type === "application/json") {
+    const data = await request.json();
+    return data;
+  } else if (type === "application/qwik-json") {
+    if (method === "GET" && query.has(deps.QDATA_KEY)) {
+      const data = query.get(deps.QDATA_KEY);
+      if (data) {
+        try {
+          return _deserialize(decodeURIComponent(data));
+        } catch {
+        }
+      }
+    }
+    return _deserialize(await request.text());
   }
   return void 0;
-}
-const createSetCookieValue = (cookieName, cookieValue, options) => {
-  const c = [
-    `${cookieName}=${cookieValue}`
-  ];
-  if (typeof options.domain === "string") {
-    c.push(`Domain=${options.domain}`);
-  }
-  if (typeof options.maxAge === "number") {
-    c.push(`Max-Age=${options.maxAge}`);
-  } else if (Array.isArray(options.maxAge)) {
-    c.push(`Max-Age=${options.maxAge[0] * UNIT[options.maxAge[1]]}`);
-  } else if (typeof options.expires === "number" || typeof options.expires == "string") {
-    c.push(`Expires=${options.expires}`);
-  } else if (options.expires instanceof Date) {
-    c.push(`Expires=${options.expires.toUTCString()}`);
-  }
-  if (options.httpOnly) {
-    c.push("HttpOnly");
-  }
-  if (typeof options.path === "string") {
-    c.push(`Path=${options.path}`);
-  }
-  const sameSite = resolveSameSite(options.sameSite);
-  if (sameSite) {
-    c.push(`SameSite=${sameSite}`);
-  }
-  if (options.secure) {
-    c.push("Secure");
-  }
-  return c.join("; ");
-};
-const REQ_COOKIE = /* @__PURE__ */ Symbol("request-cookies");
-const RES_COOKIE = /* @__PURE__ */ Symbol("response-cookies");
-const LIVE_COOKIE = /* @__PURE__ */ Symbol("live-cookies");
-class Cookie {
-  [REQ_COOKIE];
-  [RES_COOKIE] = {};
-  [LIVE_COOKIE] = {};
-  appendCounter = 0;
-  constructor(cookieString) {
-    this[REQ_COOKIE] = parseCookieString(cookieString);
-    this[LIVE_COOKIE] = {
-      ...this[REQ_COOKIE]
-    };
-  }
-  get(cookieName, live = true) {
-    const value = this[live ? LIVE_COOKIE : REQ_COOKIE][cookieName];
-    if (!value) {
-      return null;
-    }
-    return {
-      value,
-      json() {
-        return JSON.parse(value);
-      },
-      number() {
-        return Number(value);
-      }
-    };
-  }
-  getAll(live = true) {
-    return Object.keys(this[live ? LIVE_COOKIE : REQ_COOKIE]).reduce((cookies, cookieName) => {
-      cookies[cookieName] = this.get(cookieName);
-      return cookies;
-    }, {});
-  }
-  has(cookieName, live = true) {
-    return !!this[live ? LIVE_COOKIE : REQ_COOKIE][cookieName];
-  }
-  set(cookieName, cookieValue, options = {}) {
-    this[LIVE_COOKIE][cookieName] = typeof cookieValue === "string" ? cookieValue : JSON.stringify(cookieValue);
-    const resolvedValue = typeof cookieValue === "string" ? cookieValue : encodeURIComponent(JSON.stringify(cookieValue));
-    this[RES_COOKIE][cookieName] = createSetCookieValue(cookieName, resolvedValue, options);
-  }
-  append(cookieName, cookieValue, options = {}) {
-    this[LIVE_COOKIE][cookieName] = typeof cookieValue === "string" ? cookieValue : JSON.stringify(cookieValue);
-    const resolvedValue = typeof cookieValue === "string" ? cookieValue : encodeURIComponent(JSON.stringify(cookieValue));
-    this[RES_COOKIE][++this.appendCounter] = createSetCookieValue(cookieName, resolvedValue, options);
-  }
-  delete(name, options) {
-    this.set(name, "deleted", {
-      ...options,
-      maxAge: 0
-    });
-    this[LIVE_COOKIE][name] = null;
-  }
-  headers() {
-    return Object.values(this[RES_COOKIE]);
-  }
-}
-const mergeHeadersCookies = (headers, cookies) => {
-  const cookieHeaders = cookies.headers();
-  if (cookieHeaders.length > 0) {
-    const newHeaders = new Headers(headers);
-    for (const cookie of cookieHeaders) {
-      newHeaders.append("Set-Cookie", cookie);
-    }
-    return newHeaders;
-  }
-  return headers;
-};
-
-async function runNext(requestEv, rebuildRouteInfo, resolve) {
-  try {
-    const isValidURL = (url) => new URL(url.pathname + url.search, url);
-    isValidURL(requestEv.originalUrl);
-  } catch {
-    const status = 404;
-    const message = "Resource Not Found";
-    requestEv.status(status);
-    const html = getErrorHtml(status, message);
-    requestEv.html(status, html);
-    return new ServerError$1(status, message);
-  }
-  let rewriteAttempt = 1;
-  async function _runNext() {
-    try {
-      await requestEv.next();
-    } catch (e) {
-      if (e instanceof RedirectMessage$1) {
-        const stream = requestEv.getWritableStream();
-        await stream.close();
-        return e;
-      } else if (e instanceof RewriteMessage$1) {
-        if (rewriteAttempt > 50) {
-          return new Error(`Infinite rewrite loop`);
-        }
-        rewriteAttempt += 1;
-        const url = new URL(requestEv.url);
-        url.pathname = e.pathname;
-        const { loadedRoute, requestHandlers } = await rebuildRouteInfo(url);
-        requestEv.resetRoute(loadedRoute, requestHandlers, url);
-        return await _runNext();
-      } else if (e instanceof AbortMessage$1) {
-        return;
-      } else if (e instanceof ServerError$1 && !requestEv.headersSent) {
-        const status = e.status;
-        const accept = requestEv.request.headers.get("Accept");
-        if (accept && !accept.includes("text/html")) {
-          requestEv.headers.set("Content-Type", "application/qwik-json");
-          requestEv.send(status, await _serialize(e.data));
-        } else {
-          requestEv.html(status, getErrorHtml(status, e.data));
-        }
-        return e;
-      }
-      if (!isDev) {
-        try {
-          if (!requestEv.headersSent) {
-            requestEv.headers.set("content-type", "text/html; charset=utf-8");
-            requestEv.cacheControl({
-              noCache: true
-            });
-            requestEv.status(500);
-          }
-          const stream = requestEv.getWritableStream();
-          if (!stream.locked) {
-            const writer = stream.getWriter();
-            await writer.write(encoder.encode(getErrorHtml(500, "Internal Server Error")));
-            await writer.close();
-          }
-        } catch {
-          console.error("Unable to render error page");
-        }
-      }
-      return e;
-    }
-  }
-  try {
-    return await _runNext();
-  } finally {
-    if (!requestEv.isDirty()) {
-      resolve(null);
-    }
-  }
-}
-function runQwikRouter(serverRequestEv, loadedRoute, requestHandlers, rebuildRouteInfo, basePathname = "/") {
-  let resolve;
-  const responsePromise = new Promise((r) => resolve = r);
-  const requestEv = createRequestEvent(serverRequestEv, loadedRoute, requestHandlers, basePathname, resolve);
-  return {
-    response: responsePromise,
-    requestEv,
-    completion: _asyncRequestStore$1 ? _asyncRequestStore$1.run(requestEv, runNext, requestEv, rebuildRouteInfo, resolve) : runNext(requestEv, rebuildRouteInfo, resolve)
-  };
-}
-const IsQData = "@isQData";
-const QDATA_JSON = "/q-data.json";
-function getRouteMatchPathname(pathname) {
-  const isInternal = pathname.endsWith(QDATA_JSON);
-  if (isInternal) {
-    const trimEnd = pathname.length - QDATA_JSON.length + (globalThis.__NO_TRAILING_SLASH__ ? 0 : 1);
-    pathname = pathname.slice(0, trimEnd);
-    if (pathname === "") {
-      pathname = "/";
-    }
-  }
-  return {
-    pathname,
-    isInternal
-  };
-}
-
-const RequestEvLoaders = /* @__PURE__ */ Symbol("RequestEvLoaders");
-const RequestEvMode = /* @__PURE__ */ Symbol("RequestEvMode");
-const RequestEvRoute = /* @__PURE__ */ Symbol("RequestEvRoute");
-const RequestEvLoaderSerializationStrategyMap = /* @__PURE__ */ Symbol("RequestEvLoaderSerializationStrategyMap");
-const RequestRouteName = "@routeName";
-const RequestEvSharedActionId = "@actionId";
-const RequestEvSharedActionFormData = "@actionFormData";
-const RequestEvSharedNonce = "@nonce";
-const RequestEvIsRewrite = "@rewrite";
-const RequestEvShareServerTiming = "@serverTiming";
-const RequestEvETagCacheKey = "@eTagCacheKey";
-const RequestEvHttpStatusMessage = "@httpStatusMessage";
-const RequestEvShareQData = "qData";
-function getRequestLoaders(requestEv) {
-  return requestEv[RequestEvLoaders];
-}
-function getRequestLoaderSerializationStrategyMap(requestEv) {
-  return requestEv[RequestEvLoaderSerializationStrategyMap];
-}
-function getRequestRoute(requestEv) {
-  return requestEv[RequestEvRoute];
-}
-function getRequestMode(requestEv) {
-  return requestEv[RequestEvMode];
-}
-const ABORT_INDEX = Number.MAX_SAFE_INTEGER;
-const isDangerousKey = (k) => k === "__proto__" || k === "constructor" || k === "prototype";
-const isArrayIndexKey = (k) => /^(0|[1-9]\d*)$/.test(k);
-const getArrayPaths = (formData) => {
-  const arrayCandidates = /* @__PURE__ */ new Map();
-  for (const [name] of formData) {
-    const keys = name.split(".");
-    let hasDangerousKey = false;
-    for (const key of keys) {
-      if (isDangerousKey(key)) {
-        hasDangerousKey = true;
-        break;
-      }
-    }
-    if (hasDangerousKey) {
-      continue;
-    }
-    let path = "";
-    for (let i = 0; i < keys.length - 1; i++) {
-      const key = keys[i];
-      if (key.endsWith("[]")) {
-        break;
-      }
-      path = path ? `${path}.${key}` : key;
-      if (!arrayCandidates.has(path)) {
-        arrayCandidates.set(path, true);
-      }
-      if (!isArrayIndexKey(keys[i + 1])) {
-        arrayCandidates.set(path, false);
-      }
-    }
-  }
-  return new Set(Array.from(arrayCandidates.entries()).filter(([, isArrayPath]) => isArrayPath).map(([path]) => path));
-};
-const formToObj = (formData) => {
-  const values = /* @__PURE__ */ Object.create(null);
-  const arrayPaths = getArrayPaths(formData);
-  for (const [name, value] of formData) {
-    const keys = name.split(".");
-    let hasDangerousKey = false;
-    for (let i = 0; i < keys.length; i++) {
-      if (isDangerousKey(keys[i])) {
-        hasDangerousKey = true;
-        break;
-      }
-    }
-    if (hasDangerousKey) {
-      continue;
-    }
-    let object = values;
-    let path = "";
-    for (let i = 0; i < keys.length; i++) {
-      const key = keys[i];
-      if (key.endsWith("[]")) {
-        const arrayKey = key.slice(0, -2);
-        if (isDangerousKey(arrayKey)) {
-          break;
-        }
-        const existingValue = object[arrayKey];
-        if (existingValue !== void 0 && !Array.isArray(existingValue)) {
-          break;
-        }
-        object[arrayKey] = existingValue || [];
-        object[arrayKey].push(value);
-        break;
-      }
-      if (Array.isArray(object) && !isArrayIndexKey(key)) {
-        break;
-      }
-      if (i < keys.length - 1) {
-        path = path ? `${path}.${key}` : key;
-        const nextValue = object[key];
-        if (nextValue !== void 0) {
-          object = nextValue;
-          continue;
-        }
-        object = object[key] = arrayPaths.has(path) ? [] : /* @__PURE__ */ Object.create(null);
-      } else {
-        object[key] = value;
-      }
-    }
-  }
-  return values;
-};
-const parseRequest = async ({ request, method, query }, sharedMap) => {
-  const type = getContentType(request.headers);
-  if (type === "application/x-www-form-urlencoded" || type === "multipart/form-data") {
-    const formData = await request.formData();
-    sharedMap.set(RequestEvSharedActionFormData, formData);
-    return formToObj(formData);
-  } else if (type === "application/json") {
-    const data = await request.json();
-    return data;
-  } else if (type === "application/qwik-json") {
-    if (method === "GET" && query.has(QDATA_KEY)) {
-      const data = query.get(QDATA_KEY);
-      if (data) {
-        try {
-          return _deserialize(decodeURIComponent(data));
-        } catch {
-        }
-      }
-    }
-    return _deserialize(await request.text());
-  }
-  return void 0;
-};
-function createRequestEvent(serverRequestEv, loadedRoute, requestHandlers, basePathname, resolved) {
-  const { request, platform, env } = serverRequestEv;
-  const sharedMap = /* @__PURE__ */ new Map();
-  const cookie = new Cookie(request.headers.get("cookie"));
-  const headers = new Headers();
-  const url = new URL(request.url);
-  const { pathname, isInternal } = getRouteMatchPathname(url.pathname);
-  if (isInternal) {
-    url.pathname = pathname;
-    sharedMap.set(IsQData, true);
+};
+function createRequestEventWithDeps(deps, serverRequestEv, loadedRoute, requestHandlers, basePathname, resolved) {
+  const { request, platform, env } = serverRequestEv;
+  const sharedMap = /* @__PURE__ */ new Map();
+  const cookie = new deps.Cookie(request.headers.get("cookie"));
+  const headers = new Headers();
+  const url = new URL(request.url);
+  const { pathname, isInternal } = deps.getRouteMatchPathname(url.pathname);
+  if (isInternal) {
+    url.pathname = pathname;
+    sharedMap.set(deps.IsQData, true);
   }
   let routeModuleIndex = -1;
   let writableStream = null;
@@ -581,7 +286,7 @@ function createRequestEvent(serverRequestEv, loadedRoute, requestHandlers, baseP
     while (routeModuleIndex < requestHandlers.length) {
       const moduleRequestHandler = requestHandlers[routeModuleIndex];
       const result = moduleRequestHandler(requestEv);
-      if (isPromise(result)) {
+      if (deps.isPromise(result)) {
         await result;
       }
       routeModuleIndex++;
@@ -606,7 +311,7 @@ function createRequestEvent(serverRequestEv, loadedRoute, requestHandlers, baseP
       status = statusOrResponse;
       const writableStream2 = requestEv.getWritableStream();
       const writer = writableStream2.getWriter();
-      writer.write(typeof body === "string" ? encoder.encode(body) : body);
+      writer.write(typeof body === "string" ? deps.encoder.encode(body) : body);
       writer.close();
     } else {
       status = statusOrResponse.status;
@@ -634,7 +339,7 @@ function createRequestEvent(serverRequestEv, loadedRoute, requestHandlers, baseP
     }
     return exit();
   };
-  const exit = (message = new AbortMessage$1()) => {
+  const exit = (message = new deps.AbortMessage()) => {
     routeModuleIndex = ABORT_INDEX;
     return message;
   };
@@ -680,7 +385,7 @@ function createRequestEvent(serverRequestEv, loadedRoute, requestHandlers, baseP
     exit,
     cacheControl: (cacheControl, target = "Cache-Control") => {
       check();
-      headers.set(target, createCacheControl(cacheControl));
+      headers.set(target, deps.createCacheControl(cacheControl));
     },
     resolveValue: async (loaderOrAction) => {
       const id = loaderOrAction.__id;
@@ -689,7 +394,7 @@ function createRequestEvent(serverRequestEv, loadedRoute, requestHandlers, baseP
           throw new Error("You can not get the returned data of a loader that has not been executed for this request.");
         }
         if (loaders[id] === _UNINITIALIZED) {
-          await getRouteLoaderPromise(loaderOrAction, loaders, requestEv);
+          await deps.getRouteLoaderPromise(loaderOrAction, loaders, requestEv[RequestEvLoaderSerializationStrategyMap], requestEv);
         }
       }
       return loaders[id];
@@ -711,7 +416,7 @@ function createRequestEvent(serverRequestEv, loadedRoute, requestHandlers, baseP
     error: (statusCode, message) => {
       status = statusCode;
       headers.delete("Cache-Control");
-      return new ServerError$1(statusCode, message);
+      return new deps.ServerError(statusCode, message);
     },
     redirect: (statusCode, url2) => {
       check();
@@ -732,15 +437,15 @@ function createRequestEvent(serverRequestEv, loadedRoute, requestHandlers, baseP
       if (statusCode > 301) {
         headers.set("Cache-Control", "no-store");
       }
-      return exit(new RedirectMessage$1());
+      return exit(new deps.RedirectMessage());
     },
     rewrite: (pathname2) => {
       check();
       if (pathname2.startsWith("http")) {
-        throw new ServerError$1(400, isDev ? "Rewrite does not support absolute urls" : "Bad Request");
+        throw new deps.ServerError(400, isDev ? "Rewrite does not support absolute urls" : "Bad Request");
       }
       sharedMap.set(RequestEvIsRewrite, true);
-      return exit(new RewriteMessage$1(pathname2.replace(/\/+/g, "/")));
+      return exit(new deps.RewriteMessage(pathname2.replace(/\/+/g, "/")));
     },
     defer: (returnData) => {
       return typeof returnData === "function" ? returnData : () => returnData;
@@ -766,7 +471,7 @@ function createRequestEvent(serverRequestEv, loadedRoute, requestHandlers, baseP
       if (requestData !== void 0) {
         return requestData;
       }
-      return requestData = parseRequest(requestEv, sharedMap);
+      return requestData = parseRequest(deps, requestEv, sharedMap);
     },
     json: (statusCode, data) => {
       headers.set("Content-Type", "application/json; charset=utf-8");
@@ -792,14 +497,96 @@ function createRequestEvent(serverRequestEv, loadedRoute, requestHandlers, baseP
   return requestEv;
 }
 
-function getQwikRouterServerData(requestEv) {
+function verifySerializable(data, qrl) {
+  try {
+    _verifySerializable(data, void 0);
+  } catch (e) {
+    if (e instanceof Error && qrl.dev) {
+      e.loc = qrl.dev;
+    }
+    throw e;
+  }
+}
+function now() {
+  return typeof performance !== "undefined" ? performance.now() : 0;
+}
+async function measure(requestEv, name, fn) {
+  const start = now();
+  try {
+    return await fn();
+  } finally {
+    const duration = now() - start;
+    let measurements = requestEv.sharedMap.get("@serverTiming");
+    if (!measurements) {
+      requestEv.sharedMap.set("@serverTiming", measurements = []);
+    }
+    measurements.push([
+      name,
+      duration
+    ]);
+  }
+}
+async function runValidators(requestEv, validators, data) {
+  let lastResult = {
+    success: true,
+    data
+  };
+  if (validators) {
+    for (const validator of validators) {
+      if (isDev) {
+        lastResult = await measure(requestEv, `validator$`, () => validator.validate(requestEv, data));
+      } else {
+        lastResult = await validator.validate(requestEv, data);
+      }
+      if (!lastResult.success) {
+        return lastResult;
+      } else {
+        data = lastResult.data;
+      }
+    }
+  }
+  return lastResult;
+}
+async function getRouteLoaderPromise(loader, loaders, loadersSerializationStrategy, requestEv) {
+  const loaderId = loader.__id;
+  loaders[loaderId] = runValidators(
+    requestEv,
+    loader.__validators,
+    void 0
+    // data
+  ).then((res) => {
+    if (res.success) {
+      if (isDev) {
+        return measure(requestEv, loader.__qrl.getHash(), () => loader.__qrl.call(requestEv, requestEv));
+      } else {
+        return loader.__qrl.call(requestEv, requestEv);
+      }
+    } else {
+      return requestEv.fail(res.status ?? 500, res.error);
+    }
+  }).then((resolvedLoader) => {
+    if (typeof resolvedLoader === "function") {
+      loaders[loaderId] = resolvedLoader();
+    } else {
+      if (isDev) {
+        verifySerializable(resolvedLoader, loader.__qrl);
+      }
+      loaders[loaderId] = resolvedLoader;
+    }
+    return resolvedLoader;
+  });
+  loadersSerializationStrategy.set(loaderId, loader.__serializationStrategy);
+  return loaders[loaderId];
+}
+
+function getQwikRouterServerDataWithDeps(deps, requestEv) {
   const { params, request, status, locale, originalUrl } = requestEv;
   const requestHeaders = {};
   request.headers.forEach((value, key) => requestHeaders[key] = value);
-  const action = requestEv.sharedMap.get(RequestEvSharedActionId);
-  const formData = requestEv.sharedMap.get(RequestEvSharedActionFormData);
-  const routeName = requestEv.sharedMap.get(RequestRouteName);
-  const nonce = requestEv.sharedMap.get(RequestEvSharedNonce);
+  const action = requestEv.sharedMap.get(deps.RequestEvSharedActionId);
+  const formData = requestEv.sharedMap.get(deps.RequestEvSharedActionFormData);
+  const routeName = requestEv.sharedMap.get(deps.RequestRouteName);
+  const nonce = requestEv.sharedMap.get(deps.RequestEvSharedNonce);
   const headers = requestEv.request.headers;
   const reconstructedUrl = new URL(originalUrl.pathname + originalUrl.search, originalUrl);
   const host = headers.get("X-Forwarded-Host");
@@ -811,15 +598,15 @@ function getQwikRouterServerData(requestEv) {
   if (protocol) {
     reconstructedUrl.protocol = protocol;
   }
-  const loaders = getRequestLoaders(requestEv);
-  const loadersSerializationStrategy = getRequestLoaderSerializationStrategyMap(requestEv);
+  const loaders = deps.getRequestLoaders(requestEv);
+  const loadersSerializationStrategy = deps.getRequestLoaderSerializationStrategyMap(requestEv);
   return {
     url: reconstructedUrl.href,
     requestHeaders,
     locale: locale(),
     nonce,
     containerAttributes: {
-      [Q_ROUTE]: routeName
+      [deps.Q_ROUTE]: routeName
     },
     qwikrouter: {
       routeName,
@@ -827,10 +614,10 @@ function getQwikRouterServerData(requestEv) {
       params: {
         ...params
       },
-      loadedRoute: getRequestRoute(requestEv),
+      loadedRoute: deps.getRequestRoute(requestEv),
       response: {
         status: status(),
-        statusMessage: requestEv.sharedMap.get(RequestEvHttpStatusMessage),
+        statusMessage: requestEv.sharedMap.get(deps.RequestEvHttpStatusMessage),
         loaders,
         loadersSerializationStrategy,
         action,
@@ -840,637 +627,1011 @@ function getQwikRouterServerData(requestEv) {
   };
 }
 
-const _resolveRequestHandlers = (routeLoaders, routeActions, requestHandlers, routeModules, collectActions, method) => {
-  for (const routeModule of routeModules) {
-    if (typeof routeModule.onRequest === "function") {
-      requestHandlers.push(routeModule.onRequest);
-    } else if (Array.isArray(routeModule.onRequest)) {
-      requestHandlers.push(...routeModule.onRequest);
+const responsePageDeps = {
+  Q_ROUTE,
+  RequestEvHttpStatusMessage,
+  RequestEvSharedActionFormData,
+  RequestEvSharedActionId,
+  RequestEvSharedNonce,
+  RequestRouteName,
+  getRequestLoaders,
+  getRequestLoaderSerializationStrategyMap,
+  getRequestRoute
+};
+function getQwikRouterServerData(...args) {
+  return getQwikRouterServerDataWithDeps(responsePageDeps, ...args);
+}
+
+function createResolveRequestHandlers(deps) {
+  const resolveRequestHandlers = (serverPlugins, route, method, checkOrigin, renderHandler, isInternal) => {
+    const routeLoaders = [];
+    const routeActions = [];
+    const requestHandlers = [];
+    const isPageRoute = !!(route && isLastModulePageRoute(route.$mods$));
+    if (isInternal) {
+      requestHandlers.push(handleQDataRedirect);
     }
-    let methodReqHandler;
-    switch (method) {
-      case "GET": {
-        methodReqHandler = routeModule.onGet;
-        break;
+    if (isPageRoute) {
+      requestHandlers.push(serverErrorMiddleware(route, renderHandler));
+    }
+    if (serverPlugins) {
+      _resolveRequestHandlers(routeLoaders, routeActions, requestHandlers, serverPlugins, isPageRoute, method);
+    }
+    if (route) {
+      const routeModules = route.$mods$;
+      _resolveRequestHandlers(routeLoaders, routeActions, requestHandlers, routeModules, isPageRoute, method);
+      const routeName = route.$routeName$;
+      if (checkOrigin && (method === "POST" || method === "PUT" || method === "PATCH" || method === "DELETE")) {
+        if (checkOrigin === "lax-proto") {
+          requestHandlers.unshift(csrfLaxProtoCheckMiddleware);
+        } else {
+          requestHandlers.unshift(csrfCheckMiddleware);
+        }
       }
-      case "POST": {
-        methodReqHandler = routeModule.onPost;
-        break;
+      if (isPageRoute) {
+        if (method === "POST" || method === "GET") {
+          requestHandlers.push(runServerFunction);
+        }
+        requestHandlers.push(fixTrailingSlash);
+        if (isInternal) {
+          requestHandlers.push(renderQData);
+        }
       }
-      case "PUT": {
-        methodReqHandler = routeModule.onPut;
-        break;
+      if (isPageRoute) {
+        requestHandlers.push((ev) => {
+          ev.sharedMap.set(deps.RequestRouteName, routeName);
+        });
+        requestHandlers.push(actionsMiddleware(routeActions));
+        requestHandlers.push(loadersMiddleware(routeLoaders));
+        requestHandlers.push(eTagMiddleware(route));
+        requestHandlers.push(renderHandler);
       }
-      case "PATCH": {
-        methodReqHandler = routeModule.onPatch;
-        break;
+    }
+    return requestHandlers;
+  };
+  const _resolveRequestHandlers = (routeLoaders, routeActions, requestHandlers, routeModules, collectActions, method) => {
+    for (const routeModule of routeModules) {
+      if (typeof routeModule.onRequest === "function") {
+        requestHandlers.push(routeModule.onRequest);
+      } else if (Array.isArray(routeModule.onRequest)) {
+        requestHandlers.push(...routeModule.onRequest);
       }
-      case "DELETE": {
-        methodReqHandler = routeModule.onDelete;
-        break;
+      let methodReqHandler;
+      switch (method) {
+        case "GET": {
+          methodReqHandler = routeModule.onGet;
+          break;
+        }
+        case "POST": {
+          methodReqHandler = routeModule.onPost;
+          break;
+        }
+        case "PUT": {
+          methodReqHandler = routeModule.onPut;
+          break;
+        }
+        case "PATCH": {
+          methodReqHandler = routeModule.onPatch;
+          break;
+        }
+        case "DELETE": {
+          methodReqHandler = routeModule.onDelete;
+          break;
+        }
+        case "OPTIONS": {
+          methodReqHandler = routeModule.onOptions;
+          break;
+        }
+        case "HEAD": {
+          methodReqHandler = routeModule.onHead;
+          break;
+        }
       }
-      case "OPTIONS": {
-        methodReqHandler = routeModule.onOptions;
-        break;
+      if (typeof methodReqHandler === "function") {
+        requestHandlers.push(methodReqHandler);
+      } else if (Array.isArray(methodReqHandler)) {
+        requestHandlers.push(...methodReqHandler);
       }
-      case "HEAD": {
-        methodReqHandler = routeModule.onHead;
-        break;
+      if (collectActions) {
+        for (const module of Object.values(routeModule)) {
+          if (typeof module === "function") {
+            if (module.__brand === "server_loader") {
+              routeLoaders.push(module);
+            } else if (module.__brand === "server_action") {
+              routeActions.push(module);
+            }
+          }
+        }
       }
     }
-    if (typeof methodReqHandler === "function") {
-      requestHandlers.push(methodReqHandler);
-    } else if (Array.isArray(methodReqHandler)) {
-      requestHandlers.push(...methodReqHandler);
-    }
-    if (collectActions) {
-      for (const module of Object.values(routeModule)) {
-        if (typeof module === "function") {
-          if (module.__brand === "server_loader") {
-            routeLoaders.push(module);
-          } else if (module.__brand === "server_action") {
-            routeActions.push(module);
+  };
+  const checkBrand = (obj, brand) => {
+    return obj && typeof obj === "function" && obj.__brand === brand;
+  };
+  function actionsMiddleware(routeActions) {
+    return async (requestEvent) => {
+      const requestEv = requestEvent;
+      if (requestEv.headersSent) {
+        requestEv.exit();
+        return;
+      }
+      const { method } = requestEv;
+      const loaders = deps.getRequestLoaders(requestEv);
+      if (isDev && method === "GET") {
+        if (requestEv.query.has(deps.QACTION_KEY)) {
+          console.warn('Seems like you are submitting a Qwik Action via GET request. Qwik Actions should be submitted via POST request.\nMake sure your <form> has method="POST" attribute, like this: <form method="POST">');
+        }
+      }
+      if (method === "POST") {
+        const selectedActionId = requestEv.query.get(deps.QACTION_KEY);
+        if (selectedActionId) {
+          const serverActionsMap = globalThis._qwikActionsMap;
+          const action = routeActions.find((action2) => action2.__id === selectedActionId) ?? serverActionsMap?.get(selectedActionId);
+          if (action) {
+            requestEv.sharedMap.set(deps.RequestEvSharedActionId, selectedActionId);
+            const data = await requestEv.parseBody();
+            if (!data || typeof data !== "object") {
+              throw new Error(`Expected request data for the action id ${selectedActionId} to be an object`);
+            }
+            const result = await runValidators(requestEv, action.__validators, data);
+            if (!result.success) {
+              loaders[selectedActionId] = requestEv.fail(result.status ?? 500, result.error);
+            } else {
+              const actionResolved = isDev ? await measure(requestEv, action.__qrl.getHash(), () => action.__qrl.call(requestEv, result.data, requestEv)) : await action.__qrl.call(requestEv, result.data, requestEv);
+              if (isDev) {
+                verifySerializable(actionResolved, action.__qrl);
+              }
+              loaders[selectedActionId] = actionResolved;
+            }
           }
         }
       }
+    };
+  }
+  function loadersMiddleware(routeLoaders) {
+    return async (requestEvent) => {
+      const requestEv = requestEvent;
+      if (requestEv.headersSent) {
+        requestEv.exit();
+        return;
+      }
+      const loaders = deps.getRequestLoaders(requestEv);
+      const loadersSerializationStrategy = deps.getRequestLoaderSerializationStrategyMap(requestEv);
+      if (routeLoaders.length > 0) {
+        const resolvedLoadersPromises = routeLoaders.map((loader) => deps.getRouteLoaderPromise(loader, loaders, loadersSerializationStrategy, requestEv));
+        await Promise.all(resolvedLoadersPromises);
+      }
+    };
+  }
+  function eTagMiddleware(route) {
+    return (requestEv) => {
+      if (requestEv.headersSent) {
+        return;
+      }
+      if (requestEv.method !== "GET" || requestEv.sharedMap.has(deps.IsQData)) {
+        return;
+      }
+      const mods = route.$mods$;
+      const hasETag = mods.some((m) => {
+        if (!m) {
+          return false;
+        }
+        if (m.routeConfig) {
+          return typeof m.routeConfig === "function" || m.routeConfig.eTag !== void 0;
+        }
+        return m.eTag !== void 0;
+      });
+      if (!hasETag) {
+        return;
+      }
+      const loaders = deps.getRequestLoaders(requestEv);
+      const getData = (loaderOrAction) => {
+        const id = loaderOrAction.__id;
+        if (loaderOrAction.__brand === "server_loader" && !(id in loaders)) {
+          throw new Error("Loader not executed for this request.");
+        }
+        if (loaders[id] instanceof Promise) {
+          throw new Error("Loaders returning a promise cannot be resolved for the eTag function.");
+        }
+        return loaders[id];
+      };
+      const routeLocation = {
+        params: requestEv.params,
+        url: requestEv.url,
+        isNavigating: false,
+        prevUrl: void 0
+      };
+      const status = requestEv.status();
+      const config = deps.resolveRouteConfig(getData, routeLocation, mods, "", status);
+      const headProps = {
+        head: config.head,
+        status,
+        withLocale: (fn) => fn(),
+        resolveValue: getData,
+        ...routeLocation
+      };
+      const eTag = deps.resolveETag(config.eTag, headProps);
+      if (!eTag) {
+        return;
+      }
+      requestEv.headers.set("ETag", eTag);
+      const ifNoneMatch = requestEv.request.headers.get("If-None-Match");
+      if (ifNoneMatch && (ifNoneMatch === eTag || ifNoneMatch === `W/${eTag}` || `W/${ifNoneMatch}` === eTag)) {
+        requestEv.status(304);
+        requestEv.send(304, "");
+        return;
+      }
+      if (deps.MAX_CACHE_SIZE <= 0) {
+        return;
+      }
+      const cacheKey = deps.resolveCacheKey(config.cacheKey, status, eTag, requestEv.url.pathname);
+      if (!cacheKey) {
+        return;
+      }
+      const cachedHtml = deps.getCachedHtml(cacheKey);
+      if (cachedHtml) {
+        requestEv.headers.set("Content-Type", "text/html; charset=utf-8");
+        requestEv.headers.set("X-SSR-Cache", "HIT");
+        requestEv.send(status, cachedHtml);
+        return;
+      }
+      requestEv.sharedMap.set(deps.RequestEvETagCacheKey, cacheKey);
+    };
+  }
+  function serverErrorMiddleware(route, renderHandler) {
+    return async (requestEv) => {
+      try {
+        await requestEv.next();
+      } catch (e) {
+        if (!(e instanceof deps.ServerError) || requestEv.headersSent) {
+          throw e;
+        }
+        if (requestEv.sharedMap.has(deps.IsQData)) {
+          throw e;
+        }
+        const accept = requestEv.request.headers.get("Accept");
+        if (accept && !accept.includes("text/html")) {
+          throw e;
+        }
+        const status = e.status;
+        requestEv.status(status);
+        const errorLoader = route.$errorLoader$;
+        const errorModule = errorLoader ? await errorLoader() : await deps.loadHttpError();
+        route.$mods$ = [
+          errorModule
+        ];
+        requestEv.sharedMap.set(deps.RequestEvHttpStatusMessage, typeof e.data === "string" ? e.data : "Server Error");
+        await renderHandler(requestEv);
+      }
+    };
+  }
+  async function runValidators(requestEv, validators, data) {
+    let lastResult = {
+      success: true,
+      data
+    };
+    if (validators) {
+      for (const validator of validators) {
+        if (isDev) {
+          lastResult = await measure(requestEv, `validator$`, () => validator.validate(requestEv, data));
+        } else {
+          lastResult = await validator.validate(requestEv, data);
+        }
+        if (!lastResult.success) {
+          return lastResult;
+        } else {
+          data = lastResult.data;
+        }
+      }
     }
+    return lastResult;
   }
-};
-function eTagMiddleware(route) {
-  return (requestEv) => {
-    if (requestEv.headersSent) {
+  function isAsyncIterator(obj) {
+    return obj ? typeof obj === "object" && Symbol.asyncIterator in obj : false;
+  }
+  async function runServerFunction(ev) {
+    const serverFnHash = ev.query.get(deps.QFN_KEY);
+    if (serverFnHash && ev.request.headers.get("X-QRL") === serverFnHash && ev.request.headers.get("Content-Type") === "application/qwik-json") {
+      ev.exit();
+      const data = await ev.parseBody();
+      if (!Array.isArray(data) || !(Array.isArray(data[0]) || data[0] === void 0)) {
+        throw ev.error(500, "Invalid request");
+      }
+      const qrl = inlinedQrl(null, serverFnHash, data.slice(1));
+      let result;
+      try {
+        if (isDev) {
+          result = await measure(ev, `server_${serverFnHash}`, () => qrl.apply(ev, data[0]));
+        } else {
+          result = await qrl.apply(ev, data[0]);
+        }
+      } catch (err) {
+        if (err instanceof deps.ServerError) {
+          throw ev.error(err.status, err.data);
+        }
+        console.error(`Server function ${serverFnHash} failed:`, err);
+        throw ev.error(500, "Invalid request");
+      }
+      if (isAsyncIterator(result)) {
+        ev.headers.set("Content-Type", "text/qwik-json-stream");
+        const writable = ev.getWritableStream();
+        const stream = writable.getWriter();
+        for await (const item of result) {
+          if (isDev) {
+            verifySerializable(item, qrl);
+          }
+          const message = await _serialize(item);
+          if (ev.signal.aborted) {
+            break;
+          }
+          await stream.write(deps.encoder.encode(`${message}
+`));
+        }
+        stream.close();
+      } else {
+        verifySerializable(result, qrl);
+        ev.headers.set("Content-Type", "application/qwik-json");
+        const message = await _serialize(result);
+        ev.send(200, message);
+      }
       return;
     }
-    if (requestEv.method !== "GET" || requestEv.sharedMap.has(IsQData)) {
+  }
+  function fixTrailingSlash(ev) {
+    const { basePathname, originalUrl, sharedMap } = ev;
+    const { pathname, search } = originalUrl;
+    const isQData = sharedMap.has(deps.IsQData);
+    if (!pathname.startsWith("/") || pathname.startsWith("//")) {
       return;
     }
-    const mods = route.$mods$;
-    const hasETag = mods.some((m) => {
-      if (!m) {
-        return false;
+    if (!isQData && pathname !== basePathname && !pathname.endsWith(".html")) {
+      if (!globalThis.__NO_TRAILING_SLASH__) {
+        if (!pathname.endsWith("/")) {
+          throw ev.redirect(deps.HttpStatus.MovedPermanently, pathname + "/" + search);
+        }
+      } else {
+        if (pathname.endsWith("/")) {
+          throw ev.redirect(deps.HttpStatus.MovedPermanently, pathname.slice(0, pathname.length - 1) + search);
+        }
       }
-      if (m.routeConfig) {
-        return typeof m.routeConfig === "function" || m.routeConfig.eTag !== void 0;
+    }
+  }
+  function verifySerializable(data, qrl) {
+    try {
+      _verifySerializable(data, void 0);
+    } catch (e) {
+      if (e instanceof Error && qrl.dev) {
+        e.loc = qrl.dev;
       }
-      return m.eTag !== void 0;
-    });
-    if (!hasETag) {
-      return;
+      throw e;
     }
-    const loaders = getRequestLoaders(requestEv);
-    const getData = (loaderOrAction) => {
-      const id = loaderOrAction.__id;
-      if (loaderOrAction.__brand === "server_loader" && !(id in loaders)) {
-        throw new Error("Loader not executed for this request.");
+  }
+  const isQrl = (value) => {
+    return typeof value === "function" && typeof value.getSymbol === "function";
+  };
+  function isLastModulePageRoute(routeModules) {
+    const lastRouteModule = routeModules[routeModules.length - 1];
+    return lastRouteModule && typeof lastRouteModule.default === "function";
+  }
+  function getPathname(url) {
+    url = new URL(url);
+    if (url.pathname.endsWith(deps.QDATA_JSON)) {
+      url.pathname = url.pathname.slice(0, -deps.QDATA_JSON.length);
+    }
+    if (!globalThis.__NO_TRAILING_SLASH__) {
+      if (!url.pathname.endsWith("/")) {
+        url.pathname += "/";
       }
-      const data = loaders[id];
-      if (data instanceof Promise) {
-        throw new Error("Loaders returning a promise cannot be resolved for the eTag function.");
+    } else {
+      if (url.pathname.endsWith("/")) {
+        url.pathname = url.pathname.slice(0, -1);
       }
-      return data;
-    };
-    const routeLocation = {
-      params: requestEv.params,
-      url: requestEv.url,
-      isNavigating: false,
-      prevUrl: void 0
-    };
-    const status = requestEv.status();
-    const config = resolveRouteConfig(getData, routeLocation, mods, "", status);
-    const headProps = {
-      head: config.head,
-      status,
-      withLocale: (fn) => fn(),
-      resolveValue: getData,
-      ...routeLocation
+    }
+    const search = url.search.slice(1).replaceAll(/&?q(action|data|func|loaders)=[^&]+/g, "");
+    return `${url.pathname}${search ? `?${search}` : ""}${url.hash}`;
+  }
+  function csrfLaxProtoCheckMiddleware(requestEv) {
+    checkCSRF(requestEv, "lax-proto");
+  }
+  function csrfCheckMiddleware(requestEv) {
+    checkCSRF(requestEv);
+  }
+  function checkCSRF(requestEv, laxProto) {
+    const contentType = requestEv.request.headers.get("content-type");
+    const isSimpleRequest = !contentType || deps.isContentType(requestEv.request.headers, "application/x-www-form-urlencoded", "multipart/form-data", "text/plain");
+    if (isSimpleRequest) {
+      const inputOrigin = requestEv.request.headers.get("origin");
+      const origin = requestEv.url.origin;
+      let forbidden = inputOrigin !== origin;
+      if (forbidden && laxProto && inputOrigin?.replace(/^http(s)?/g, "") === origin.replace(/^http(s)?/g, "")) {
+        forbidden = false;
+      }
+      if (forbidden) {
+        throw requestEv.error(403, `CSRF check failed. Cross-site ${requestEv.method} form submissions are forbidden.
+The request origin "${inputOrigin}" does not match the server origin "${origin}".`);
+      }
+    }
+  }
+  function renderQwikMiddleware(render) {
+    return async (requestEv) => {
+      if (requestEv.headersSent) {
+        return;
+      }
+      if (requestEv.sharedMap.has(deps.IsQData)) {
+        return;
+      }
+      const responseHeaders = requestEv.headers;
+      if (!responseHeaders.has("Content-Type")) {
+        responseHeaders.set("Content-Type", "text/html; charset=utf-8");
+      }
+      const eTagCacheKey = requestEv.sharedMap.get(deps.RequestEvETagCacheKey);
+      const { readable, writable } = new TextEncoderStream();
+      const writableStream = requestEv.getWritableStream();
+      let cacheChunks;
+      let pipeSource = readable;
+      if (eTagCacheKey) {
+        cacheChunks = [];
+        const capture = new TransformStream({
+          transform(chunk, controller) {
+            cacheChunks.push(chunk);
+            controller.enqueue(chunk);
+          }
+        });
+        pipeSource = readable.pipeThrough(capture);
+      }
+      const pipe = pipeSource.pipeTo(writableStream, {
+        preventClose: true
+      });
+      const stream = writable.getWriter();
+      const status = requestEv.status();
+      try {
+        const isStatic = deps.getRequestMode(requestEv) === "static";
+        const serverData = deps.getQwikRouterServerData(requestEv);
+        const result = await render({
+          base: requestEv.basePathname + "build/",
+          stream,
+          serverData,
+          containerAttributes: {
+            ["q:render"]: isStatic ? "static" : "",
+            ...serverData.containerAttributes
+          }
+        });
+        const qData = {
+          loaders: deps.getRequestLoaders(requestEv),
+          action: requestEv.sharedMap.get(deps.RequestEvSharedActionId),
+          status: status !== 200 ? status : 200,
+          href: getPathname(requestEv.url)
+        };
+        if (typeof result.html === "string") {
+          await stream.write(result.html);
+        }
+        requestEv.sharedMap.set(deps.RequestEvShareQData, qData);
+      } finally {
+        await stream.ready;
+        await stream.close();
+        await pipe;
+      }
+      if (eTagCacheKey && cacheChunks && cacheChunks.length > 0) {
+        const totalLength = cacheChunks.reduce((sum, chunk) => sum + chunk.length, 0);
+        const combined = new Uint8Array(totalLength);
+        let offset = 0;
+        for (const chunk of cacheChunks) {
+          combined.set(chunk, offset);
+          offset += chunk.length;
+        }
+        deps.setCachedHtml(eTagCacheKey, new TextDecoder().decode(combined));
+      }
+      await writableStream.close();
     };
-    const eTag = resolveETag(config.eTag, headProps);
-    if (!eTag) {
-      return;
+  }
+  async function handleQDataRedirect(requestEv) {
+    try {
+      await requestEv.next();
+    } catch (err) {
+      if (!(err instanceof deps.RedirectMessage)) {
+        throw err;
+      }
     }
-    requestEv.headers.set("ETag", eTag);
-    const ifNoneMatch = requestEv.request.headers.get("If-None-Match");
-    if (ifNoneMatch && (ifNoneMatch === eTag || ifNoneMatch === `W/${eTag}` || `W/${ifNoneMatch}` === eTag)) {
-      requestEv.status(304);
-      requestEv.send(304, "");
+    if (requestEv.headersSent) {
       return;
     }
-    if (MAX_CACHE_SIZE <= 0) {
+    const status = requestEv.status();
+    const location = requestEv.headers.get("Location");
+    const isRedirect = status >= 301 && status <= 308 && location;
+    if (isRedirect) {
+      const adaptedLocation = makeQDataPath(location);
+      if (adaptedLocation) {
+        requestEv.headers.set("Location", adaptedLocation);
+        requestEv.getWritableStream().close();
+        return;
+      } else {
+        requestEv.status(200);
+        requestEv.headers.delete("Location");
+      }
+    }
+  }
+  async function renderQData(requestEv) {
+    await requestEv.next();
+    if (requestEv.headersSent || requestEv.exited) {
       return;
     }
-    const cacheKey = resolveCacheKey(config.cacheKey, status, eTag, requestEv.url.pathname);
-    if (!cacheKey) {
-      return;
+    const status = requestEv.status();
+    const redirectLocation = requestEv.headers.get("Location");
+    requestEv.headers.set("Content-Type", "application/json; charset=utf-8");
+    let loaders = deps.getRequestLoaders(requestEv);
+    const selectedLoaderIds = requestEv.query.getAll(deps.QLOADER_KEY);
+    const hasCustomLoaders = selectedLoaderIds.length > 0;
+    if (hasCustomLoaders) {
+      const selectedLoaders = {};
+      for (const loaderId of selectedLoaderIds) {
+        const loader = loaders[loaderId];
+        selectedLoaders[loaderId] = loader;
+      }
+      loaders = selectedLoaders;
+    }
+    const qData = hasCustomLoaders ? {
+      loaders,
+      status: status !== 200 ? status : 200,
+      href: getPathname(requestEv.url)
+    } : {
+      loaders,
+      action: requestEv.sharedMap.get(deps.RequestEvSharedActionId),
+      status: status !== 200 ? status : 200,
+      href: getPathname(requestEv.url),
+      redirect: redirectLocation ?? void 0,
+      isRewrite: requestEv.sharedMap.get(deps.RequestEvIsRewrite)
+    };
+    const writer = requestEv.getWritableStream().getWriter();
+    const data = await _serialize(qData);
+    writer.write(deps.encoder.encode(data));
+    requestEv.sharedMap.set(deps.RequestEvShareQData, qData);
+    writer.close();
+  }
+  function makeQDataPath(href) {
+    if (href.startsWith("/")) {
+      if (!href.includes(deps.QDATA_JSON)) {
+        const url = new URL(href, "http://localhost");
+        const pathname = url.pathname.endsWith("/") ? url.pathname.slice(0, -1) : url.pathname;
+        return pathname + deps.QDATA_JSON + url.search;
+      }
+      return href;
+    } else {
+      return void 0;
     }
-    const cachedHtml = getCachedHtml(cacheKey);
-    if (cachedHtml) {
-      requestEv.headers.set("Content-Type", "text/html; charset=utf-8");
-      requestEv.headers.set("X-SSR-Cache", "HIT");
-      requestEv.send(status, cachedHtml);
-      return;
+  }
+  function now() {
+    return typeof performance !== "undefined" ? performance.now() : 0;
+  }
+  async function measure(requestEv, name, fn) {
+    const start = now();
+    try {
+      return await fn();
+    } finally {
+      const duration = now() - start;
+      let measurements = requestEv.sharedMap.get(deps.RequestEvShareServerTiming);
+      if (!measurements) {
+        requestEv.sharedMap.set(deps.RequestEvShareServerTiming, measurements = []);
+      }
+      measurements.push([
+        name,
+        duration
+      ]);
     }
-    requestEv.sharedMap.set(RequestEvETagCacheKey, cacheKey);
+  }
+  return {
+    actionsMiddleware,
+    checkBrand,
+    checkCSRF,
+    fixTrailingSlash,
+    getPathname,
+    isLastModulePageRoute,
+    isQrl,
+    loadersMiddleware,
+    measure,
+    renderQwikMiddleware,
+    resolveRequestHandlers,
+    verifySerializable
   };
 }
-function serverErrorMiddleware(route, renderHandler) {
-  return async (requestEv) => {
-    try {
-      await requestEv.next();
-    } catch (e) {
-      if (!(e instanceof ServerError$1) || requestEv.headersSent) {
-        throw e;
-      }
-      if (requestEv.sharedMap.has(IsQData)) {
-        throw e;
-      }
-      const accept = requestEv.request.headers.get("Accept");
-      if (accept && !accept.includes("text/html")) {
-        throw e;
-      }
-      const status = e.status;
-      requestEv.status(status);
-      const errorLoader = route.$errorLoader$;
-      const errorModule = errorLoader ? await errorLoader() : await import('../../chunks/http-error.qwik.mjs');
-      route.$mods$ = [
-        errorModule
-      ];
-      requestEv.sharedMap.set(RequestEvHttpStatusMessage, typeof e.data === "string" ? e.data : "Server Error");
-      await renderHandler(requestEv);
+
+const encoder = /* @__PURE__ */ new TextEncoder();
+function getContentType(headers) {
+  return (headers.get("content-type")?.split(/[;,]/, 1)[0].trim() ?? "").toLowerCase();
+}
+function isContentType(headers, ...types) {
+  const type = getContentType(headers);
+  for (let i = 0; i < types.length; i++) {
+    if (types[i].toLowerCase() === type) {
+      return true;
     }
-  };
+  }
+  return false;
 }
-function isAsyncIterator(obj) {
-  return obj ? typeof obj === "object" && Symbol.asyncIterator in obj : false;
+
+class ServerError extends Error {
+  status;
+  data;
+  constructor(status, data) {
+    super(typeof data === "string" ? data : void 0), this.status = status, this.data = data;
+  }
 }
-function fixTrailingSlash(ev) {
-  const { basePathname, originalUrl, sharedMap } = ev;
-  const { pathname, search } = originalUrl;
-  const isQData = sharedMap.has(IsQData);
-  if (
-    // all valid pathnames must start with a single slash
-    !pathname.startsWith("/") || // protocol-relative URLs are not allowed like: //test.com, ///bad.com
-    pathname.startsWith("//")
-  ) {
-    return;
+
+const requestHandlers = createResolveRequestHandlers({
+  QACTION_KEY,
+  QFN_KEY,
+  QLOADER_KEY,
+  QDATA_JSON,
+  IsQData,
+  RequestEvETagCacheKey,
+  RequestEvHttpStatusMessage,
+  RequestEvIsRewrite,
+  RequestEvShareQData,
+  RequestEvShareServerTiming,
+  RequestEvSharedActionId,
+  RequestRouteName,
+  RedirectMessage,
+  ServerError,
+  HttpStatus,
+  encoder,
+  isContentType,
+  getCachedHtml,
+  getQwikRouterServerData,
+  getRequestLoaderSerializationStrategyMap,
+  getRequestLoaders,
+  getRequestMode,
+  getRouteLoaderPromise,
+  loadHttpError: () => import('../../chunks/http-error.qwik.mjs'),
+  MAX_CACHE_SIZE,
+  resolveCacheKey,
+  resolveETag,
+  resolveRouteConfig,
+  setCachedHtml
+});
+const { renderQwikMiddleware, resolveRequestHandlers} = requestHandlers;
+
+let _asyncRequestStore;
+if (isServer) {
+  import('node:async_hooks').then((module) => {
+    _asyncRequestStore = new module.AsyncLocalStorage();
+  }).catch((err) => {
+    console.warn("\n=====================\n  Qwik Router Warning:\n    AsyncLocalStorage is not available, continuing without it.\n    This impacts concurrent async server calls, where they lose access to the ServerRequestEv object.\n=====================\n\n", err);
+  });
+}
+
+function createCacheControl(cacheControl) {
+  const controls = [];
+  if (cacheControl === "day") {
+    cacheControl = 60 * 60 * 24;
+  } else if (cacheControl === "week") {
+    cacheControl = 60 * 60 * 24 * 7;
+  } else if (cacheControl === "month") {
+    cacheControl = 60 * 60 * 24 * 30;
+  } else if (cacheControl === "year") {
+    cacheControl = 60 * 60 * 24 * 365;
+  } else if (cacheControl === "private") {
+    cacheControl = {
+      private: true,
+      noCache: true
+    };
+  } else if (cacheControl === "immutable") {
+    cacheControl = {
+      public: true,
+      immutable: true,
+      maxAge: 60 * 60 * 24 * 365
+    };
+  } else if (cacheControl === "no-cache") {
+    cacheControl = {
+      noCache: true
+    };
   }
-  if (!isQData && pathname !== basePathname && !pathname.endsWith(".html")) {
-    if (!globalThis.__NO_TRAILING_SLASH__) {
-      if (!pathname.endsWith("/")) {
-        throw ev.redirect(HttpStatus.MovedPermanently, pathname + "/" + search);
-      }
-    } else {
-      if (pathname.endsWith("/")) {
-        throw ev.redirect(HttpStatus.MovedPermanently, pathname.slice(0, pathname.length - 1) + search);
-      }
-    }
+  if (typeof cacheControl === "number") {
+    cacheControl = {
+      maxAge: cacheControl,
+      sMaxAge: cacheControl
+    };
+  }
+  if (cacheControl.immutable) {
+    controls.push("immutable");
+  }
+  if (cacheControl.maxAge) {
+    controls.push(`max-age=${cacheControl.maxAge}`);
+  }
+  if (cacheControl.sMaxAge) {
+    controls.push(`s-maxage=${cacheControl.sMaxAge}`);
+  }
+  if (cacheControl.noStore) {
+    controls.push("no-store");
+  }
+  if (cacheControl.noCache) {
+    controls.push("no-cache");
+  }
+  if (cacheControl.private) {
+    controls.push("private");
+  }
+  if (cacheControl.public) {
+    controls.push("public");
+  }
+  if (cacheControl.staleWhileRevalidate) {
+    controls.push(`stale-while-revalidate=${cacheControl.staleWhileRevalidate}`);
+  }
+  if (cacheControl.staleIfError) {
+    controls.push(`stale-if-error=${cacheControl.staleIfError}`);
   }
+  return controls.join(", ");
 }
-function verifySerializable(data, qrl) {
+
+const SAMESITE = {
+  lax: "Lax",
+  Lax: "Lax",
+  None: "None",
+  none: "None",
+  strict: "Strict",
+  Strict: "Strict"
+};
+const UNIT = {
+  seconds: 1,
+  minutes: 1 * 60,
+  hours: 1 * 60 * 60,
+  days: 1 * 60 * 60 * 24,
+  weeks: 1 * 60 * 60 * 24 * 7
+};
+function tryDecodeUriComponent(str) {
   try {
-    _verifySerializable(data, void 0);
-  } catch (e) {
-    if (e instanceof Error && qrl.dev) {
-      e.loc = qrl.dev;
-    }
-    throw e;
+    return decodeURIComponent(str);
+  } catch {
+    return str;
   }
 }
-function isLastModulePageRoute(routeModules) {
-  const lastRouteModule = routeModules[routeModules.length - 1];
-  return lastRouteModule && typeof lastRouteModule.default === "function";
-}
-function getPathname(url) {
-  url = new URL(url);
-  if (url.pathname.endsWith(QDATA_JSON)) {
-    url.pathname = url.pathname.slice(0, -QDATA_JSON.length);
-  }
-  if (!globalThis.__NO_TRAILING_SLASH__) {
-    if (!url.pathname.endsWith("/")) {
-      url.pathname += "/";
-    }
-  } else {
-    if (url.pathname.endsWith("/")) {
-      url.pathname = url.pathname.slice(0, -1);
+const parseCookieString = (cookieString) => {
+  const cookie = {};
+  if (typeof cookieString === "string" && cookieString !== "") {
+    const cookieSegments = cookieString.split(";");
+    for (const cookieSegment of cookieSegments) {
+      const separatorIndex = cookieSegment.indexOf("=");
+      if (separatorIndex !== -1) {
+        cookie[tryDecodeUriComponent(cookieSegment.slice(0, separatorIndex).trim())] = tryDecodeUriComponent(cookieSegment.slice(separatorIndex + 1).trim());
+      }
     }
   }
-  const search = url.search.slice(1).replaceAll(/&?q(action|data|func|loaders)=[^&]+/g, "");
-  return `${url.pathname}${search ? `?${search}` : ""}${url.hash}`;
+  return cookie;
+};
+function resolveSameSite(sameSite) {
+  if (sameSite === true) {
+    return "Strict";
+  }
+  if (sameSite === false) {
+    return "None";
+  }
+  if (sameSite) {
+    return SAMESITE[sameSite];
+  }
+  return void 0;
 }
-const encoder = /* @__PURE__ */ new TextEncoder();
-function renderQwikMiddleware(render) {
-  return async (requestEv) => {
-    if (requestEv.headersSent) {
-      return;
-    }
-    const isPageDataReq = requestEv.sharedMap.has(IsQData);
-    if (isPageDataReq) {
-      return;
-    }
-    requestEv.request.headers.forEach((value, key) => value);
-    const responseHeaders = requestEv.headers;
-    if (!responseHeaders.has("Content-Type")) {
-      responseHeaders.set("Content-Type", "text/html; charset=utf-8");
-    }
-    const eTagCacheKey = requestEv.sharedMap.get(RequestEvETagCacheKey);
-    const { readable, writable } = new TextEncoderStream();
-    const writableStream = requestEv.getWritableStream();
-    let cacheChunks;
-    let pipeSource = readable;
-    if (eTagCacheKey) {
-      cacheChunks = [];
-      const capture = new TransformStream({
-        transform(chunk, controller) {
-          cacheChunks.push(chunk);
-          controller.enqueue(chunk);
-        }
-      });
-      pipeSource = readable.pipeThrough(capture);
+const createSetCookieValue = (cookieName, cookieValue, options) => {
+  const c = [
+    `${cookieName}=${cookieValue}`
+  ];
+  if (typeof options.domain === "string") {
+    c.push(`Domain=${options.domain}`);
+  }
+  if (typeof options.maxAge === "number") {
+    c.push(`Max-Age=${options.maxAge}`);
+  } else if (Array.isArray(options.maxAge)) {
+    c.push(`Max-Age=${options.maxAge[0] * UNIT[options.maxAge[1]]}`);
+  } else if (typeof options.expires === "number" || typeof options.expires == "string") {
+    c.push(`Expires=${options.expires}`);
+  } else if (options.expires instanceof Date) {
+    c.push(`Expires=${options.expires.toUTCString()}`);
+  }
+  if (options.httpOnly) {
+    c.push("HttpOnly");
+  }
+  if (typeof options.path === "string") {
+    c.push(`Path=${options.path}`);
+  }
+  const sameSite = resolveSameSite(options.sameSite);
+  if (sameSite) {
+    c.push(`SameSite=${sameSite}`);
+  }
+  if (options.secure) {
+    c.push("Secure");
+  }
+  return c.join("; ");
+};
+const REQ_COOKIE = /* @__PURE__ */ Symbol("request-cookies");
+const RES_COOKIE = /* @__PURE__ */ Symbol("response-cookies");
+const LIVE_COOKIE = /* @__PURE__ */ Symbol("live-cookies");
+class Cookie {
+  [REQ_COOKIE];
+  [RES_COOKIE] = {};
+  [LIVE_COOKIE] = {};
+  appendCounter = 0;
+  constructor(cookieString) {
+    this[REQ_COOKIE] = parseCookieString(cookieString);
+    this[LIVE_COOKIE] = {
+      ...this[REQ_COOKIE]
+    };
+  }
+  get(cookieName, live = true) {
+    const value = this[live ? LIVE_COOKIE : REQ_COOKIE][cookieName];
+    if (!value) {
+      return null;
     }
-    const pipe = pipeSource.pipeTo(writableStream, {
-      preventClose: true
+    return {
+      value,
+      json() {
+        return JSON.parse(value);
+      },
+      number() {
+        return Number(value);
+      }
+    };
+  }
+  getAll(live = true) {
+    return Object.keys(this[live ? LIVE_COOKIE : REQ_COOKIE]).reduce((cookies, cookieName) => {
+      cookies[cookieName] = this.get(cookieName);
+      return cookies;
+    }, {});
+  }
+  has(cookieName, live = true) {
+    return !!this[live ? LIVE_COOKIE : REQ_COOKIE][cookieName];
+  }
+  set(cookieName, cookieValue, options = {}) {
+    this[LIVE_COOKIE][cookieName] = typeof cookieValue === "string" ? cookieValue : JSON.stringify(cookieValue);
+    const resolvedValue = typeof cookieValue === "string" ? cookieValue : encodeURIComponent(JSON.stringify(cookieValue));
+    this[RES_COOKIE][cookieName] = createSetCookieValue(cookieName, resolvedValue, options);
+  }
+  append(cookieName, cookieValue, options = {}) {
+    this[LIVE_COOKIE][cookieName] = typeof cookieValue === "string" ? cookieValue : JSON.stringify(cookieValue);
+    const resolvedValue = typeof cookieValue === "string" ? cookieValue : encodeURIComponent(JSON.stringify(cookieValue));
+    this[RES_COOKIE][++this.appendCounter] = createSetCookieValue(cookieName, resolvedValue, options);
+  }
+  delete(name, options) {
+    this.set(name, "deleted", {
+      ...options,
+      maxAge: 0
     });
-    const stream = writable.getWriter();
-    const status = requestEv.status();
-    try {
-      const isStatic = getRequestMode(requestEv) === "static";
-      const serverData = getQwikRouterServerData(requestEv);
-      const result = await render({
-        base: requestEv.basePathname + "build/",
-        stream,
-        serverData,
-        containerAttributes: {
-          ["q:render"]: isStatic ? "static" : "",
-          ...serverData.containerAttributes
-        }
-      });
-      const qData = {
-        loaders: getRequestLoaders(requestEv),
-        action: requestEv.sharedMap.get(RequestEvSharedActionId),
-        status: status !== 200 ? status : 200,
-        href: getPathname(requestEv.url)
-      };
-      if (typeof result.html === "string") {
-        await stream.write(result.html);
-      }
-      requestEv.sharedMap.set(RequestEvShareQData, qData);
-    } finally {
-      await stream.ready;
-      await stream.close();
-      await pipe;
-    }
-    if (eTagCacheKey && cacheChunks && cacheChunks.length > 0) {
-      const totalLength = cacheChunks.reduce((sum, chunk) => sum + chunk.length, 0);
-      const combined = new Uint8Array(totalLength);
-      let offset = 0;
-      for (const chunk of cacheChunks) {
-        combined.set(chunk, offset);
-        offset += chunk.length;
-      }
-      setCachedHtml(eTagCacheKey, new TextDecoder().decode(combined));
-    }
-    await writableStream.close();
-  };
-}
-async function renderQData(requestEv) {
-  await requestEv.next();
-  if (requestEv.headersSent || requestEv.exited) {
-    return;
+    this[LIVE_COOKIE][name] = null;
   }
-  const status = requestEv.status();
-  const redirectLocation = requestEv.headers.get("Location");
-  requestEv.request.headers.forEach((value, key) => value);
-  requestEv.headers.set("Content-Type", "application/json; charset=utf-8");
-  let loaders = getRequestLoaders(requestEv);
-  const selectedLoaderIds = requestEv.query.getAll(QLOADER_KEY);
-  const hasCustomLoaders = selectedLoaderIds.length > 0;
-  if (hasCustomLoaders) {
-    const selectedLoaders = {};
-    for (const loaderId of selectedLoaderIds) {
-      const loader = loaders[loaderId];
-      selectedLoaders[loaderId] = loader;
-    }
-    loaders = selectedLoaders;
-  }
-  const qData = hasCustomLoaders ? {
-    // send minimal data to the client
-    loaders,
-    status: status !== 200 ? status : 200,
-    href: getPathname(requestEv.url)
-  } : {
-    loaders,
-    action: requestEv.sharedMap.get(RequestEvSharedActionId),
-    status: status !== 200 ? status : 200,
-    href: getPathname(requestEv.url),
-    redirect: redirectLocation ?? void 0,
-    isRewrite: requestEv.sharedMap.get(RequestEvIsRewrite)
-  };
-  const writer = requestEv.getWritableStream().getWriter();
-  const data = await _serialize(qData);
-  writer.write(encoder.encode(data));
-  requestEv.sharedMap.set(RequestEvShareQData, qData);
-  writer.close();
-}
-function makeQDataPath(href) {
-  if (href.startsWith("/")) {
-    if (!href.includes(QDATA_JSON)) {
-      const url = new URL(href, "http://localhost");
-      const pathname = url.pathname.endsWith("/") ? url.pathname.slice(0, -1) : url.pathname;
-      return pathname + QDATA_JSON + url.search;
-    }
-    return href;
-  } else {
-    return void 0;
+  headers() {
+    return Object.values(this[RES_COOKIE]);
   }
 }
-async function handleQDataRedirect(requestEv) {
-  try {
-    await requestEv.next();
-  } catch (err) {
-    if (!(err instanceof RedirectMessage$1)) {
-      throw err;
+const mergeHeadersCookies = (headers, cookies) => {
+  const cookieHeaders = cookies.headers();
+  if (cookieHeaders.length > 0) {
+    const newHeaders = new Headers(headers);
+    for (const cookie of cookieHeaders) {
+      newHeaders.append("Set-Cookie", cookie);
     }
+    return newHeaders;
   }
-  if (requestEv.headersSent) {
-    return;
-  }
-  const status = requestEv.status();
-  const location = requestEv.headers.get("Location");
-  const isRedirect = status >= 301 && status <= 308 && location;
-  if (isRedirect) {
-    const adaptedLocation = makeQDataPath(location);
-    if (adaptedLocation) {
-      requestEv.headers.set("Location", adaptedLocation);
-      requestEv.getWritableStream().close();
-      return;
-    } else {
-      requestEv.status(200);
-      requestEv.headers.delete("Location");
-    }
+  return headers;
+};
+
+class RewriteMessage extends AbortMessage {
+  pathname;
+  constructor(pathname) {
+    super(), this.pathname = pathname;
   }
 }
-function now() {
-  return typeof performance !== "undefined" ? performance.now() : 0;
+
+const requestEventDeps = {
+  QDATA_KEY,
+  isPromise,
+  createCacheControl,
+  Cookie,
+  AbortMessage,
+  RedirectMessage,
+  RewriteMessage,
+  ServerError,
+  getRouteLoaderPromise,
+  getRouteMatchPathname,
+  IsQData,
+  encoder,
+  getContentType
+};
+function createRequestEvent(...args) {
+  return createRequestEventWithDeps(requestEventDeps, ...args);
 }
-async function measure(requestEv, name, fn) {
-  const start = now();
+
+async function runNextWithDeps(requestEv, rebuildRouteInfo, resolve, deps) {
   try {
-    return await fn();
-  } finally {
-    const duration = now() - start;
-    let measurements = requestEv.sharedMap.get(RequestEvShareServerTiming);
-    if (!measurements) {
-      requestEv.sharedMap.set(RequestEvShareServerTiming, measurements = []);
-    }
-    measurements.push([
-      name,
-      duration
-    ]);
-  }
-}
-async function runValidators(requestEv, validators, data) {
-  let lastResult = {
-    success: true,
-    data
-  };
-  if (validators) {
-    for (const validator of validators) {
-      if (isDev) {
-        lastResult = await measure(requestEv, `validator$`, () => validator.validate(requestEv, data));
-      } else {
-        lastResult = await validator.validate(requestEv, data);
-      }
-      if (!lastResult.success) {
-        return lastResult;
-      } else {
-        data = lastResult.data;
-      }
-    }
+    const isValidURL = (url) => new URL(url.pathname + url.search, url);
+    isValidURL(requestEv.originalUrl);
+  } catch {
+    const status = 404;
+    const message = "Resource Not Found";
+    requestEv.status(status);
+    requestEv.html(status, deps.getErrorHtml(status, message));
+    return new deps.ServerError(status, message);
   }
-  return lastResult;
-}
-function actionsMiddleware(routeActions) {
-  return async (requestEvent) => {
-    const requestEv = requestEvent;
-    if (requestEv.headersSent) {
-      requestEv.exit();
-      return;
-    }
-    const { method } = requestEv;
-    const loaders = getRequestLoaders(requestEv);
-    if (isDev && method === "GET") {
-      if (requestEv.query.has(QACTION_KEY)) {
-        console.warn('Seems like you are submitting a Qwik Action via GET request. Qwik Actions should be submitted via POST request.\nMake sure your <form> has method="POST" attribute, like this: <form method="POST">');
+  let rewriteAttempt = 1;
+  async function runOnce() {
+    try {
+      await requestEv.next();
+    } catch (e) {
+      if (e instanceof deps.RedirectMessage) {
+        const stream = requestEv.getWritableStream();
+        await stream.close();
+        return e;
+      } else if (e instanceof deps.RewriteMessage) {
+        if (rewriteAttempt > 50) {
+          return new Error(`Infinite rewrite loop`);
+        }
+        rewriteAttempt += 1;
+        const url = new URL(requestEv.url);
+        url.pathname = e.pathname;
+        const { loadedRoute, requestHandlers } = await rebuildRouteInfo(url);
+        requestEv.resetRoute(loadedRoute, requestHandlers, url);
+        return await runOnce();
+      } else if (e instanceof deps.AbortMessage) {
+        return;
+      } else if (e instanceof deps.ServerError && !requestEv.headersSent) {
+        const status = e.status;
+        const accept = requestEv.request.headers.get("Accept");
+        if (accept && !accept.includes("text/html")) {
+          requestEv.headers.set("Content-Type", "application/qwik-json");
+          requestEv.send(status, await _serialize(e.data));
+        } else {
+          requestEv.html(status, deps.getErrorHtml(status, e.data));
+        }
+        return e;
       }
-    }
-    if (method === "POST") {
-      const selectedActionId = requestEv.query.get(QACTION_KEY);
-      if (selectedActionId) {
-        const serverActionsMap = globalThis._qwikActionsMap;
-        const action = routeActions.find((action2) => action2.__id === selectedActionId) ?? serverActionsMap?.get(selectedActionId);
-        if (action) {
-          requestEv.sharedMap.set(RequestEvSharedActionId, selectedActionId);
-          const data = await requestEv.parseBody();
-          if (!data || typeof data !== "object") {
-            throw new Error(`Expected request data for the action id ${selectedActionId} to be an object`);
+      if (!isDev) {
+        try {
+          if (!requestEv.headersSent) {
+            requestEv.headers.set("content-type", "text/html; charset=utf-8");
+            requestEv.cacheControl({
+              noCache: true
+            });
+            requestEv.status(500);
           }
-          const result = await runValidators(requestEv, action.__validators, data);
-          if (!result.success) {
-            loaders[selectedActionId] = requestEv.fail(result.status ?? 500, result.error);
-          } else {
-            const actionResolved = isDev ? await measure(requestEv, action.__qrl.getHash(), () => action.__qrl.call(requestEv, result.data, requestEv)) : await action.__qrl.call(requestEv, result.data, requestEv);
-            if (isDev) {
-              verifySerializable(actionResolved, action.__qrl);
-            }
-            loaders[selectedActionId] = actionResolved;
+          const stream = requestEv.getWritableStream();
+          if (!stream.locked) {
+            const writer = stream.getWriter();
+            await writer.write(deps.encoder.encode(deps.getErrorHtml(500, "Internal Server Error")));
+            await writer.close();
           }
+        } catch {
+          console.error("Unable to render error page");
         }
       }
-    }
-  };
-}
-async function getRouteLoaderPromise(loader, loaders, requestEv) {
-  const loaderId = loader.__id;
-  loaders[loaderId] = runValidators(
-    requestEv,
-    loader.__validators,
-    void 0
-    // data
-  ).then((res) => {
-    if (res.success) {
-      if (isDev) {
-        return measure(requestEv, loader.__qrl.getHash(), () => loader.__qrl.call(requestEv, requestEv));
-      } else {
-        return loader.__qrl.call(requestEv, requestEv);
-      }
-    } else {
-      return requestEv.fail(res.status ?? 500, res.error);
-    }
-  }).then((resolvedLoader) => {
-    if (typeof resolvedLoader === "function") {
-      loaders[loaderId] = resolvedLoader();
-    } else {
-      if (isDev) {
-        verifySerializable(resolvedLoader, loader.__qrl);
-      }
-      loaders[loaderId] = resolvedLoader;
-    }
-    return resolvedLoader;
-  });
-  const loadersSerializationStrategy = getRequestLoaderSerializationStrategyMap(requestEv);
-  loadersSerializationStrategy.set(loaderId, loader.__serializationStrategy);
-  return loaders[loaderId];
-}
-function loadersMiddleware(routeLoaders) {
-  return async (requestEvent) => {
-    const requestEv = requestEvent;
-    if (requestEv.headersSent) {
-      requestEv.exit();
-      return;
-    }
-    const loaders = getRequestLoaders(requestEv);
-    if (routeLoaders.length > 0) {
-      const resolvedLoadersPromises = routeLoaders.map((loader) => getRouteLoaderPromise(loader, loaders, requestEv));
-      await Promise.all(resolvedLoadersPromises);
-    }
-  };
-}
-async function runServerFunction(ev) {
-  const serverFnHash = ev.query.get(QFN_KEY);
-  if (serverFnHash && ev.request.headers.get("X-QRL") === serverFnHash && ev.request.headers.get("Content-Type") === "application/qwik-json") {
-    ev.exit();
-    const data = await ev.parseBody();
-    if (!Array.isArray(data) || !(Array.isArray(data[0]) || data[0] === void 0)) {
-      throw ev.error(500, "Invalid request");
-    }
-    const qrl = inlinedQrl(null, serverFnHash, data.slice(1));
-    let result;
-    try {
-      if (isDev) {
-        result = await measure(ev, `server_${serverFnHash}`, () => qrl.apply(ev, data[0]));
-      } else {
-        result = await qrl.apply(ev, data[0]);
-      }
-    } catch (err) {
-      if (err instanceof ServerError$1) {
-        throw ev.error(err.status, err.data);
-      }
-      console.error(`Server function ${serverFnHash} failed:`, err);
-      throw ev.error(500, "Invalid request");
-    }
-    if (isAsyncIterator(result)) {
-      ev.headers.set("Content-Type", "text/qwik-json-stream");
-      const writable = ev.getWritableStream();
-      const stream = writable.getWriter();
-      for await (const item of result) {
-        if (isDev) {
-          verifySerializable(item, qrl);
-        }
-        const message = await _serialize(item);
-        if (ev.signal.aborted) {
-          break;
-        }
-        await stream.write(encoder.encode(`${message}
-`));
-      }
-      stream.close();
-    } else {
-      verifySerializable(result, qrl);
-      ev.headers.set("Content-Type", "application/qwik-json");
-      const message = await _serialize(result);
-      ev.send(200, message);
-    }
-    return;
-  }
-}
-function getContentType(headers) {
-  return (headers.get("content-type")?.split(/[;,]/, 1)[0].trim() ?? "").toLowerCase();
-}
-function isContentType(headers, ...types) {
-  const type = getContentType(headers);
-  for (let i = 0; i < types.length; i++) {
-    if (types[i].toLowerCase() === type) {
-      return true;
+      return e instanceof Error || typeof e === "object" && e !== null ? e : new Error(String(e));
     }
   }
-  return false;
-}
-function checkCSRF(requestEv, laxProto) {
-  const contentType = requestEv.request.headers.get("content-type");
-  const isSimpleRequest = !contentType || isContentType(requestEv.request.headers, "application/x-www-form-urlencoded", "multipart/form-data", "text/plain");
-  if (isSimpleRequest) {
-    const inputOrigin = requestEv.request.headers.get("origin");
-    const origin = requestEv.url.origin;
-    let forbidden = inputOrigin !== origin;
-    if (forbidden && laxProto && inputOrigin?.replace(/^http(s)?/g, "") === origin.replace(/^http(s)?/g, "")) {
-      forbidden = false;
-    }
-    if (forbidden) {
-      throw requestEv.error(403, `CSRF check failed. Cross-site ${requestEv.method} form submissions are forbidden.
-The request origin "${inputOrigin}" does not match the server origin "${origin}".`);
+  try {
+    return await runOnce();
+  } finally {
+    if (!requestEv.isDirty()) {
+      resolve(null);
     }
   }
 }
-function csrfLaxProtoCheckMiddleware(requestEv) {
-  checkCSRF(requestEv, "lax-proto");
-}
-function csrfCheckMiddleware(requestEv) {
-  checkCSRF(requestEv);
+function runQwikRouterWithDeps(serverRequestEv, loadedRoute, requestHandlers, rebuildRouteInfo, basePathname, deps) {
+  let resolve;
+  const responsePromise = new Promise((r) => resolve = r);
+  const requestEv = deps.createRequestEvent(serverRequestEv, loadedRoute, requestHandlers, basePathname, resolve);
+  return {
+    response: responsePromise,
+    requestEv,
+    completion: deps.asyncRequestStore ? deps.asyncRequestStore.run(requestEv, runNextWithDeps, requestEv, rebuildRouteInfo, resolve, deps) : runNextWithDeps(requestEv, rebuildRouteInfo, resolve, deps)
+  };
 }
-const resolveRequestHandlers = (serverPlugins, route, method, checkOrigin, renderHandler, isInternal) => {
-  const routeLoaders = [];
-  const routeActions = [];
-  const requestHandlers = [];
-  const isPageRoute = !!(route && isLastModulePageRoute(route.$mods$));
-  if (isInternal) {
-    requestHandlers.push(handleQDataRedirect);
-  }
-  if (isPageRoute) {
-    requestHandlers.push(serverErrorMiddleware(route, renderHandler));
-  }
-  if (serverPlugins) {
-    _resolveRequestHandlers(routeLoaders, routeActions, requestHandlers, serverPlugins, isPageRoute, method);
-  }
-  if (route) {
-    const routeModules = route.$mods$;
-    _resolveRequestHandlers(routeLoaders, routeActions, requestHandlers, routeModules, isPageRoute, method);
-    const routeName = route.$routeName$;
-    if (checkOrigin && (method === "POST" || method === "PUT" || method === "PATCH" || method === "DELETE")) {
-      if (checkOrigin === "lax-proto") {
-        requestHandlers.unshift(csrfLaxProtoCheckMiddleware);
-      } else {
-        requestHandlers.unshift(csrfCheckMiddleware);
-      }
-    }
-    if (isPageRoute) {
-      if (method === "POST" || method === "GET") {
-        requestHandlers.push(runServerFunction);
-      }
-      requestHandlers.push(fixTrailingSlash);
-      if (isInternal) {
-        requestHandlers.push(renderQData);
-      }
-    }
-    if (isPageRoute) {
-      requestHandlers.push((ev) => {
-        ev.sharedMap.set(RequestRouteName, routeName);
-      });
-      requestHandlers.push(actionsMiddleware(routeActions));
-      requestHandlers.push(loadersMiddleware(routeLoaders));
-      requestHandlers.push(eTagMiddleware(route));
-      requestHandlers.push(renderHandler);
-    }
-  }
-  return requestHandlers;
-};
 
-let _asyncRequestStore;
-if (isServer) {
-  import('node:async_hooks').then((module) => {
-    _asyncRequestStore = new module.AsyncLocalStorage();
-  }).catch((err) => {
-    console.warn("\n=====================\n  Qwik Router Warning:\n    AsyncLocalStorage is not available, continuing without it.\n    This impacts concurrent async server calls, where they lose access to the ServerRequestEv object.\n=====================\n\n", err);
+function runQwikRouter(serverRequestEv, loadedRoute, requestHandlers, rebuildRouteInfo, basePathname = "/") {
+  return runQwikRouterWithDeps(serverRequestEv, loadedRoute, requestHandlers, rebuildRouteInfo, basePathname, {
+    AbortMessage,
+    RedirectMessage,
+    RewriteMessage,
+    ServerError,
+    asyncRequestStore: _asyncRequestStore,
+    createRequestEvent,
+    encoder,
+    getErrorHtml
   });
 }
+
 let qwikRouterConfigActual;
 async function loadRequestHandlers(qwikRouterConfig, pathname, method, checkOrigin, renderFn, isInternal) {
   const { routes, serverPlugins, cacheModules } = qwikRouterConfig;
@@ -1550,26 +1711,6 @@ function isStaticPath(method, url) {
   return false;
 }
 
-class ServerError extends Error {
-  status;
-  data;
-  constructor(status, data) {
-    super(typeof data === "string" ? data : void 0), this.status = status, this.data = data;
-  }
-}
-
-class AbortMessage {
-}
-class RedirectMessage extends AbortMessage {
-}
-
-class RewriteMessage extends AbortMessage {
-  pathname;
-  constructor(pathname) {
-    super(), this.pathname = pathname;
-  }
-}
-
 class _TextEncoderStream_polyfill {
   #pendingHighSurrogate = null;
   #handle = new TextEncoder();