@sveltejs/kit 1.0.0-next.312 → 1.0.0-next.316

package/assets/client/start.js

@@ -27,10 +27,7 @@ function normalize(loaded) {
 		const status = loaded.status;
 
 		if (!loaded.error && has_error_status) {
-			return {
-				status: status || 500,
-				error: new Error()
-			};
+			return { status: status || 500, error: new Error() };
 		}
 
 		const error = typeof loaded.error === 'string' ? new Error(loaded.error) : loaded.error;
@@ -70,6 +67,18 @@ function normalize(loaded) {
 		}
 	}
 
+	if (loaded.dependencies) {
+		if (
+			!Array.isArray(loaded.dependencies) ||
+			loaded.dependencies.some((dep) => typeof dep !== 'string')
+		) {
+			return {
+				status: 500,
+				error: new Error('"dependencies" property returned from load() must be of type string[]')
+			};
+		}
+	}
+
 	// TODO remove before 1.0
 	if (/** @type {any} */ (loaded).context) {
 		throw new Error(
@@ -389,6 +398,8 @@ const routes = parse(components, dictionary, matchers);
 const default_layout = components[0]();
 const default_error = components[1]();
 
+const root_stuff = {};
+
 // We track the scroll position associated with each history entry in sessionStorage,
 // rather than on history.state itself, because when navigation is driven by
 // popstate it's too late to update the scroll position associated with the
@@ -421,8 +432,8 @@ function create_client({ target, session, base, trailing_slash }) {
 	/** @type {Map<string, import('./types').NavigationResult>} */
 	const cache = new Map();
 
-	/** @type {Set<string>} */
-	const invalidated = new Set();
+	/** @type {Array<((href: string) => boolean)>} */
+	const invalidated = [];
 
 	const stores = {
 		url: notifiable_store({}),
@@ -448,10 +459,12 @@ function create_client({ target, session, base, trailing_slash }) {
 
 	/** @type {import('./types').NavigationState} */
 	let current = {
-		// @ts-ignore - we need the initial value to be null
-		url: null,
+		branch: [],
+		error: null,
 		session_id: 0,
-		branch: []
+		stuff: root_stuff,
+		// @ts-ignore - we need the initial value to be null
+		url: null
 	};
 
 	let started = false;
@@ -485,17 +498,28 @@ function create_client({ target, session, base, trailing_slash }) {
 	let router_enabled = true;
 
 	// keeping track of the history index in order to prevent popstate navigation events if needed
-	let current_history_index = history.state?.[INDEX_KEY] ?? 0;
+	let current_history_index = history.state?.[INDEX_KEY];
+
+	if (!current_history_index) {
+		// we use Date.now() as an offset so that cross-document navigations
+		// within the app don't result in data loss
+		current_history_index = Date.now();
 
-	if (current_history_index === 0) {
 		// create initial history entry, so we can return here
-		history.replaceState({ ...history.state, [INDEX_KEY]: 0 }, '', location.href);
+		history.replaceState(
+			{ ...history.state, [INDEX_KEY]: current_history_index },
+			'',
+			location.href
+		);
 	}
 
 	// if we reload the page, or Cmd-Shift-T back to it,
 	// recover scroll position
 	const scroll = scroll_positions[current_history_index];
-	if (scroll) scrollTo(scroll.x, scroll.y);
+	if (scroll) {
+		history.scrollRestoration = 'manual';
+		scrollTo(scroll.x, scroll.y);
+	}
 
 	let hash_navigating = false;
 
@@ -590,7 +614,7 @@ function create_client({ target, session, base, trailing_slash }) {
 		// abort if user navigated during update
 		if (token !== current_token) return;
 
-		invalidated.clear();
+		invalidated.length = 0;
 
 		if (navigation_result.redirect) {
 			if (redirect_chain.length > 10 || redirect_chain.includes(url.pathname)) {
@@ -699,7 +723,7 @@ function create_client({ target, session, base, trailing_slash }) {
 	function initialize(result) {
 		current = result.state;
 
-		const style = document.querySelector('style[data-svelte]');
+		const style = document.querySelector('style[data-sveltekit]');
 		if (style) style.remove();
 
 		page = result.props.page;
@@ -726,7 +750,7 @@ function create_client({ target, session, base, trailing_slash }) {
 	 *   stuff: Record<string, any>;
 	 *   branch: Array<import('./types').BranchNode | undefined>;
 	 *   status: number;
-	 *   error?: Error;
+	 *   error: Error | null;
 	 *   routeId: string | null;
 	 * }} opts
 	 */
@@ -749,6 +773,8 @@ function create_client({ target, session, base, trailing_slash }) {
 				url,
 				params,
 				branch,
+				error,
+				stuff,
 				session_id
 			},
 			props: {
@@ -761,7 +787,13 @@ function create_client({ target, session, base, trailing_slash }) {
 			result.props[`props_${i}`] = loaded ? await loaded.props : null;
 		}
 
-		if (!current.url || url.href !== current.url.href) {
+		const page_changed =
+			!current.url ||
+			url.href !== current.url.href ||
+			current.error !== error ||
+			current.stuff !== stuff;
+
+		if (page_changed) {
 			result.props.page = { error, params, routeId, status, stuff, url };
 
 			// TODO remove this for 1.0
@@ -839,6 +871,12 @@ function create_client({ target, session, base, trailing_slash }) {
 			stuff
 		};
 
+		/** @param dep {string} */
+		function add_dependency(dep) {
+			const { href } = new URL(dep, url);
+			node.uses.dependencies.add(href);
+		}
+
 		if (props) {
 			// shadow endpoint props means we need to mark this URL as a dependency of itself
 			node.uses.dependencies.add(url.href);
@@ -859,7 +897,7 @@ function create_client({ target, session, base, trailing_slash }) {
 		const session = $session;
 
 		if (module.load) {
-			/** @type {import('types').LoadInput | import('types').ErrorLoadInput} */
+			/** @type {import('types').LoadInput} */
 			const load_input = {
 				routeId,
 				params: uses_params,
@@ -878,11 +916,12 @@ function create_client({ target, session, base, trailing_slash }) {
 				},
 				fetch(resource, info) {
 					const requested = typeof resource === 'string' ? resource : resource.url;
-					const { href } = new URL(requested, url);
-					node.uses.dependencies.add(href);
+					add_dependency(requested);
 
 					return started ? fetch(resource, info) : initial_fetch(resource, info);
-				}
+				},
+				status: status ?? null,
+				error: error ?? null
 			};
 
 			if (import.meta.env.DEV) {
@@ -894,11 +933,6 @@ function create_client({ target, session, base, trailing_slash }) {
 				});
 			}
 
-			if (error) {
-				/** @type {import('types').ErrorLoadInput} */ (load_input).status = status;
-				/** @type {import('types').ErrorLoadInput} */ (load_input).error = error;
-			}
-
 			const loaded = await module.load.call(null, load_input);
 
 			if (!loaded) {
@@ -907,6 +941,9 @@ function create_client({ target, session, base, trailing_slash }) {
 
 			node.loaded = normalize(loaded);
 			if (node.loaded.stuff) node.stuff = node.loaded.stuff;
+			if (node.loaded.dependencies) {
+				node.loaded.dependencies.forEach(add_dependency);
+			}
 		} else if (props) {
 			node.loaded = normalize({ props });
 		}
@@ -940,14 +977,14 @@ function create_client({ target, session, base, trailing_slash }) {
 		let branch = [];
 
 		/** @type {Record<string, any>} */
-		let stuff = {};
+		let stuff = root_stuff;
 		let stuff_changed = false;
 
 		/** @type {number | undefined} */
 		let status = 200;
 
-		/** @type {Error | undefined} */
-		let error;
+		/** @type {Error | null} */
+		let error = null;
 
 		// preload modules
 		a.forEach((loader) => loader());
@@ -968,7 +1005,7 @@ function create_client({ target, session, base, trailing_slash }) {
 					(changed.url && previous.uses.url) ||
 					changed.params.some((param) => previous.uses.params.has(param)) ||
 					(changed.session && previous.uses.session) ||
-					Array.from(previous.uses.dependencies).some((dep) => invalidated.has(dep)) ||
+					Array.from(previous.uses.dependencies).some((dep) => invalidated.some((fn) => fn(dep))) ||
 					(stuff_changed && previous.uses.stuff);
 
 				if (changed_since_last_render) {
@@ -1309,9 +1346,12 @@ function create_client({ target, session, base, trailing_slash }) {
 		goto: (href, opts = {}) => goto(href, opts, []),
 
 		invalidate: (resource) => {
-			const { href } = new URL(resource, location.href);
-
-			invalidated.add(href);
+			if (typeof resource === 'function') {
+				invalidated.push(resource);
+			} else {
+				const { href } = new URL(resource, location.href);
+				invalidated.push((dep) => dep === href);
+			}
 
 			if (!invalidating) {
 				invalidating = Promise.resolve().then(async () => {

package/assets/components/error.svelte

@@ -1,5 +1,5 @@
 <script context="module">
-	/** @type {import('@sveltejs/kit').ErrorLoad} */
+	/** @type {import('@sveltejs/kit').Load} */
 	export function load({ error, status }) {
 		return {
 			props: { error, status }

package/assets/server/index.js

@@ -143,14 +143,28 @@ async function render_endpoint(event, mod) {
 	}
 
 	if (!handler) {
+		const allowed = [];
+
+		for (const method in ['get', 'post', 'put', 'patch']) {
+			if (mod[method]) allowed.push(method.toUpperCase());
+		}
+
+		if (mod.del) allowed.push('DELETE');
+		if (mod.get || mod.head) allowed.push('HEAD');
+
 		return event.request.headers.get('x-sveltekit-load')
 			? // TODO would be nice to avoid these requests altogether,
 			  // by noting whether or not page endpoints export `get`
 			  new Response(undefined, {
 					status: 204
 			  })
-			: new Response('Method not allowed', {
-					status: 405
+			: new Response(`${event.request.method} method not allowed`, {
+					status: 405,
+					headers: {
+						// https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/405
+						// "The server must generate an Allow header field in a 405 status code response"
+						allow: allowed.join(', ')
+					}
 			  });
 	}
 
@@ -639,7 +653,7 @@ function sha256(data) {
 	if (!key[0]) precompute();
 
 	const out = init.slice(0);
-	const array = encode(data);
+	const array = encode$1(data);
 
 	for (let i = 0; i < array.length; i += 16) {
 		const w = array.subarray(i, i + 16);
@@ -789,7 +803,7 @@ function reverse_endianness(bytes) {
 }
 
 /** @param {string} str */
-function encode(str) {
+function encode$1(str) {
 	const encoded = encoder.encode(str);
 	const length = encoded.length * 8;
 
@@ -1276,7 +1290,7 @@ async function render_response({
 	} else {
 		if (inlined_style) {
 			const attributes = [];
-			if (options.dev) attributes.push(' data-svelte');
+			if (options.dev) attributes.push(' data-sveltekit');
 			if (csp.style_needs_nonce) attributes.push(` nonce="${csp.nonce}"`);
 
 			csp.add_style(inlined_style);
@@ -1424,6 +1438,478 @@ function serialize_error(error) {
 	return serialized;
 }
 
+/*!
+ * cookie
+ * Copyright(c) 2012-2014 Roman Shtylman
+ * Copyright(c) 2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+/**
+ * Module exports.
+ * @public
+ */
+
+var parse_1 = parse$1;
+var serialize_1 = serialize;
+
+/**
+ * Module variables.
+ * @private
+ */
+
+var __toString = Object.prototype.toString;
+
+/**
+ * RegExp to match field-content in RFC 7230 sec 3.2
+ *
+ * field-content = field-vchar [ 1*( SP / HTAB ) field-vchar ]
+ * field-vchar   = VCHAR / obs-text
+ * obs-text      = %x80-FF
+ */
+
+var fieldContentRegExp = /^[\u0009\u0020-\u007e\u0080-\u00ff]+$/;
+
+/**
+ * Parse a cookie header.
+ *
+ * Parse the given cookie header string into an object
+ * The object has the various cookies as keys(names) => values
+ *
+ * @param {string} str
+ * @param {object} [options]
+ * @return {object}
+ * @public
+ */
+
+function parse$1(str, options) {
+  if (typeof str !== 'string') {
+    throw new TypeError('argument str must be a string');
+  }
+
+  var obj = {};
+  var opt = options || {};
+  var dec = opt.decode || decode;
+
+  var index = 0;
+  while (index < str.length) {
+    var eqIdx = str.indexOf('=', index);
+
+    // no more cookie pairs
+    if (eqIdx === -1) {
+      break
+    }
+
+    var endIdx = str.indexOf(';', index);
+
+    if (endIdx === -1) {
+      endIdx = str.length;
+    } else if (endIdx < eqIdx) {
+      // backtrack on prior semicolon
+      index = str.lastIndexOf(';', eqIdx - 1) + 1;
+      continue
+    }
+
+    var key = str.slice(index, eqIdx).trim();
+
+    // only assign once
+    if (undefined === obj[key]) {
+      var val = str.slice(eqIdx + 1, endIdx).trim();
+
+      // quoted values
+      if (val.charCodeAt(0) === 0x22) {
+        val = val.slice(1, -1);
+      }
+
+      obj[key] = tryDecode(val, dec);
+    }
+
+    index = endIdx + 1;
+  }
+
+  return obj;
+}
+
+/**
+ * Serialize data into a cookie header.
+ *
+ * Serialize the a name value pair into a cookie string suitable for
+ * http headers. An optional options object specified cookie parameters.
+ *
+ * serialize('foo', 'bar', { httpOnly: true })
+ *   => "foo=bar; httpOnly"
+ *
+ * @param {string} name
+ * @param {string} val
+ * @param {object} [options]
+ * @return {string}
+ * @public
+ */
+
+function serialize(name, val, options) {
+  var opt = options || {};
+  var enc = opt.encode || encode;
+
+  if (typeof enc !== 'function') {
+    throw new TypeError('option encode is invalid');
+  }
+
+  if (!fieldContentRegExp.test(name)) {
+    throw new TypeError('argument name is invalid');
+  }
+
+  var value = enc(val);
+
+  if (value && !fieldContentRegExp.test(value)) {
+    throw new TypeError('argument val is invalid');
+  }
+
+  var str = name + '=' + value;
+
+  if (null != opt.maxAge) {
+    var maxAge = opt.maxAge - 0;
+
+    if (isNaN(maxAge) || !isFinite(maxAge)) {
+      throw new TypeError('option maxAge is invalid')
+    }
+
+    str += '; Max-Age=' + Math.floor(maxAge);
+  }
+
+  if (opt.domain) {
+    if (!fieldContentRegExp.test(opt.domain)) {
+      throw new TypeError('option domain is invalid');
+    }
+
+    str += '; Domain=' + opt.domain;
+  }
+
+  if (opt.path) {
+    if (!fieldContentRegExp.test(opt.path)) {
+      throw new TypeError('option path is invalid');
+    }
+
+    str += '; Path=' + opt.path;
+  }
+
+  if (opt.expires) {
+    var expires = opt.expires;
+
+    if (!isDate(expires) || isNaN(expires.valueOf())) {
+      throw new TypeError('option expires is invalid');
+    }
+
+    str += '; Expires=' + expires.toUTCString();
+  }
+
+  if (opt.httpOnly) {
+    str += '; HttpOnly';
+  }
+
+  if (opt.secure) {
+    str += '; Secure';
+  }
+
+  if (opt.priority) {
+    var priority = typeof opt.priority === 'string'
+      ? opt.priority.toLowerCase()
+      : opt.priority;
+
+    switch (priority) {
+      case 'low':
+        str += '; Priority=Low';
+        break
+      case 'medium':
+        str += '; Priority=Medium';
+        break
+      case 'high':
+        str += '; Priority=High';
+        break
+      default:
+        throw new TypeError('option priority is invalid')
+    }
+  }
+
+  if (opt.sameSite) {
+    var sameSite = typeof opt.sameSite === 'string'
+      ? opt.sameSite.toLowerCase() : opt.sameSite;
+
+    switch (sameSite) {
+      case true:
+        str += '; SameSite=Strict';
+        break;
+      case 'lax':
+        str += '; SameSite=Lax';
+        break;
+      case 'strict':
+        str += '; SameSite=Strict';
+        break;
+      case 'none':
+        str += '; SameSite=None';
+        break;
+      default:
+        throw new TypeError('option sameSite is invalid');
+    }
+  }
+
+  return str;
+}
+
+/**
+ * URL-decode string value. Optimized to skip native call when no %.
+ *
+ * @param {string} str
+ * @returns {string}
+ */
+
+function decode (str) {
+  return str.indexOf('%') !== -1
+    ? decodeURIComponent(str)
+    : str
+}
+
+/**
+ * URL-encode value.
+ *
+ * @param {string} str
+ * @returns {string}
+ */
+
+function encode (val) {
+  return encodeURIComponent(val)
+}
+
+/**
+ * Determine if value is a Date.
+ *
+ * @param {*} val
+ * @private
+ */
+
+function isDate (val) {
+  return __toString.call(val) === '[object Date]' ||
+    val instanceof Date
+}
+
+/**
+ * Try decoding a string using a decoding function.
+ *
+ * @param {string} str
+ * @param {function} decode
+ * @private
+ */
+
+function tryDecode(str, decode) {
+  try {
+    return decode(str);
+  } catch (e) {
+    return str;
+  }
+}
+
+var setCookie = {exports: {}};
+
+var defaultParseOptions = {
+  decodeValues: true,
+  map: false,
+  silent: false,
+};
+
+function isNonEmptyString(str) {
+  return typeof str === "string" && !!str.trim();
+}
+
+function parseString(setCookieValue, options) {
+  var parts = setCookieValue.split(";").filter(isNonEmptyString);
+  var nameValue = parts.shift().split("=");
+  var name = nameValue.shift();
+  var value = nameValue.join("="); // everything after the first =, joined by a "=" if there was more than one part
+
+  options = options
+    ? Object.assign({}, defaultParseOptions, options)
+    : defaultParseOptions;
+
+  try {
+    value = options.decodeValues ? decodeURIComponent(value) : value; // decode cookie value
+  } catch (e) {
+    console.error(
+      "set-cookie-parser encountered an error while decoding a cookie with value '" +
+        value +
+        "'. Set options.decodeValues to false to disable this feature.",
+      e
+    );
+  }
+
+  var cookie = {
+    name: name, // grab everything before the first =
+    value: value,
+  };
+
+  parts.forEach(function (part) {
+    var sides = part.split("=");
+    var key = sides.shift().trimLeft().toLowerCase();
+    var value = sides.join("=");
+    if (key === "expires") {
+      cookie.expires = new Date(value);
+    } else if (key === "max-age") {
+      cookie.maxAge = parseInt(value, 10);
+    } else if (key === "secure") {
+      cookie.secure = true;
+    } else if (key === "httponly") {
+      cookie.httpOnly = true;
+    } else if (key === "samesite") {
+      cookie.sameSite = value;
+    } else {
+      cookie[key] = value;
+    }
+  });
+
+  return cookie;
+}
+
+function parse(input, options) {
+  options = options
+    ? Object.assign({}, defaultParseOptions, options)
+    : defaultParseOptions;
+
+  if (!input) {
+    if (!options.map) {
+      return [];
+    } else {
+      return {};
+    }
+  }
+
+  if (input.headers && input.headers["set-cookie"]) {
+    // fast-path for node.js (which automatically normalizes header names to lower-case
+    input = input.headers["set-cookie"];
+  } else if (input.headers) {
+    // slow-path for other environments - see #25
+    var sch =
+      input.headers[
+        Object.keys(input.headers).find(function (key) {
+          return key.toLowerCase() === "set-cookie";
+        })
+      ];
+    // warn if called on a request-like object with a cookie header rather than a set-cookie header - see #34, 36
+    if (!sch && input.headers.cookie && !options.silent) {
+      console.warn(
+        "Warning: set-cookie-parser appears to have been called on a request object. It is designed to parse Set-Cookie headers from responses, not Cookie headers from requests. Set the option {silent: true} to suppress this warning."
+      );
+    }
+    input = sch;
+  }
+  if (!Array.isArray(input)) {
+    input = [input];
+  }
+
+  options = options
+    ? Object.assign({}, defaultParseOptions, options)
+    : defaultParseOptions;
+
+  if (!options.map) {
+    return input.filter(isNonEmptyString).map(function (str) {
+      return parseString(str, options);
+    });
+  } else {
+    var cookies = {};
+    return input.filter(isNonEmptyString).reduce(function (cookies, str) {
+      var cookie = parseString(str, options);
+      cookies[cookie.name] = cookie;
+      return cookies;
+    }, cookies);
+  }
+}
+
+/*
+  Set-Cookie header field-values are sometimes comma joined in one string. This splits them without choking on commas
+  that are within a single set-cookie field-value, such as in the Expires portion.
+
+  This is uncommon, but explicitly allowed - see https://tools.ietf.org/html/rfc2616#section-4.2
+  Node.js does this for every header *except* set-cookie - see https://github.com/nodejs/node/blob/d5e363b77ebaf1caf67cd7528224b651c86815c1/lib/_http_incoming.js#L128
+  React Native's fetch does this for *every* header, including set-cookie.
+
+  Based on: https://github.com/google/j2objc/commit/16820fdbc8f76ca0c33472810ce0cb03d20efe25
+  Credits to: https://github.com/tomball for original and https://github.com/chrusart for JavaScript implementation
+*/
+function splitCookiesString(cookiesString) {
+  if (Array.isArray(cookiesString)) {
+    return cookiesString;
+  }
+  if (typeof cookiesString !== "string") {
+    return [];
+  }
+
+  var cookiesStrings = [];
+  var pos = 0;
+  var start;
+  var ch;
+  var lastComma;
+  var nextStart;
+  var cookiesSeparatorFound;
+
+  function skipWhitespace() {
+    while (pos < cookiesString.length && /\s/.test(cookiesString.charAt(pos))) {
+      pos += 1;
+    }
+    return pos < cookiesString.length;
+  }
+
+  function notSpecialChar() {
+    ch = cookiesString.charAt(pos);
+
+    return ch !== "=" && ch !== ";" && ch !== ",";
+  }
+
+  while (pos < cookiesString.length) {
+    start = pos;
+    cookiesSeparatorFound = false;
+
+    while (skipWhitespace()) {
+      ch = cookiesString.charAt(pos);
+      if (ch === ",") {
+        // ',' is a cookie separator if we have later first '=', not ';' or ','
+        lastComma = pos;
+        pos += 1;
+
+        skipWhitespace();
+        nextStart = pos;
+
+        while (pos < cookiesString.length && notSpecialChar()) {
+          pos += 1;
+        }
+
+        // currently special character
+        if (pos < cookiesString.length && cookiesString.charAt(pos) === "=") {
+          // we found cookies separator
+          cookiesSeparatorFound = true;
+          // pos is inside the next cookie, so back up and return it.
+          pos = nextStart;
+          cookiesStrings.push(cookiesString.substring(start, lastComma));
+          start = pos;
+        } else {
+          // in param ',' or param separator ';',
+          // we continue from that comma
+          pos = lastComma + 1;
+        }
+      } else {
+        pos += 1;
+      }
+    }
+
+    if (!cookiesSeparatorFound || pos >= cookiesString.length) {
+      cookiesStrings.push(cookiesString.substring(start, cookiesString.length));
+    }
+  }
+
+  return cookiesStrings;
+}
+
+setCookie.exports = parse;
+setCookie.exports.parse = parse;
+var parseString_1 = setCookie.exports.parseString = parseString;
+var splitCookiesString_1 = setCookie.exports.splitCookiesString = splitCookiesString;
+
 /**
  * @param {import('types').LoadOutput} loaded
  * @returns {import('types').NormalizedLoadOutput}
@@ -1435,10 +1921,7 @@ function normalize(loaded) {
 		const status = loaded.status;
 
 		if (!loaded.error && has_error_status) {
-			return {
-				status: status || 500,
-				error: new Error()
-			};
+			return { status: status || 500, error: new Error() };
 		}
 
 		const error = typeof loaded.error === 'string' ? new Error(loaded.error) : loaded.error;
@@ -1478,6 +1961,18 @@ function normalize(loaded) {
 		}
 	}
 
+	if (loaded.dependencies) {
+		if (
+			!Array.isArray(loaded.dependencies) ||
+			loaded.dependencies.some((dep) => typeof dep !== 'string')
+		) {
+			return {
+				status: 500,
+				error: new Error('"dependencies" property returned from load() must be of type string[]')
+			};
+		}
+	}
+
 	// TODO remove before 1.0
 	if (/** @type {any} */ (loaded).context) {
 		throw new Error(
@@ -1544,6 +2039,32 @@ function normalize_path(path, trailing_slash) {
 	return path;
 }
 
+/**
+ * @param {string} hostname
+ * @param {string} [constraint]
+ */
+function domain_matches(hostname, constraint) {
+	if (!constraint) return true;
+
+	const normalized = constraint[0] === '.' ? constraint.slice(1) : constraint;
+
+	if (hostname === normalized) return true;
+	return hostname.endsWith('.' + normalized);
+}
+
+/**
+ * @param {string} path
+ * @param {string} [constraint]
+ */
+function path_matches(path, constraint) {
+	if (!constraint) return true;
+
+	const normalized = constraint.endsWith('/') ? constraint.slice(0, -1) : constraint;
+
+	if (path === normalized) return true;
+	return path.startsWith(normalized + '/');
+}
+
 /**
  * @param {{
  *   event: import('types').RequestEvent;
@@ -1580,10 +2101,10 @@ async function load_node({
 	/** @type {Array<import('./types').Fetched>} */
 	const fetched = [];
 
-	/**
-	 * @type {string[]}
-	 */
-	let set_cookie_headers = [];
+	const cookies = parse_1(event.request.headers.get('cookie') || '');
+
+	/** @type {import('set-cookie-parser').Cookie[]} */
+	const new_cookies = [];
 
 	/** @type {import('types').LoadOutput} */
 	let loaded;
@@ -1599,7 +2120,9 @@ async function load_node({
 		: {};
 
 	if (shadow.cookies) {
-		set_cookie_headers.push(...shadow.cookies);
+		shadow.cookies.forEach((header) => {
+			new_cookies.push(parseString_1(header));
+		});
 	}
 
 	if (shadow.error) {
@@ -1613,7 +2136,7 @@ async function load_node({
 			redirect: shadow.redirect
 		};
 	} else if (module.load) {
-		/** @type {import('types').LoadInput | import('types').ErrorLoadInput} */
+		/** @type {import('types').LoadInput} */
 		const load_input = {
 			url: state.prerender ? create_prerendering_url_proxy(event.url) : event.url,
 			params: event.params,
@@ -1705,9 +2228,23 @@ async function load_node({
 					if (opts.credentials !== 'omit') {
 						uses_credentials = true;
 
-						const cookie = event.request.headers.get('cookie');
 						const authorization = event.request.headers.get('authorization');
 
+						// combine cookies from the initiating request with any that were
+						// added via set-cookie
+						const combined_cookies = { ...cookies };
+
+						for (const cookie of new_cookies) {
+							if (!domain_matches(event.url.hostname, cookie.domain)) continue;
+							if (!path_matches(resolved, cookie.path)) continue;
+
+							combined_cookies[cookie.name] = cookie.value;
+						}
+
+						const cookie = Object.entries(combined_cookies)
+							.map(([name, value]) => `${name}=${value}`)
+							.join('; ');
+
 						if (cookie) {
 							opts.headers.set('cookie', cookie);
 						}
@@ -1732,9 +2269,8 @@ async function load_node({
 						new Request(new URL(requested, event.url).href, { ...opts, credentials: undefined }),
 						options,
 						{
-							getClientAddress: state.getClientAddress,
-							initiator: route,
-							prerender: state.prerender
+							...state,
+							initiator: route
 						}
 					);
 
@@ -1771,6 +2307,14 @@ async function load_node({
 					response = await options.hooks.externalFetch.call(null, external_request);
 				}
 
+				const set_cookie = response.headers.get('set-cookie');
+				if (set_cookie) {
+					new_cookies.push(
+						...splitCookiesString_1(set_cookie)
+							.map((str) => parseString_1(str))
+					);
+				}
+
 				const proxy = new Proxy(response, {
 					get(response, key, _receiver) {
 						async function text() {
@@ -1779,9 +2323,8 @@ async function load_node({
 							/** @type {import('types').ResponseHeaders} */
 							const headers = {};
 							for (const [key, value] of response.headers) {
-								if (key === 'set-cookie') {
-									set_cookie_headers = set_cookie_headers.concat(value);
-								} else if (key !== 'etag') {
+								// TODO skip others besides set-cookie and etag?
+								if (key !== 'set-cookie' && key !== 'etag') {
 									headers[key] = value;
 								}
 							}
@@ -1848,7 +2391,9 @@ async function load_node({
 
 				return proxy;
 			},
-			stuff: { ...stuff }
+			stuff: { ...stuff },
+			status: is_error ? status ?? null : null,
+			error: is_error ? error ?? null : null
 		};
 
 		if (options.dev) {
@@ -1860,11 +2405,6 @@ async function load_node({
 			});
 		}
 
-		if (is_error) {
-			/** @type {import('types').ErrorLoadInput} */ (load_input).status = status;
-			/** @type {import('types').ErrorLoadInput} */ (load_input).error = error;
-		}
-
 		loaded = await module.load.call(null, load_input);
 
 		if (!loaded) {
@@ -1905,7 +2445,11 @@ async function load_node({
 		loaded: normalize(loaded),
 		stuff: loaded.stuff || stuff,
 		fetched,
-		set_cookie_headers,
+		set_cookie_headers: new_cookies.map((new_cookie) => {
+			const { name, value, ...options } = new_cookie;
+			// @ts-expect-error
+			return serialize_1(name, value, options);
+		}),
 		uses_credentials
 	};
 }

package/dist/chunks/index2.js

@@ -9,7 +9,7 @@ import { s } from './misc.js';
 import { d as deep_merge } from './object.js';
 import { n as normalize_path, r as resolve, i as is_root_relative } from './url.js';
 import { svelte } from '@sveltejs/vite-plugin-svelte';
-import { pathToFileURL, URL } from 'url';
+import { pathToFileURL, URL as URL$1 } from 'url';
 import { installFetch } from '../install-fetch.js';
 import 'sade';
 import 'child_process';
@@ -293,7 +293,6 @@ import root from '__GENERATED__/root.svelte';
 import { respond } from '${runtime}/server/index.js';
 import { set_paths, assets, base } from '${runtime}/paths.js';
 import { set_prerendering } from '${runtime}/env.js';
-import * as user_hooks from ${s(hooks)};
 
 const template = ({ head, body, assets, nonce }) => ${s(template)
 	.replace('%svelte.head%', '" + head + "')
@@ -463,6 +462,13 @@ async function build_server(
 	const default_config = {
 		build: {
 			target: 'es2020'
+		},
+		ssr: {
+			// when developing against the Kit src code, we want to ensure that
+			// our dependencies are bundled so that apps don't need to install
+			// them as peerDependencies
+			noExternal: []
+				
 		}
 	};
 
@@ -1096,7 +1102,7 @@ async function prerender({ config, entries, files, log }) {
 		for (const [dependency_path, result] of dependencies) {
 			// this seems circuitous, but using new URL allows us to not care
 			// whether dependency_path is encoded or not
-			const encoded_dependency_path = new URL(dependency_path, 'http://localhost').pathname;
+			const encoded_dependency_path = new URL$1(dependency_path, 'http://localhost').pathname;
 			const decoded_dependency_path = decodeURI(encoded_dependency_path);
 
 			const body = result.body ?? new Uint8Array(await result.response.arrayBuffer());
@@ -1118,7 +1124,7 @@ async function prerender({ config, entries, files, log }) {
 				const resolved = resolve(encoded, href);
 				if (!is_root_relative(resolved)) continue;
 
-				const parsed = new URL(resolved, 'http://localhost');
+				const parsed = new URL$1(resolved, 'http://localhost');
 
 				if (parsed.search) ;
 

package/dist/chunks/sync.js

@@ -789,32 +789,23 @@ function write_tsconfig(config) {
 		JSON.stringify(
 			{
 				compilerOptions: {
-					moduleResolution: 'node',
-					module: 'es2020',
-					lib: ['es2020', 'DOM'],
-					target: 'es2020',
-					// svelte-preprocess cannot figure out whether you have a value or a type, so tell TypeScript
-					// to enforce using \`import type\` instead of \`import\` for Types.
-					importsNotUsedAsValues: 'error',
-					// TypeScript doesn't know about import usages in the template because it only sees the
-					// script of a Svelte file. Therefore preserve all value imports. Requires TS 4.5 or higher.
-					preserveValueImports: true,
-					isolatedModules: true,
-					resolveJsonModule: true,
-					// To have warnings/errors of the Svelte compiler at the correct position,
-					// enable source maps by default.
-					sourceMap: true,
-					esModuleInterop: true,
-					skipLibCheck: true,
-					forceConsistentCasingInFileNames: true,
+					// generated options
 					baseUrl: config_relative('.'),
-					allowJs: true,
-					checkJs: true,
 					paths: {
 						$lib: [project_relative(config.kit.files.lib)],
 						'$lib/*': [project_relative(config.kit.files.lib + '/*')]
 					},
-					rootDirs: [config_relative('.'), './types']
+					rootDirs: [config_relative('.'), './types'],
+
+					// essential options
+					// svelte-preprocess cannot figure out whether you have a value or a type, so tell TypeScript
+					// to enforce using \`import type\` instead of \`import\` for Types.
+					importsNotUsedAsValues: 'error',
+					// Vite compiles modules one at a time
+					isolatedModules: true,
+					// TypeScript doesn't know about import usages in the template because it only sees the
+					// script of a Svelte file. Therefore preserve all value imports. Requires TS 4.5 or higher.
+					preserveValueImports: true
 				},
 				include,
 				exclude: [config_relative('node_modules/**'), './**']

package/dist/cli.js

@@ -870,7 +870,7 @@ async function launch(port, https, base) {
 	exec(`${cmd} ${https ? 'https' : 'http'}://localhost:${port}${base}`);
 }
 
-const prog = sade('svelte-kit').version('1.0.0-next.312');
+const prog = sade('svelte-kit').version('1.0.0-next.316');
 
 prog
 	.command('dev')
@@ -1049,7 +1049,7 @@ async function check_port(port) {
 function welcome({ port, host, https, open, base, loose, allow, cwd }) {
 	if (open) launch(port, https, base);
 
-	console.log($.bold().cyan(`\n  SvelteKit v${'1.0.0-next.312'}\n`));
+	console.log($.bold().cyan(`\n  SvelteKit v${'1.0.0-next.316'}\n`));
 
 	const protocol = https ? 'https:' : 'http:';
 	const exposed = typeof host !== 'undefined' && host !== 'localhost' && host !== '127.0.0.1';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sveltejs/kit",
-  "version": "1.0.0-next.312",
+  "version": "1.0.0-next.316",
   "repository": {
     "type": "git",
     "url": "https://github.com/sveltejs/kit",
@@ -23,6 +23,7 @@
     "@types/mime": "^2.0.3",
     "@types/node": "^16.11.11",
     "@types/sade": "^1.7.3",
+    "@types/set-cookie-parser": "^2.4.2",
     "amphtml-validator": "^1.0.35",
     "cookie": "^0.5.0",
     "cross-env": "^7.0.3",
@@ -36,6 +37,7 @@
     "port-authority": "^1.1.2",
     "rollup": "^2.60.2",
     "selfsigned": "^2.0.0",
+    "set-cookie-parser": "^2.4.8",
     "sirv": "^2.0.0",
     "svelte": "^3.44.2",
     "svelte-check": "^2.5.0",
@@ -83,8 +85,8 @@
     "check:all": "tsc && pnpm run -r check --filter ./",
     "format": "npm run check-format -- --write",
     "check-format": "prettier --check . --config ../../.prettierrc --ignore-path .gitignore",
-    "test": "npm run test:unit && npm run test:typings && npm run test:packaging",
-    "test:all": "pnpm run -r test --workspace-concurrency 1 --filter ./",
+    "test": "npm run test:unit && npm run test:typings && npm run test:packaging && npm run test:integration",
+    "test:integration": "pnpm run -r test --workspace-concurrency 1 --filter ./test",
     "test:unit": "uvu src \"(spec\\.js|test[\\\\/]index\\.js)\" -i packaging",
     "test:typings": "tsc --project test/typings",
     "test:packaging": "uvu src/packaging \"(spec\\.js|test[\\\\/]index\\.js)\"",

package/types/ambient.d.ts

@@ -103,9 +103,9 @@ declare module '$app/navigation' {
 	): Promise<void>;
 	/**
 	 * Causes any `load` functions belonging to the currently active page to re-run if they `fetch` the resource in question. Returns a `Promise` that resolves when the page is subsequently updated.
-	 * @param href The invalidated resource
+	 * @param dependency The invalidated resource
 	 */
-	export function invalidate(href: string): Promise<void>;
+	export function invalidate(dependency: string | ((href: string) => boolean)): Promise<void>;
 	/**
 	 * Programmatically prefetches the given page, which means
 	 *  1. ensuring that the code for the page is loaded, and

package/types/index.d.ts

@@ -7,10 +7,7 @@ import { CompileOptions } from 'svelte/types/compiler/interfaces';
 import {
 	AdapterEntry,
 	CspDirectives,
-	ErrorLoadInput,
 	JSONValue,
-	LoadInput,
-	LoadOutput,
 	Logger,
 	MaybePromise,
 	Prerendered,
@@ -157,13 +154,6 @@ export interface Config {
 	preprocess?: any;
 }
 
-export interface ErrorLoad<
-	Params extends Record<string, string> = Record<string, string>,
-	Props extends Record<string, any> = Record<string, any>
-> {
-	(input: ErrorLoadInput<Params>): MaybePromise<LoadOutput<Props>>;
-}
-
 export interface ExternalFetch {
 	(req: Request): Promise<Response>;
 }
@@ -196,6 +186,31 @@ export interface Load<
 	(input: LoadInput<Params, InputProps>): MaybePromise<LoadOutput<OutputProps>>;
 }
 
+export interface LoadInput<
+	Params extends Record<string, string> = Record<string, string>,
+	Props extends Record<string, any> = Record<string, any>
+> {
+	fetch(info: RequestInfo, init?: RequestInit): Promise<Response>;
+	params: Params;
+	props: Props;
+	routeId: string | null;
+	session: App.Session;
+	stuff: Partial<App.Stuff>;
+	url: URL;
+	status: number | null;
+	error: Error | null;
+}
+
+export interface LoadOutput<Props extends Record<string, any> = Record<string, any>> {
+	status?: number;
+	error?: string | Error;
+	redirect?: string;
+	props?: Props;
+	stuff?: Partial<App.Stuff>;
+	maxage?: number;
+	dependencies?: string[];
+}
+
 export interface Navigation {
 	from: URL;
 	to: URL;

package/types/internal.d.ts

@@ -118,6 +118,7 @@ export type NormalizedLoadOutput = {
 	props?: Record<string, any> | Promise<Record<string, any>>;
 	stuff?: Record<string, any>;
 	maxage?: number;
+	dependencies?: string[];
 };
 
 export interface PageData {

package/types/private.d.ts

@@ -134,12 +134,6 @@ export interface CspDirectives {
 	>;
 }
 
-export interface ErrorLoadInput<Params extends Record<string, string> = Record<string, string>>
-	extends LoadInput<Params> {
-	status?: number;
-	error?: Error;
-}
-
 export type HttpMethod = 'get' | 'head' | 'post' | 'put' | 'delete' | 'patch';
 
 export interface JSONObject {
@@ -156,28 +150,6 @@ export type JSONValue =
 	| JSONValue[]
 	| JSONObject;
 
-export interface LoadInput<
-	Params extends Record<string, string> = Record<string, string>,
-	Props extends Record<string, any> = Record<string, any>
-> {
-	fetch(info: RequestInfo, init?: RequestInit): Promise<Response>;
-	params: Params;
-	props: Props;
-	routeId: string | null;
-	session: App.Session;
-	stuff: Partial<App.Stuff>;
-	url: URL;
-}
-
-export interface LoadOutput<Props extends Record<string, any> = Record<string, any>> {
-	status?: number;
-	error?: string | Error;
-	redirect?: string;
-	props?: Props;
-	stuff?: Partial<App.Stuff>;
-	maxage?: number;
-}
-
 export interface Logger {
 	(msg: string): void;
 	success(msg: string): void;