@qwik.dev/router 2.0.0-beta.5 → 2.0.0-beta.6

package/lib/middleware/request-handler/index.mjs

@@ -1,231 +1,3 @@
-// packages/qwik-router/src/middleware/request-handler/error-handler.ts
-var ServerError = class extends Error {
-  constructor(status, data) {
-    super(typeof data === "string" ? data : void 0);
-    this.status = status;
-    this.data = data;
-  }
-};
-function getErrorHtml(status, e) {
-  let message = "Server Error";
-  if (e != null) {
-    if (typeof e.message === "string") {
-      message = e.message;
-    } else {
-      message = String(e);
-    }
-  }
-  return `<html>` + minimalHtmlResponse(status, message) + `</html>`;
-}
-function minimalHtmlResponse(status, message) {
-  if (typeof status !== "number") {
-    status = 500;
-  }
-  if (typeof message === "string") {
-    message = escapeHtml(message);
-  } else {
-    message = "";
-  }
-  const width = typeof message === "string" ? "600px" : "300px";
-  const color = status >= 500 ? COLOR_500 : COLOR_400;
-  return `
-<head>
-  <meta charset="utf-8">
-  <meta http-equiv="Status" content="${status}">
-  <title>${status} ${message}</title>
-  <meta name="viewport" content="width=device-width,initial-scale=1">
-  <style>
-    body { color: ${color}; background-color: #fafafa; padding: 30px; font-family: ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, Roboto, sans-serif; }
-    p { max-width: ${width}; margin: 60px auto 30px auto; background: white; border-radius: 4px; box-shadow: 0px 0px 50px -20px ${color}; overflow: hidden; }
-    strong { display: inline-block; padding: 15px; background: ${color}; color: white; }
-    span { display: inline-block; padding: 15px; }
-  </style>
-</head>
-<body><p><strong>${status}</strong> <span>${message}</span></p></body>
-`;
-}
-var ESCAPE_HTML = /[&<>]/g;
-var escapeHtml = (s) => {
-  return s.replace(ESCAPE_HTML, (c) => {
-    switch (c) {
-      case "&":
-        return "&amp;";
-      case "<":
-        return "&lt;";
-      case ">":
-        return "&gt;";
-      default:
-        return "";
-    }
-  });
-};
-var COLOR_400 = "#006ce9";
-var COLOR_500 = "#713fc2";
-
-// packages/qwik-router/src/middleware/request-handler/cookie.ts
-var SAMESITE = {
-  lax: "Lax",
-  Lax: "Lax",
-  None: "None",
-  none: "None",
-  strict: "Strict",
-  Strict: "Strict"
-};
-var UNIT = {
-  seconds: 1,
-  minutes: 1 * 60,
-  hours: 1 * 60 * 60,
-  days: 1 * 60 * 60 * 24,
-  weeks: 1 * 60 * 60 * 24 * 7
-};
-var createSetCookieValue = (cookieName, cookieValue, options) => {
-  const c = [`${cookieName}=${cookieValue}`];
-  if (typeof options.domain === "string") {
-    c.push(`Domain=${options.domain}`);
-  }
-  if (typeof options.maxAge === "number") {
-    c.push(`Max-Age=${options.maxAge}`);
-  } else if (Array.isArray(options.maxAge)) {
-    c.push(`Max-Age=${options.maxAge[0] * UNIT[options.maxAge[1]]}`);
-  } else if (typeof options.expires === "number" || typeof options.expires == "string") {
-    c.push(`Expires=${options.expires}`);
-  } else if (options.expires instanceof Date) {
-    c.push(`Expires=${options.expires.toUTCString()}`);
-  }
-  if (options.httpOnly) {
-    c.push("HttpOnly");
-  }
-  if (typeof options.path === "string") {
-    c.push(`Path=${options.path}`);
-  }
-  const sameSite = resolveSameSite(options.sameSite);
-  if (sameSite) {
-    c.push(`SameSite=${sameSite}`);
-  }
-  if (options.secure) {
-    c.push("Secure");
-  }
-  return c.join("; ");
-};
-function tryDecodeUriComponent(str) {
-  try {
-    return decodeURIComponent(str);
-  } catch {
-    return str;
-  }
-}
-var parseCookieString = (cookieString) => {
-  const cookie = {};
-  if (typeof cookieString === "string" && cookieString !== "") {
-    const cookieSegments = cookieString.split(";");
-    for (const cookieSegment of cookieSegments) {
-      const separatorIndex = cookieSegment.indexOf("=");
-      if (separatorIndex !== -1) {
-        cookie[tryDecodeUriComponent(cookieSegment.slice(0, separatorIndex).trim())] = tryDecodeUriComponent(cookieSegment.slice(separatorIndex + 1).trim());
-      }
-    }
-  }
-  return cookie;
-};
-function resolveSameSite(sameSite) {
-  if (sameSite === true) {
-    return "Strict";
-  }
-  if (sameSite === false) {
-    return "None";
-  }
-  if (sameSite) {
-    return SAMESITE[sameSite];
-  }
-  return void 0;
-}
-var REQ_COOKIE = Symbol("request-cookies");
-var RES_COOKIE = Symbol("response-cookies");
-var LIVE_COOKIE = Symbol("live-cookies");
-var Cookie = class {
-  [REQ_COOKIE];
-  [RES_COOKIE] = {};
-  [LIVE_COOKIE] = {};
-  appendCounter = 0;
-  constructor(cookieString) {
-    this[REQ_COOKIE] = parseCookieString(cookieString);
-    this[LIVE_COOKIE] = { ...this[REQ_COOKIE] };
-  }
-  get(cookieName, live = true) {
-    const value = this[live ? LIVE_COOKIE : REQ_COOKIE][cookieName];
-    if (!value) {
-      return null;
-    }
-    return {
-      value,
-      json() {
-        return JSON.parse(value);
-      },
-      number() {
-        return Number(value);
-      }
-    };
-  }
-  getAll(live = true) {
-    return Object.keys(this[live ? LIVE_COOKIE : REQ_COOKIE]).reduce(
-      (cookies, cookieName) => {
-        cookies[cookieName] = this.get(cookieName);
-        return cookies;
-      },
-      {}
-    );
-  }
-  has(cookieName, live = true) {
-    return !!this[live ? LIVE_COOKIE : REQ_COOKIE][cookieName];
-  }
-  set(cookieName, cookieValue, options = {}) {
-    this[LIVE_COOKIE][cookieName] = typeof cookieValue === "string" ? cookieValue : JSON.stringify(cookieValue);
-    const resolvedValue = typeof cookieValue === "string" ? cookieValue : encodeURIComponent(JSON.stringify(cookieValue));
-    this[RES_COOKIE][cookieName] = createSetCookieValue(cookieName, resolvedValue, options);
-  }
-  append(cookieName, cookieValue, options = {}) {
-    this[LIVE_COOKIE][cookieName] = typeof cookieValue === "string" ? cookieValue : JSON.stringify(cookieValue);
-    const resolvedValue = typeof cookieValue === "string" ? cookieValue : encodeURIComponent(JSON.stringify(cookieValue));
-    this[RES_COOKIE][++this.appendCounter] = createSetCookieValue(
-      cookieName,
-      resolvedValue,
-      options
-    );
-  }
-  delete(name, options) {
-    this.set(name, "deleted", { ...options, maxAge: 0 });
-    this[LIVE_COOKIE][name] = null;
-  }
-  headers() {
-    return Object.values(this[RES_COOKIE]);
-  }
-};
-var mergeHeadersCookies = (headers, cookies) => {
-  const cookieHeaders = cookies.headers();
-  if (cookieHeaders.length > 0) {
-    const newHeaders = new Headers(headers);
-    for (const cookie of cookieHeaders) {
-      newHeaders.append("Set-Cookie", cookie);
-    }
-    return newHeaders;
-  }
-  return headers;
-};
-
-// packages/qwik-router/src/middleware/request-handler/redirect-handler.ts
-var AbortMessage = class {
-};
-var RedirectMessage = class extends AbortMessage {
-};
-
-// packages/qwik-router/src/middleware/request-handler/rewrite-handler.ts
-var RewriteMessage = class extends AbortMessage {
-  constructor(pathname) {
-    super();
-    this.pathname = pathname;
-  }
-};
-
 // packages/qwik-router/src/runtime/src/constants.ts
 var MODULE_CACHE = /* @__PURE__ */ new WeakMap();
 var QACTION_KEY = "qaction";
@@ -526,7 +298,228 @@ function createCacheControl(cacheControl) {
   return controls.join(", ");
 }
 
+// packages/qwik-router/src/middleware/request-handler/cookie.ts
+var SAMESITE = {
+  lax: "Lax",
+  Lax: "Lax",
+  None: "None",
+  none: "None",
+  strict: "Strict",
+  Strict: "Strict"
+};
+var UNIT = {
+  seconds: 1,
+  minutes: 1 * 60,
+  hours: 1 * 60 * 60,
+  days: 1 * 60 * 60 * 24,
+  weeks: 1 * 60 * 60 * 24 * 7
+};
+var createSetCookieValue = (cookieName, cookieValue, options) => {
+  const c = [`${cookieName}=${cookieValue}`];
+  if (typeof options.domain === "string") {
+    c.push(`Domain=${options.domain}`);
+  }
+  if (typeof options.maxAge === "number") {
+    c.push(`Max-Age=${options.maxAge}`);
+  } else if (Array.isArray(options.maxAge)) {
+    c.push(`Max-Age=${options.maxAge[0] * UNIT[options.maxAge[1]]}`);
+  } else if (typeof options.expires === "number" || typeof options.expires == "string") {
+    c.push(`Expires=${options.expires}`);
+  } else if (options.expires instanceof Date) {
+    c.push(`Expires=${options.expires.toUTCString()}`);
+  }
+  if (options.httpOnly) {
+    c.push("HttpOnly");
+  }
+  if (typeof options.path === "string") {
+    c.push(`Path=${options.path}`);
+  }
+  const sameSite = resolveSameSite(options.sameSite);
+  if (sameSite) {
+    c.push(`SameSite=${sameSite}`);
+  }
+  if (options.secure) {
+    c.push("Secure");
+  }
+  return c.join("; ");
+};
+function tryDecodeUriComponent(str) {
+  try {
+    return decodeURIComponent(str);
+  } catch {
+    return str;
+  }
+}
+var parseCookieString = (cookieString) => {
+  const cookie = {};
+  if (typeof cookieString === "string" && cookieString !== "") {
+    const cookieSegments = cookieString.split(";");
+    for (const cookieSegment of cookieSegments) {
+      const separatorIndex = cookieSegment.indexOf("=");
+      if (separatorIndex !== -1) {
+        cookie[tryDecodeUriComponent(cookieSegment.slice(0, separatorIndex).trim())] = tryDecodeUriComponent(cookieSegment.slice(separatorIndex + 1).trim());
+      }
+    }
+  }
+  return cookie;
+};
+function resolveSameSite(sameSite) {
+  if (sameSite === true) {
+    return "Strict";
+  }
+  if (sameSite === false) {
+    return "None";
+  }
+  if (sameSite) {
+    return SAMESITE[sameSite];
+  }
+  return void 0;
+}
+var REQ_COOKIE = Symbol("request-cookies");
+var RES_COOKIE = Symbol("response-cookies");
+var LIVE_COOKIE = Symbol("live-cookies");
+var Cookie = class {
+  [REQ_COOKIE];
+  [RES_COOKIE] = {};
+  [LIVE_COOKIE] = {};
+  appendCounter = 0;
+  constructor(cookieString) {
+    this[REQ_COOKIE] = parseCookieString(cookieString);
+    this[LIVE_COOKIE] = { ...this[REQ_COOKIE] };
+  }
+  get(cookieName, live = true) {
+    const value = this[live ? LIVE_COOKIE : REQ_COOKIE][cookieName];
+    if (!value) {
+      return null;
+    }
+    return {
+      value,
+      json() {
+        return JSON.parse(value);
+      },
+      number() {
+        return Number(value);
+      }
+    };
+  }
+  getAll(live = true) {
+    return Object.keys(this[live ? LIVE_COOKIE : REQ_COOKIE]).reduce(
+      (cookies, cookieName) => {
+        cookies[cookieName] = this.get(cookieName);
+        return cookies;
+      },
+      {}
+    );
+  }
+  has(cookieName, live = true) {
+    return !!this[live ? LIVE_COOKIE : REQ_COOKIE][cookieName];
+  }
+  set(cookieName, cookieValue, options = {}) {
+    this[LIVE_COOKIE][cookieName] = typeof cookieValue === "string" ? cookieValue : JSON.stringify(cookieValue);
+    const resolvedValue = typeof cookieValue === "string" ? cookieValue : encodeURIComponent(JSON.stringify(cookieValue));
+    this[RES_COOKIE][cookieName] = createSetCookieValue(cookieName, resolvedValue, options);
+  }
+  append(cookieName, cookieValue, options = {}) {
+    this[LIVE_COOKIE][cookieName] = typeof cookieValue === "string" ? cookieValue : JSON.stringify(cookieValue);
+    const resolvedValue = typeof cookieValue === "string" ? cookieValue : encodeURIComponent(JSON.stringify(cookieValue));
+    this[RES_COOKIE][++this.appendCounter] = createSetCookieValue(
+      cookieName,
+      resolvedValue,
+      options
+    );
+  }
+  delete(name, options) {
+    this.set(name, "deleted", { ...options, maxAge: 0 });
+    this[LIVE_COOKIE][name] = null;
+  }
+  headers() {
+    return Object.values(this[RES_COOKIE]);
+  }
+};
+var mergeHeadersCookies = (headers, cookies) => {
+  const cookieHeaders = cookies.headers();
+  if (cookieHeaders.length > 0) {
+    const newHeaders = new Headers(headers);
+    for (const cookie of cookieHeaders) {
+      newHeaders.append("Set-Cookie", cookie);
+    }
+    return newHeaders;
+  }
+  return headers;
+};
+
+// packages/qwik-router/src/middleware/request-handler/request-event.ts
+import {
+  AbortMessage as AbortMessage2,
+  RedirectMessage as RedirectMessage2,
+  ServerError as ServerError2,
+  RewriteMessage as RewriteMessage2
+} from "@qwik.dev/router/middleware/request-handler";
+
+// packages/qwik-router/src/middleware/request-handler/error-handler.ts
+function getErrorHtml(status, e) {
+  let message = "Server Error";
+  if (e != null) {
+    if (typeof e.message === "string") {
+      message = e.message;
+    } else {
+      message = String(e);
+    }
+  }
+  return `<html>` + minimalHtmlResponse(status, message) + `</html>`;
+}
+function minimalHtmlResponse(status, message) {
+  if (typeof status !== "number") {
+    status = 500;
+  }
+  if (typeof message === "string") {
+    message = escapeHtml(message);
+  } else {
+    message = "";
+  }
+  const width = typeof message === "string" ? "600px" : "300px";
+  const color = status >= 500 ? COLOR_500 : COLOR_400;
+  return `
+<head>
+  <meta charset="utf-8">
+  <meta http-equiv="Status" content="${status}">
+  <title>${status} ${message}</title>
+  <meta name="viewport" content="width=device-width,initial-scale=1">
+  <style>
+    body { color: ${color}; background-color: #fafafa; padding: 30px; font-family: ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, Roboto, sans-serif; }
+    p { max-width: ${width}; margin: 60px auto 30px auto; background: white; border-radius: 4px; box-shadow: 0px 0px 50px -20px ${color}; overflow: hidden; }
+    strong { display: inline-block; padding: 15px; background: ${color}; color: white; }
+    span { display: inline-block; padding: 15px; }
+  </style>
+</head>
+<body><p><strong>${status}</strong> <span>${message}</span></p></body>
+`;
+}
+var ESCAPE_HTML = /[&<>]/g;
+var escapeHtml = (s) => {
+  return s.replace(ESCAPE_HTML, (c) => {
+    switch (c) {
+      case "&":
+        return "&amp;";
+      case "<":
+        return "&lt;";
+      case ">":
+        return "&gt;";
+      default:
+        return "";
+    }
+  });
+};
+var COLOR_400 = "#006ce9";
+var COLOR_500 = "#713fc2";
+
 // packages/qwik-router/src/middleware/request-handler/user-response.ts
+import {
+  AbortMessage,
+  RedirectMessage,
+  ServerError,
+  RewriteMessage
+} from "@qwik.dev/router/middleware/request-handler";
 var asyncStore;
 import("node:async_hooks").then((module) => {
   const AsyncLocalStorage = module.AsyncLocalStorage;
@@ -538,14 +531,13 @@ import("node:async_hooks").then((module) => {
     err
   );
 });
-function runQwikRouter(serverRequestEv, loadedRoute, requestHandlers, rebuildRouteInfo, trailingSlash = true, basePathname = "/", qwikSerializer) {
+function runQwikRouter(serverRequestEv, loadedRoute, requestHandlers, rebuildRouteInfo, basePathname = "/", qwikSerializer) {
   let resolve;
   const responsePromise = new Promise((r) => resolve = r);
   const requestEv = createRequestEvent(
     serverRequestEv,
     loadedRoute,
     requestHandlers,
-    trailingSlash,
     basePathname,
     qwikSerializer,
     resolve
@@ -599,7 +591,7 @@ async function runNext(requestEv, rebuildRouteInfo, resolve) {
             const stream = requestEv.getWritableStream();
             if (!stream.locked) {
               const writer = stream.getWriter();
-              await writer.write(encoder.encode(minimalHtmlResponse(500, "Internal Server Error")));
+              await writer.write(encoder.encode(getErrorHtml(500, "Internal Server Error")));
               await writer.close();
             }
           } catch {
@@ -619,9 +611,9 @@ async function runNext(requestEv, rebuildRouteInfo, resolve) {
     }
   }
 }
-function getRouteMatchPathname(pathname, trailingSlash) {
+function getRouteMatchPathname(pathname) {
   if (pathname.endsWith(QDATA_JSON)) {
-    const trimEnd = pathname.length - QDATA_JSON_LEN + (trailingSlash ? 1 : 0);
+    const trimEnd = pathname.length - QDATA_JSON_LEN + (globalThis.__NO_TRAILING_SLASH__ ? 0 : 1);
     pathname = pathname.slice(0, trimEnd);
     if (pathname === "") {
       pathname = "/";
@@ -641,7 +633,6 @@ var RequestEvQwikSerializer = Symbol("RequestEvQwikSerializer");
 var RequestEvLoaderSerializationStrategyMap = Symbol(
   "RequestEvLoaderSerializationStrategyMap"
 );
-var RequestEvTrailingSlash = Symbol("RequestEvTrailingSlash");
 var RequestRouteName = "@routeName";
 var RequestEvSharedActionId = "@actionId";
 var RequestEvSharedActionFormData = "@actionFormData";
@@ -649,7 +640,7 @@ var RequestEvSharedNonce = "@nonce";
 var RequestEvIsRewrite = "@rewrite";
 var RequestEvShareServerTiming = "@serverTiming";
 var RequestEvShareQData = "qData";
-function createRequestEvent(serverRequestEv, loadedRoute, requestHandlers, trailingSlash, basePathname, qwikSerializer, resolved) {
+function createRequestEvent(serverRequestEv, loadedRoute, requestHandlers, basePathname, qwikSerializer, resolved) {
   const { request, platform, env } = serverRequestEv;
   const sharedMap = /* @__PURE__ */ new Map();
   const cookie = new Cookie(request.headers.get("cookie"));
@@ -657,7 +648,7 @@ function createRequestEvent(serverRequestEv, loadedRoute, requestHandlers, trail
   const url = new URL(request.url);
   if (url.pathname.endsWith(QDATA_JSON)) {
     url.pathname = url.pathname.slice(0, -QDATA_JSON_LEN);
-    if (trailingSlash && !url.pathname.endsWith("/")) {
+    if (!globalThis.__NO_TRAILING_SLASH__ && !url.pathname.endsWith("/")) {
       url.pathname += "/";
     }
     sharedMap.set(IsQData, true);
@@ -727,14 +718,13 @@ function createRequestEvent(serverRequestEv, loadedRoute, requestHandlers, trail
   };
   const exit = () => {
     routeModuleIndex = ABORT_INDEX;
-    return new AbortMessage();
+    return new AbortMessage2();
   };
   const loaders = {};
   const requestEv = {
     [RequestEvLoaders]: loaders,
     [RequestEvLoaderSerializationStrategyMap]: /* @__PURE__ */ new Map(),
     [RequestEvMode]: serverRequestEv.mode,
-    [RequestEvTrailingSlash]: trailingSlash,
     get [RequestEvRoute]() {
       return loadedRoute;
     },
@@ -806,7 +796,7 @@ function createRequestEvent(serverRequestEv, loadedRoute, requestHandlers, trail
     },
     error: (statusCode, message) => {
       status = statusCode;
-      return new ServerError(statusCode, message);
+      return new ServerError2(statusCode, message);
     },
     redirect: (statusCode, url2) => {
       check();
@@ -822,7 +812,7 @@ function createRequestEvent(serverRequestEv, loadedRoute, requestHandlers, trail
         headers.set("Cache-Control", "no-store");
       }
       exit();
-      return new RedirectMessage();
+      return new RedirectMessage2();
     },
     rewrite: (pathname) => {
       check();
@@ -830,7 +820,7 @@ function createRequestEvent(serverRequestEv, loadedRoute, requestHandlers, trail
         throw new Error("Rewrite does not support absolute urls");
       }
       sharedMap.set(RequestEvIsRewrite, true);
-      return new RewriteMessage(pathname.replace(/\/+/g, "/"));
+      return new RewriteMessage2(pathname.replace(/\/+/g, "/"));
     },
     defer: (returnData) => {
       return typeof returnData === "function" ? returnData : () => returnData;
@@ -895,9 +885,6 @@ function getRequestLoaders(requestEv) {
 function getRequestLoaderSerializationStrategyMap(requestEv) {
   return requestEv[RequestEvLoaderSerializationStrategyMap];
 }
-function getRequestTrailingSlash(requestEv) {
-  return requestEv[RequestEvTrailingSlash];
-}
 function getRequestRoute(requestEv) {
   return requestEv[RequestEvRoute];
 }
@@ -994,6 +981,7 @@ function getQwikRouterServerData(requestEv) {
 }
 
 // packages/qwik-router/src/middleware/request-handler/resolve-request-handlers.ts
+import { RedirectMessage as RedirectMessage3, ServerError as ServerError3 } from "@qwik.dev/router/middleware/request-handler";
 var resolveRequestHandlers = (serverPlugins, route, method, checkOrigin, renderHandler) => {
   const routeLoaders = [];
   const routeActions = [];
@@ -1013,6 +1001,9 @@ var resolveRequestHandlers = (serverPlugins, route, method, checkOrigin, renderH
     const routeName = route[0 /* RouteName */];
     if (checkOrigin && (method === "POST" || method === "PUT" || method === "PATCH" || method === "DELETE")) {
       requestHandlers.unshift(csrfCheckMiddleware);
+      if (checkOrigin === "lax-proto") {
+        requestHandlers.push(csrfLaxProtoCheckMiddleware);
+      }
     }
     if (isPageRoute) {
       if (method === "POST" || method === "GET") {
@@ -1266,7 +1257,7 @@ async function pureServerFunction(ev) {
             result = await qrl.apply(ev, args);
           }
         } catch (err) {
-          if (err instanceof ServerError) {
+          if (err instanceof ServerError3) {
             throw ev.error(err.status, err.data);
           }
           throw ev.error(500, "Invalid request");
@@ -1300,12 +1291,11 @@ async function pureServerFunction(ev) {
   }
 }
 function fixTrailingSlash(ev) {
-  const trailingSlash = getRequestTrailingSlash(ev);
   const { basePathname, originalUrl, sharedMap } = ev;
   const { pathname, search } = originalUrl;
   const isQData = sharedMap.has(IsQData);
   if (!isQData && pathname !== basePathname && !pathname.endsWith(".html")) {
-    if (trailingSlash) {
+    if (!globalThis.__NO_TRAILING_SLASH__) {
       if (!pathname.endsWith("/")) {
         throw ev.redirect(301 /* MovedPermanently */, pathname + "/" + search);
       }
@@ -1336,12 +1326,12 @@ function isLastModulePageRoute(routeModules) {
   const lastRouteModule = routeModules[routeModules.length - 1];
   return lastRouteModule && typeof lastRouteModule.default === "function";
 }
-function getPathname(url, trailingSlash) {
+function getPathname(url) {
   url = new URL(url);
   if (url.pathname.endsWith(QDATA_JSON)) {
     url.pathname = url.pathname.slice(0, -QDATA_JSON.length);
   }
-  if (trailingSlash) {
+  if (!globalThis.__NO_TRAILING_SLASH__) {
     if (!url.pathname.endsWith("/")) {
       url.pathname += "/";
     }
@@ -1354,7 +1344,13 @@ function getPathname(url, trailingSlash) {
   return `${url.pathname}${search ? `?${search}` : ""}${url.hash}`;
 }
 var encoder = /* @__PURE__ */ new TextEncoder();
+function csrfLaxProtoCheckMiddleware(requestEv) {
+  checkCSRF(requestEv, "lax-proto");
+}
 function csrfCheckMiddleware(requestEv) {
+  checkCSRF(requestEv);
+}
+function checkCSRF(requestEv, laxProto) {
   const isForm = isContentType(
     requestEv.request.headers,
     "application/x-www-form-urlencoded",
@@ -1364,7 +1360,10 @@ function csrfCheckMiddleware(requestEv) {
   if (isForm) {
     const inputOrigin = requestEv.request.headers.get("origin");
     const origin = requestEv.url.origin;
-    const forbidden = inputOrigin !== origin;
+    let forbidden = inputOrigin !== origin;
+    if (forbidden && laxProto && origin.startsWith("https://") && (inputOrigin == null ? void 0 : inputOrigin.slice(4)) === origin.slice(5)) {
+      forbidden = false;
+    }
     if (forbidden) {
       throw requestEv.error(
         403,
@@ -1389,7 +1388,6 @@ function renderQwikMiddleware(render) {
     if (!responseHeaders.has("Content-Type")) {
       responseHeaders.set("Content-Type", "text/html; charset=utf-8");
     }
-    const trailingSlash = getRequestTrailingSlash(requestEv);
     const { readable, writable } = new TextEncoderStream();
     const writableStream = requestEv.getWritableStream();
     const pipe = readable.pipeTo(writableStream, { preventClose: true });
@@ -1411,7 +1409,7 @@ function renderQwikMiddleware(render) {
         loaders: getRequestLoaders(requestEv),
         action: requestEv.sharedMap.get(RequestEvSharedActionId),
         status: status !== 200 ? status : 200,
-        href: getPathname(requestEv.url, trailingSlash)
+        href: getPathname(requestEv.url)
       };
       if (typeof result.html === "string") {
         await stream.write(result.html);
@@ -1433,7 +1431,7 @@ async function handleRedirect(requestEv) {
   try {
     await requestEv.next();
   } catch (err) {
-    if (!(err instanceof RedirectMessage)) {
+    if (!(err instanceof RedirectMessage3)) {
       throw err;
     }
   }
@@ -1466,7 +1464,6 @@ async function renderQData(requestEv) {
   }
   const status = requestEv.status();
   const redirectLocation = requestEv.headers.get("Location");
-  const trailingSlash = getRequestTrailingSlash(requestEv);
   const requestHeaders = {};
   requestEv.request.headers.forEach((value, key) => requestHeaders[key] = value);
   requestEv.headers.set("Content-Type", "application/json; charset=utf-8");
@@ -1485,12 +1482,12 @@ async function renderQData(requestEv) {
     // send minimal data to the client
     loaders,
     status: status !== 200 ? status : 200,
-    href: getPathname(requestEv.url, trailingSlash)
+    href: getPathname(requestEv.url)
   } : {
     loaders,
     action: requestEv.sharedMap.get(RequestEvSharedActionId),
     status: status !== 200 ? status : 200,
-    href: getPathname(requestEv.url, trailingSlash),
+    href: getPathname(requestEv.url),
     redirect: redirectLocation ?? void 0,
     isRewrite: requestEv.sharedMap.get(RequestEvIsRewrite)
   };
@@ -1534,13 +1531,21 @@ function isContentType(headers, ...types) {
 }
 
 // packages/qwik-router/src/middleware/request-handler/request-handler.ts
+var qwikRouterConfigActual;
 async function requestHandler(serverRequestEv, opts, qwikSerializer) {
-  const { render, qwikRouterConfig, checkOrigin } = opts;
+  const { render, checkOrigin } = opts;
+  let { qwikRouterConfig } = opts;
+  if (!qwikRouterConfig) {
+    if (!qwikRouterConfigActual) {
+      qwikRouterConfigActual = await import("@qwik-router-config");
+    }
+    qwikRouterConfig = qwikRouterConfigActual;
+  }
   if (!qwikRouterConfig) {
     throw new Error("qwikRouterConfig is required.");
   }
   const pathname = serverRequestEv.url.pathname;
-  const matchPathname = getRouteMatchPathname(pathname, qwikRouterConfig.trailingSlash);
+  const matchPathname = getRouteMatchPathname(pathname);
   const routeAndHandlers = await loadRequestHandlers(
     qwikRouterConfig,
     matchPathname,
@@ -1551,7 +1556,7 @@ async function requestHandler(serverRequestEv, opts, qwikSerializer) {
   if (routeAndHandlers) {
     const [route, requestHandlers] = routeAndHandlers;
     const rebuildRouteInfo = async (url) => {
-      const matchPathname2 = getRouteMatchPathname(url.pathname, qwikRouterConfig.trailingSlash);
+      const matchPathname2 = getRouteMatchPathname(url.pathname);
       const routeAndHandlers2 = await loadRequestHandlers(
         qwikRouterConfig,
         matchPathname2,
@@ -1571,7 +1576,6 @@ async function requestHandler(serverRequestEv, opts, qwikSerializer) {
       route,
       requestHandlers,
       rebuildRouteInfo,
-      qwikRouterConfig.trailingSlash,
       qwikRouterConfig.basePathname,
       qwikSerializer
     );
@@ -1594,6 +1598,71 @@ async function loadRequestHandlers(qwikRouterConfig, pathname, method, checkOrig
   return null;
 }
 
+// packages/qwik-router/src/middleware/request-handler/not-found-paths.ts
+var notFounds = [
+  // Will be replaced in post-build with the 404s generated by SSG
+  "__QWIK_ROUTER_NOT_FOUND_ARRAY__"
+];
+function getNotFound(prefix) {
+  for (const [path, html] of notFounds) {
+    if (prefix.startsWith(path)) {
+      return html;
+    }
+  }
+  return minimalHtmlResponse(404, "Resource Not Found");
+}
+
+// packages/qwik-router/src/middleware/request-handler/static-paths.ts
+var staticPaths = /* @__PURE__ */ new Set(["__QWIK_ROUTER_STATIC_PATHS_ARRAY__"]);
+function isStaticPath(method, url) {
+  if (method.toUpperCase() !== "GET") {
+    return false;
+  }
+  const p = url.pathname;
+  if (p.startsWith("/" + (globalThis.__QWIK_BUILD_DIR__ || "build") + "/")) {
+    return true;
+  }
+  if (p.startsWith("/" + (globalThis.__QWIK_ASSETS_DIR__ || "assets") + "/")) {
+    return true;
+  }
+  if (staticPaths.has(p)) {
+    return true;
+  }
+  if (p.endsWith("/q-data.json")) {
+    const pWithoutQdata = p.replace(/\/q-data.json$/, "");
+    if (staticPaths.has(pWithoutQdata + "/")) {
+      return true;
+    }
+    if (staticPaths.has(pWithoutQdata)) {
+      return true;
+    }
+  }
+  return false;
+}
+
+// packages/qwik-router/src/middleware/request-handler/server-error.ts
+var ServerError4 = class extends Error {
+  constructor(status, data) {
+    super(typeof data === "string" ? data : void 0);
+    this.status = status;
+    this.data = data;
+  }
+};
+
+// packages/qwik-router/src/middleware/request-handler/redirect-handler.ts
+var AbortMessage3 = class {
+};
+var RedirectMessage4 = class extends AbortMessage3 {
+};
+
+// packages/qwik-router/src/middleware/request-handler/rewrite-handler.ts
+var RewriteMessage3 = class extends AbortMessage3 {
+  constructor(pathname) {
+    super();
+    this.pathname = pathname;
+  }
+};
+
 // packages/qwik-router/src/middleware/request-handler/polyfill.ts
 var _TextEncoderStream_polyfill = class {
   #pendingHighSurrogate = null;
@@ -1648,13 +1717,15 @@ var _TextEncoderStream_polyfill = class {
   }
 };
 export {
-  AbortMessage,
-  RedirectMessage,
+  AbortMessage3 as AbortMessage,
+  RedirectMessage4 as RedirectMessage,
   RequestEvShareQData,
-  RewriteMessage,
-  ServerError,
+  RewriteMessage3 as RewriteMessage,
+  ServerError4 as ServerError,
   _TextEncoderStream_polyfill,
   getErrorHtml,
+  getNotFound,
+  isStaticPath,
   mergeHeadersCookies,
   requestHandler
 };