@sveltejs/kit 1.0.0-next.314 → 1.0.0-next.317

package/assets/client/start.js

@@ -398,6 +398,8 @@ const routes = parse(components, dictionary, matchers);
 const default_layout = components[0]();
 const default_error = components[1]();
 
+const root_stuff = {};
+
 // We track the scroll position associated with each history entry in sessionStorage,
 // rather than on history.state itself, because when navigation is driven by
 // popstate it's too late to update the scroll position associated with the
@@ -430,8 +432,8 @@ function create_client({ target, session, base, trailing_slash }) {
 	/** @type {Map<string, import('./types').NavigationResult>} */
 	const cache = new Map();
 
-	/** @type {Set<string>} */
-	const invalidated = new Set();
+	/** @type {Array<((href: string) => boolean)>} */
+	const invalidated = [];
 
 	const stores = {
 		url: notifiable_store({}),
@@ -457,10 +459,12 @@ function create_client({ target, session, base, trailing_slash }) {
 
 	/** @type {import('./types').NavigationState} */
 	let current = {
-		// @ts-ignore - we need the initial value to be null
-		url: null,
+		branch: [],
+		error: null,
 		session_id: 0,
-		branch: []
+		stuff: root_stuff,
+		// @ts-ignore - we need the initial value to be null
+		url: null
 	};
 
 	let started = false;
@@ -488,23 +492,31 @@ function create_client({ target, session, base, trailing_slash }) {
 	});
 	ready = true;
 
-	/** Keeps tracks of multiple navigations caused by redirects during rendering */
-	let navigating = 0;
-
 	let router_enabled = true;
 
 	// keeping track of the history index in order to prevent popstate navigation events if needed
-	let current_history_index = history.state?.[INDEX_KEY] ?? 0;
+	let current_history_index = history.state?.[INDEX_KEY];
+
+	if (!current_history_index) {
+		// we use Date.now() as an offset so that cross-document navigations
+		// within the app don't result in data loss
+		current_history_index = Date.now();
 
-	if (current_history_index === 0) {
 		// create initial history entry, so we can return here
-		history.replaceState({ ...history.state, [INDEX_KEY]: 0 }, '', location.href);
+		history.replaceState(
+			{ ...history.state, [INDEX_KEY]: current_history_index },
+			'',
+			location.href
+		);
 	}
 
 	// if we reload the page, or Cmd-Shift-T back to it,
 	// recover scroll position
 	const scroll = scroll_positions[current_history_index];
-	if (scroll) scrollTo(scroll.x, scroll.y);
+	if (scroll) {
+		history.scrollRestoration = 'manual';
+		scrollTo(scroll.x, scroll.y);
+	}
 
 	let hash_navigating = false;
 
@@ -514,9 +526,6 @@ function create_client({ target, session, base, trailing_slash }) {
 	/** @type {{}} */
 	let token;
 
-	/** @type {{}} */
-	let navigating_token;
-
 	/**
 	 * @param {string} href
 	 * @param {{ noscroll?: boolean; replaceState?: boolean; keepfocus?: boolean; state?: any }} opts
@@ -562,6 +571,7 @@ function create_client({ target, session, base, trailing_slash }) {
 	}
 
 	/**
+	 * Returns `true` if update completes, `false` if it is aborted
 	 * @param {URL} url
 	 * @param {string[]} redirect_chain
 	 * @param {boolean} no_cache
@@ -593,13 +603,13 @@ function create_client({ target, session, base, trailing_slash }) {
 
 		if (!navigation_result) {
 			await native_navigation(url);
-			return; // unnecessary, but TypeScript prefers it this way
+			return false; // unnecessary, but TypeScript prefers it this way
 		}
 
 		// abort if user navigated during update
-		if (token !== current_token) return;
+		if (token !== current_token) return false;
 
-		invalidated.clear();
+		invalidated.length = 0;
 
 		if (navigation_result.redirect) {
 			if (redirect_chain.length > 10 || redirect_chain.includes(url.pathname)) {
@@ -619,7 +629,7 @@ function create_client({ target, session, base, trailing_slash }) {
 					await native_navigation(new URL(navigation_result.redirect, location.href));
 				}
 
-				return;
+				return false;
 			}
 		} else if (navigation_result.props?.page?.status >= 400) {
 			const updated = await stores.updated.check();
@@ -702,13 +712,15 @@ function create_client({ target, session, base, trailing_slash }) {
 
 		const leaf_node = navigation_result.state.branch[navigation_result.state.branch.length - 1];
 		router_enabled = leaf_node?.module.router !== false;
+
+		return true;
 	}
 
 	/** @param {import('./types').NavigationResult} result */
 	function initialize(result) {
 		current = result.state;
 
-		const style = document.querySelector('style[data-svelte]');
+		const style = document.querySelector('style[data-sveltekit]');
 		if (style) style.remove();
 
 		page = result.props.page;
@@ -735,7 +747,7 @@ function create_client({ target, session, base, trailing_slash }) {
 	 *   stuff: Record<string, any>;
 	 *   branch: Array<import('./types').BranchNode | undefined>;
 	 *   status: number;
-	 *   error?: Error;
+	 *   error: Error | null;
 	 *   routeId: string | null;
 	 * }} opts
 	 */
@@ -758,6 +770,8 @@ function create_client({ target, session, base, trailing_slash }) {
 				url,
 				params,
 				branch,
+				error,
+				stuff,
 				session_id
 			},
 			props: {
@@ -770,7 +784,13 @@ function create_client({ target, session, base, trailing_slash }) {
 			result.props[`props_${i}`] = loaded ? await loaded.props : null;
 		}
 
-		if (!current.url || url.href !== current.url.href) {
+		const page_changed =
+			!current.url ||
+			url.href !== current.url.href ||
+			current.error !== error ||
+			current.stuff !== stuff;
+
+		if (page_changed) {
 			result.props.page = { error, params, routeId, status, stuff, url };
 
 			// TODO remove this for 1.0
@@ -954,14 +974,14 @@ function create_client({ target, session, base, trailing_slash }) {
 		let branch = [];
 
 		/** @type {Record<string, any>} */
-		let stuff = {};
+		let stuff = root_stuff;
 		let stuff_changed = false;
 
 		/** @type {number | undefined} */
 		let status = 200;
 
-		/** @type {Error | undefined} */
-		let error;
+		/** @type {Error | null} */
+		let error = null;
 
 		// preload modules
 		a.forEach((loader) => loader());
@@ -982,7 +1002,7 @@ function create_client({ target, session, base, trailing_slash }) {
 					(changed.url && previous.uses.url) ||
 					changed.params.some((param) => previous.uses.params.has(param)) ||
 					(changed.session && previous.uses.session) ||
-					Array.from(previous.uses.dependencies).some((dep) => invalidated.has(dep)) ||
+					Array.from(previous.uses.dependencies).some((dep) => invalidated.some((fn) => fn(dep))) ||
 					(stuff_changed && previous.uses.stuff);
 
 				if (changed_since_last_render) {
@@ -1246,10 +1266,6 @@ function create_client({ target, session, base, trailing_slash }) {
 
 		accepted();
 
-		navigating++;
-
-		const current_navigating_token = (navigating_token = {});
-
 		if (started) {
 			stores.navigating.set({
 				from: current.url,
@@ -1257,18 +1273,13 @@ function create_client({ target, session, base, trailing_slash }) {
 			});
 		}
 
-		await update(normalized, redirect_chain, false, {
+		const completed = await update(normalized, redirect_chain, false, {
 			scroll,
 			keepfocus,
 			details
 		});
 
-		navigating--;
-
-		// navigation was aborted
-		if (navigating_token !== current_navigating_token) return;
-
-		if (!navigating) {
+		if (completed) {
 			const navigation = { from, to: normalized };
 			callbacks.after_navigate.forEach((fn) => fn(navigation));
 
@@ -1323,9 +1334,12 @@ function create_client({ target, session, base, trailing_slash }) {
 		goto: (href, opts = {}) => goto(href, opts, []),
 
 		invalidate: (resource) => {
-			const { href } = new URL(resource, location.href);
-
-			invalidated.add(href);
+			if (typeof resource === 'function') {
+				invalidated.push(resource);
+			} else {
+				const { href } = new URL(resource, location.href);
+				invalidated.push((dep) => dep === href);
+			}
 
 			if (!invalidating) {
 				invalidating = Promise.resolve().then(async () => {
@@ -1458,11 +1472,6 @@ function create_client({ target, session, base, trailing_slash }) {
 				// Ignore if <a> has a target
 				if (is_svg_a_element ? a.target.baseVal : a.target) return;
 
-				if (url.href === location.href) {
-					if (!location.hash) event.preventDefault();
-					return;
-				}
-
 				// Check if new url only differs by hash and use the browser default behavior in that case
 				// This will ensure the `hashchange` event is fired
 				// Removing the hash does a full page navigation in the browser, so make sure a hash is present
@@ -1487,7 +1496,7 @@ function create_client({ target, session, base, trailing_slash }) {
 					redirect_chain: [],
 					details: {
 						state: {},
-						replaceState: false
+						replaceState: url.href === location.href
 					},
 					accepted: () => event.preventDefault(),
 					blocked: () => event.preventDefault()

package/assets/components/error.svelte

@@ -1,5 +1,5 @@
 <script context="module">
-	/** @type {import('@sveltejs/kit').ErrorLoad} */
+	/** @type {import('@sveltejs/kit').Load} */
 	export function load({ error, status }) {
 		return {
 			props: { error, status }

package/assets/server/index.js

@@ -143,14 +143,28 @@ async function render_endpoint(event, mod) {
 	}
 
 	if (!handler) {
+		const allowed = [];
+
+		for (const method in ['get', 'post', 'put', 'patch']) {
+			if (mod[method]) allowed.push(method.toUpperCase());
+		}
+
+		if (mod.del) allowed.push('DELETE');
+		if (mod.get || mod.head) allowed.push('HEAD');
+
 		return event.request.headers.get('x-sveltekit-load')
 			? // TODO would be nice to avoid these requests altogether,
 			  // by noting whether or not page endpoints export `get`
 			  new Response(undefined, {
 					status: 204
 			  })
-			: new Response('Method not allowed', {
-					status: 405
+			: new Response(`${event.request.method} method not allowed`, {
+					status: 405,
+					headers: {
+						// https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/405
+						// "The server must generate an Allow header field in a 405 status code response"
+						allow: allowed.join(', ')
+					}
 			  });
 	}
 
@@ -639,7 +653,7 @@ function sha256(data) {
 	if (!key[0]) precompute();
 
 	const out = init.slice(0);
-	const array = encode(data);
+	const array = encode$1(data);
 
 	for (let i = 0; i < array.length; i += 16) {
 		const w = array.subarray(i, i + 16);
@@ -789,7 +803,7 @@ function reverse_endianness(bytes) {
 }
 
 /** @param {string} str */
-function encode(str) {
+function encode$1(str) {
 	const encoded = encoder.encode(str);
 	const length = encoded.length * 8;
 
@@ -1276,7 +1290,7 @@ async function render_response({
 	} else {
 		if (inlined_style) {
 			const attributes = [];
-			if (options.dev) attributes.push(' data-svelte');
+			if (options.dev) attributes.push(' data-sveltekit');
 			if (csp.style_needs_nonce) attributes.push(` nonce="${csp.nonce}"`);
 
 			csp.add_style(inlined_style);
@@ -1424,6 +1438,478 @@ function serialize_error(error) {
 	return serialized;
 }
 
+/*!
+ * cookie
+ * Copyright(c) 2012-2014 Roman Shtylman
+ * Copyright(c) 2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+/**
+ * Module exports.
+ * @public
+ */
+
+var parse_1 = parse$1;
+var serialize_1 = serialize;
+
+/**
+ * Module variables.
+ * @private
+ */
+
+var __toString = Object.prototype.toString;
+
+/**
+ * RegExp to match field-content in RFC 7230 sec 3.2
+ *
+ * field-content = field-vchar [ 1*( SP / HTAB ) field-vchar ]
+ * field-vchar   = VCHAR / obs-text
+ * obs-text      = %x80-FF
+ */
+
+var fieldContentRegExp = /^[\u0009\u0020-\u007e\u0080-\u00ff]+$/;
+
+/**
+ * Parse a cookie header.
+ *
+ * Parse the given cookie header string into an object
+ * The object has the various cookies as keys(names) => values
+ *
+ * @param {string} str
+ * @param {object} [options]
+ * @return {object}
+ * @public
+ */
+
+function parse$1(str, options) {
+  if (typeof str !== 'string') {
+    throw new TypeError('argument str must be a string');
+  }
+
+  var obj = {};
+  var opt = options || {};
+  var dec = opt.decode || decode;
+
+  var index = 0;
+  while (index < str.length) {
+    var eqIdx = str.indexOf('=', index);
+
+    // no more cookie pairs
+    if (eqIdx === -1) {
+      break
+    }
+
+    var endIdx = str.indexOf(';', index);
+
+    if (endIdx === -1) {
+      endIdx = str.length;
+    } else if (endIdx < eqIdx) {
+      // backtrack on prior semicolon
+      index = str.lastIndexOf(';', eqIdx - 1) + 1;
+      continue
+    }
+
+    var key = str.slice(index, eqIdx).trim();
+
+    // only assign once
+    if (undefined === obj[key]) {
+      var val = str.slice(eqIdx + 1, endIdx).trim();
+
+      // quoted values
+      if (val.charCodeAt(0) === 0x22) {
+        val = val.slice(1, -1);
+      }
+
+      obj[key] = tryDecode(val, dec);
+    }
+
+    index = endIdx + 1;
+  }
+
+  return obj;
+}
+
+/**
+ * Serialize data into a cookie header.
+ *
+ * Serialize the a name value pair into a cookie string suitable for
+ * http headers. An optional options object specified cookie parameters.
+ *
+ * serialize('foo', 'bar', { httpOnly: true })
+ *   => "foo=bar; httpOnly"
+ *
+ * @param {string} name
+ * @param {string} val
+ * @param {object} [options]
+ * @return {string}
+ * @public
+ */
+
+function serialize(name, val, options) {
+  var opt = options || {};
+  var enc = opt.encode || encode;
+
+  if (typeof enc !== 'function') {
+    throw new TypeError('option encode is invalid');
+  }
+
+  if (!fieldContentRegExp.test(name)) {
+    throw new TypeError('argument name is invalid');
+  }
+
+  var value = enc(val);
+
+  if (value && !fieldContentRegExp.test(value)) {
+    throw new TypeError('argument val is invalid');
+  }
+
+  var str = name + '=' + value;
+
+  if (null != opt.maxAge) {
+    var maxAge = opt.maxAge - 0;
+
+    if (isNaN(maxAge) || !isFinite(maxAge)) {
+      throw new TypeError('option maxAge is invalid')
+    }
+
+    str += '; Max-Age=' + Math.floor(maxAge);
+  }
+
+  if (opt.domain) {
+    if (!fieldContentRegExp.test(opt.domain)) {
+      throw new TypeError('option domain is invalid');
+    }
+
+    str += '; Domain=' + opt.domain;
+  }
+
+  if (opt.path) {
+    if (!fieldContentRegExp.test(opt.path)) {
+      throw new TypeError('option path is invalid');
+    }
+
+    str += '; Path=' + opt.path;
+  }
+
+  if (opt.expires) {
+    var expires = opt.expires;
+
+    if (!isDate(expires) || isNaN(expires.valueOf())) {
+      throw new TypeError('option expires is invalid');
+    }
+
+    str += '; Expires=' + expires.toUTCString();
+  }
+
+  if (opt.httpOnly) {
+    str += '; HttpOnly';
+  }
+
+  if (opt.secure) {
+    str += '; Secure';
+  }
+
+  if (opt.priority) {
+    var priority = typeof opt.priority === 'string'
+      ? opt.priority.toLowerCase()
+      : opt.priority;
+
+    switch (priority) {
+      case 'low':
+        str += '; Priority=Low';
+        break
+      case 'medium':
+        str += '; Priority=Medium';
+        break
+      case 'high':
+        str += '; Priority=High';
+        break
+      default:
+        throw new TypeError('option priority is invalid')
+    }
+  }
+
+  if (opt.sameSite) {
+    var sameSite = typeof opt.sameSite === 'string'
+      ? opt.sameSite.toLowerCase() : opt.sameSite;
+
+    switch (sameSite) {
+      case true:
+        str += '; SameSite=Strict';
+        break;
+      case 'lax':
+        str += '; SameSite=Lax';
+        break;
+      case 'strict':
+        str += '; SameSite=Strict';
+        break;
+      case 'none':
+        str += '; SameSite=None';
+        break;
+      default:
+        throw new TypeError('option sameSite is invalid');
+    }
+  }
+
+  return str;
+}
+
+/**
+ * URL-decode string value. Optimized to skip native call when no %.
+ *
+ * @param {string} str
+ * @returns {string}
+ */
+
+function decode (str) {
+  return str.indexOf('%') !== -1
+    ? decodeURIComponent(str)
+    : str
+}
+
+/**
+ * URL-encode value.
+ *
+ * @param {string} str
+ * @returns {string}
+ */
+
+function encode (val) {
+  return encodeURIComponent(val)
+}
+
+/**
+ * Determine if value is a Date.
+ *
+ * @param {*} val
+ * @private
+ */
+
+function isDate (val) {
+  return __toString.call(val) === '[object Date]' ||
+    val instanceof Date
+}
+
+/**
+ * Try decoding a string using a decoding function.
+ *
+ * @param {string} str
+ * @param {function} decode
+ * @private
+ */
+
+function tryDecode(str, decode) {
+  try {
+    return decode(str);
+  } catch (e) {
+    return str;
+  }
+}
+
+var setCookie = {exports: {}};
+
+var defaultParseOptions = {
+  decodeValues: true,
+  map: false,
+  silent: false,
+};
+
+function isNonEmptyString(str) {
+  return typeof str === "string" && !!str.trim();
+}
+
+function parseString(setCookieValue, options) {
+  var parts = setCookieValue.split(";").filter(isNonEmptyString);
+  var nameValue = parts.shift().split("=");
+  var name = nameValue.shift();
+  var value = nameValue.join("="); // everything after the first =, joined by a "=" if there was more than one part
+
+  options = options
+    ? Object.assign({}, defaultParseOptions, options)
+    : defaultParseOptions;
+
+  try {
+    value = options.decodeValues ? decodeURIComponent(value) : value; // decode cookie value
+  } catch (e) {
+    console.error(
+      "set-cookie-parser encountered an error while decoding a cookie with value '" +
+        value +
+        "'. Set options.decodeValues to false to disable this feature.",
+      e
+    );
+  }
+
+  var cookie = {
+    name: name, // grab everything before the first =
+    value: value,
+  };
+
+  parts.forEach(function (part) {
+    var sides = part.split("=");
+    var key = sides.shift().trimLeft().toLowerCase();
+    var value = sides.join("=");
+    if (key === "expires") {
+      cookie.expires = new Date(value);
+    } else if (key === "max-age") {
+      cookie.maxAge = parseInt(value, 10);
+    } else if (key === "secure") {
+      cookie.secure = true;
+    } else if (key === "httponly") {
+      cookie.httpOnly = true;
+    } else if (key === "samesite") {
+      cookie.sameSite = value;
+    } else {
+      cookie[key] = value;
+    }
+  });
+
+  return cookie;
+}
+
+function parse(input, options) {
+  options = options
+    ? Object.assign({}, defaultParseOptions, options)
+    : defaultParseOptions;
+
+  if (!input) {
+    if (!options.map) {
+      return [];
+    } else {
+      return {};
+    }
+  }
+
+  if (input.headers && input.headers["set-cookie"]) {
+    // fast-path for node.js (which automatically normalizes header names to lower-case
+    input = input.headers["set-cookie"];
+  } else if (input.headers) {
+    // slow-path for other environments - see #25
+    var sch =
+      input.headers[
+        Object.keys(input.headers).find(function (key) {
+          return key.toLowerCase() === "set-cookie";
+        })
+      ];
+    // warn if called on a request-like object with a cookie header rather than a set-cookie header - see #34, 36
+    if (!sch && input.headers.cookie && !options.silent) {
+      console.warn(
+        "Warning: set-cookie-parser appears to have been called on a request object. It is designed to parse Set-Cookie headers from responses, not Cookie headers from requests. Set the option {silent: true} to suppress this warning."
+      );
+    }
+    input = sch;
+  }
+  if (!Array.isArray(input)) {
+    input = [input];
+  }
+
+  options = options
+    ? Object.assign({}, defaultParseOptions, options)
+    : defaultParseOptions;
+
+  if (!options.map) {
+    return input.filter(isNonEmptyString).map(function (str) {
+      return parseString(str, options);
+    });
+  } else {
+    var cookies = {};
+    return input.filter(isNonEmptyString).reduce(function (cookies, str) {
+      var cookie = parseString(str, options);
+      cookies[cookie.name] = cookie;
+      return cookies;
+    }, cookies);
+  }
+}
+
+/*
+  Set-Cookie header field-values are sometimes comma joined in one string. This splits them without choking on commas
+  that are within a single set-cookie field-value, such as in the Expires portion.
+
+  This is uncommon, but explicitly allowed - see https://tools.ietf.org/html/rfc2616#section-4.2
+  Node.js does this for every header *except* set-cookie - see https://github.com/nodejs/node/blob/d5e363b77ebaf1caf67cd7528224b651c86815c1/lib/_http_incoming.js#L128
+  React Native's fetch does this for *every* header, including set-cookie.
+
+  Based on: https://github.com/google/j2objc/commit/16820fdbc8f76ca0c33472810ce0cb03d20efe25
+  Credits to: https://github.com/tomball for original and https://github.com/chrusart for JavaScript implementation
+*/
+function splitCookiesString(cookiesString) {
+  if (Array.isArray(cookiesString)) {
+    return cookiesString;
+  }
+  if (typeof cookiesString !== "string") {
+    return [];
+  }
+
+  var cookiesStrings = [];
+  var pos = 0;
+  var start;
+  var ch;
+  var lastComma;
+  var nextStart;
+  var cookiesSeparatorFound;
+
+  function skipWhitespace() {
+    while (pos < cookiesString.length && /\s/.test(cookiesString.charAt(pos))) {
+      pos += 1;
+    }
+    return pos < cookiesString.length;
+  }
+
+  function notSpecialChar() {
+    ch = cookiesString.charAt(pos);
+
+    return ch !== "=" && ch !== ";" && ch !== ",";
+  }
+
+  while (pos < cookiesString.length) {
+    start = pos;
+    cookiesSeparatorFound = false;
+
+    while (skipWhitespace()) {
+      ch = cookiesString.charAt(pos);
+      if (ch === ",") {
+        // ',' is a cookie separator if we have later first '=', not ';' or ','
+        lastComma = pos;
+        pos += 1;
+
+        skipWhitespace();
+        nextStart = pos;
+
+        while (pos < cookiesString.length && notSpecialChar()) {
+          pos += 1;
+        }
+
+        // currently special character
+        if (pos < cookiesString.length && cookiesString.charAt(pos) === "=") {
+          // we found cookies separator
+          cookiesSeparatorFound = true;
+          // pos is inside the next cookie, so back up and return it.
+          pos = nextStart;
+          cookiesStrings.push(cookiesString.substring(start, lastComma));
+          start = pos;
+        } else {
+          // in param ',' or param separator ';',
+          // we continue from that comma
+          pos = lastComma + 1;
+        }
+      } else {
+        pos += 1;
+      }
+    }
+
+    if (!cookiesSeparatorFound || pos >= cookiesString.length) {
+      cookiesStrings.push(cookiesString.substring(start, cookiesString.length));
+    }
+  }
+
+  return cookiesStrings;
+}
+
+setCookie.exports = parse;
+setCookie.exports.parse = parse;
+var parseString_1 = setCookie.exports.parseString = parseString;
+var splitCookiesString_1 = setCookie.exports.splitCookiesString = splitCookiesString;
+
 /**
  * @param {import('types').LoadOutput} loaded
  * @returns {import('types').NormalizedLoadOutput}
@@ -1553,6 +2039,32 @@ function normalize_path(path, trailing_slash) {
 	return path;
 }
 
+/**
+ * @param {string} hostname
+ * @param {string} [constraint]
+ */
+function domain_matches(hostname, constraint) {
+	if (!constraint) return true;
+
+	const normalized = constraint[0] === '.' ? constraint.slice(1) : constraint;
+
+	if (hostname === normalized) return true;
+	return hostname.endsWith('.' + normalized);
+}
+
+/**
+ * @param {string} path
+ * @param {string} [constraint]
+ */
+function path_matches(path, constraint) {
+	if (!constraint) return true;
+
+	const normalized = constraint.endsWith('/') ? constraint.slice(0, -1) : constraint;
+
+	if (path === normalized) return true;
+	return path.startsWith(normalized + '/');
+}
+
 /**
  * @param {{
  *   event: import('types').RequestEvent;
@@ -1589,10 +2101,10 @@ async function load_node({
 	/** @type {Array<import('./types').Fetched>} */
 	const fetched = [];
 
-	/**
-	 * @type {string[]}
-	 */
-	let set_cookie_headers = [];
+	const cookies = parse_1(event.request.headers.get('cookie') || '');
+
+	/** @type {import('set-cookie-parser').Cookie[]} */
+	const new_cookies = [];
 
 	/** @type {import('types').LoadOutput} */
 	let loaded;
@@ -1608,7 +2120,9 @@ async function load_node({
 		: {};
 
 	if (shadow.cookies) {
-		set_cookie_headers.push(...shadow.cookies);
+		shadow.cookies.forEach((header) => {
+			new_cookies.push(parseString_1(header));
+		});
 	}
 
 	if (shadow.error) {
@@ -1714,9 +2228,23 @@ async function load_node({
 					if (opts.credentials !== 'omit') {
 						uses_credentials = true;
 
-						const cookie = event.request.headers.get('cookie');
 						const authorization = event.request.headers.get('authorization');
 
+						// combine cookies from the initiating request with any that were
+						// added via set-cookie
+						const combined_cookies = { ...cookies };
+
+						for (const cookie of new_cookies) {
+							if (!domain_matches(event.url.hostname, cookie.domain)) continue;
+							if (!path_matches(resolved, cookie.path)) continue;
+
+							combined_cookies[cookie.name] = cookie.value;
+						}
+
+						const cookie = Object.entries(combined_cookies)
+							.map(([name, value]) => `${name}=${value}`)
+							.join('; ');
+
 						if (cookie) {
 							opts.headers.set('cookie', cookie);
 						}
@@ -1779,6 +2307,14 @@ async function load_node({
 					response = await options.hooks.externalFetch.call(null, external_request);
 				}
 
+				const set_cookie = response.headers.get('set-cookie');
+				if (set_cookie) {
+					new_cookies.push(
+						...splitCookiesString_1(set_cookie)
+							.map((str) => parseString_1(str))
+					);
+				}
+
 				const proxy = new Proxy(response, {
 					get(response, key, _receiver) {
 						async function text() {
@@ -1787,9 +2323,8 @@ async function load_node({
 							/** @type {import('types').ResponseHeaders} */
 							const headers = {};
 							for (const [key, value] of response.headers) {
-								if (key === 'set-cookie') {
-									set_cookie_headers = set_cookie_headers.concat(value);
-								} else if (key !== 'etag') {
+								// TODO skip others besides set-cookie and etag?
+								if (key !== 'set-cookie' && key !== 'etag') {
 									headers[key] = value;
 								}
 							}
@@ -1910,7 +2445,11 @@ async function load_node({
 		loaded: normalize(loaded),
 		stuff: loaded.stuff || stuff,
 		fetched,
-		set_cookie_headers,
+		set_cookie_headers: new_cookies.map((new_cookie) => {
+			const { name, value, ...options } = new_cookie;
+			// @ts-expect-error
+			return serialize_1(name, value, options);
+		}),
 		uses_credentials
 	};
 }

package/dist/chunks/index2.js

@@ -9,7 +9,7 @@ import { s } from './misc.js';
 import { d as deep_merge } from './object.js';
 import { n as normalize_path, r as resolve, i as is_root_relative } from './url.js';
 import { svelte } from '@sveltejs/vite-plugin-svelte';
-import { pathToFileURL, URL } from 'url';
+import { pathToFileURL, URL as URL$1 } from 'url';
 import { installFetch } from '../install-fetch.js';
 import 'sade';
 import 'child_process';
@@ -293,7 +293,6 @@ import root from '__GENERATED__/root.svelte';
 import { respond } from '${runtime}/server/index.js';
 import { set_paths, assets, base } from '${runtime}/paths.js';
 import { set_prerendering } from '${runtime}/env.js';
-import * as user_hooks from ${s(hooks)};
 
 const template = ({ head, body, assets, nonce }) => ${s(template)
 	.replace('%svelte.head%', '" + head + "')
@@ -463,6 +462,13 @@ async function build_server(
 	const default_config = {
 		build: {
 			target: 'es2020'
+		},
+		ssr: {
+			// when developing against the Kit src code, we want to ensure that
+			// our dependencies are bundled so that apps don't need to install
+			// them as peerDependencies
+			noExternal: []
+				
 		}
 	};
 
@@ -1096,7 +1102,7 @@ async function prerender({ config, entries, files, log }) {
 		for (const [dependency_path, result] of dependencies) {
 			// this seems circuitous, but using new URL allows us to not care
 			// whether dependency_path is encoded or not
-			const encoded_dependency_path = new URL(dependency_path, 'http://localhost').pathname;
+			const encoded_dependency_path = new URL$1(dependency_path, 'http://localhost').pathname;
 			const decoded_dependency_path = decodeURI(encoded_dependency_path);
 
 			const body = result.body ?? new Uint8Array(await result.response.arrayBuffer());
@@ -1118,7 +1124,7 @@ async function prerender({ config, entries, files, log }) {
 				const resolved = resolve(encoded, href);
 				if (!is_root_relative(resolved)) continue;
 
-				const parsed = new URL(resolved, 'http://localhost');
+				const parsed = new URL$1(resolved, 'http://localhost');
 
 				if (parsed.search) ;
 

package/dist/chunks/index4.js

@@ -42,11 +42,12 @@ function create_builder({ config, build_data, prerendered, log }) {
 		config,
 		prerendered,
 
-		createEntries(fn) {
+		async createEntries(fn) {
 			const { routes } = build_data.manifest_data;
 
 			/** @type {import('types').RouteDefinition[]} */
 			const facades = routes.map((route) => ({
+				id: route.id,
 				type: route.type,
 				segments: route.id.split('/').map((segment) => ({
 					dynamic: segment.includes('['),
@@ -90,7 +91,7 @@ function create_builder({ config, build_data, prerendered, log }) {
 				});
 
 				if (filtered.size > 0) {
-					complete({
+					await complete({
 						generateManifest: ({ relativePath, format }) =>
 							generate_manifest({
 								build_data,

package/dist/chunks/sync.js

@@ -789,32 +789,23 @@ function write_tsconfig(config) {
 		JSON.stringify(
 			{
 				compilerOptions: {
-					moduleResolution: 'node',
-					module: 'es2020',
-					lib: ['es2020', 'DOM'],
-					target: 'es2020',
-					// svelte-preprocess cannot figure out whether you have a value or a type, so tell TypeScript
-					// to enforce using \`import type\` instead of \`import\` for Types.
-					importsNotUsedAsValues: 'error',
-					// TypeScript doesn't know about import usages in the template because it only sees the
-					// script of a Svelte file. Therefore preserve all value imports. Requires TS 4.5 or higher.
-					preserveValueImports: true,
-					isolatedModules: true,
-					resolveJsonModule: true,
-					// To have warnings/errors of the Svelte compiler at the correct position,
-					// enable source maps by default.
-					sourceMap: true,
-					esModuleInterop: true,
-					skipLibCheck: true,
-					forceConsistentCasingInFileNames: true,
+					// generated options
 					baseUrl: config_relative('.'),
-					allowJs: true,
-					checkJs: true,
 					paths: {
 						$lib: [project_relative(config.kit.files.lib)],
 						'$lib/*': [project_relative(config.kit.files.lib + '/*')]
 					},
-					rootDirs: [config_relative('.'), './types']
+					rootDirs: [config_relative('.'), './types'],
+
+					// essential options
+					// svelte-preprocess cannot figure out whether you have a value or a type, so tell TypeScript
+					// to enforce using \`import type\` instead of \`import\` for Types.
+					importsNotUsedAsValues: 'error',
+					// Vite compiles modules one at a time
+					isolatedModules: true,
+					// TypeScript doesn't know about import usages in the template because it only sees the
+					// script of a Svelte file. Therefore preserve all value imports. Requires TS 4.5 or higher.
+					preserveValueImports: true
 				},
 				include,
 				exclude: [config_relative('node_modules/**'), './**']

package/dist/cli.js

@@ -870,7 +870,7 @@ async function launch(port, https, base) {
 	exec(`${cmd} ${https ? 'https' : 'http'}://localhost:${port}${base}`);
 }
 
-const prog = sade('svelte-kit').version('1.0.0-next.314');
+const prog = sade('svelte-kit').version('1.0.0-next.317');
 
 prog
 	.command('dev')
@@ -1049,7 +1049,7 @@ async function check_port(port) {
 function welcome({ port, host, https, open, base, loose, allow, cwd }) {
 	if (open) launch(port, https, base);
 
-	console.log($.bold().cyan(`\n  SvelteKit v${'1.0.0-next.314'}\n`));
+	console.log($.bold().cyan(`\n  SvelteKit v${'1.0.0-next.317'}\n`));
 
 	const protocol = https ? 'https:' : 'http:';
 	const exposed = typeof host !== 'undefined' && host !== 'localhost' && host !== '127.0.0.1';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sveltejs/kit",
-  "version": "1.0.0-next.314",
+  "version": "1.0.0-next.317",
   "repository": {
     "type": "git",
     "url": "https://github.com/sveltejs/kit",
@@ -23,6 +23,7 @@
     "@types/mime": "^2.0.3",
     "@types/node": "^16.11.11",
     "@types/sade": "^1.7.3",
+    "@types/set-cookie-parser": "^2.4.2",
     "amphtml-validator": "^1.0.35",
     "cookie": "^0.5.0",
     "cross-env": "^7.0.3",
@@ -36,6 +37,7 @@
     "port-authority": "^1.1.2",
     "rollup": "^2.60.2",
     "selfsigned": "^2.0.0",
+    "set-cookie-parser": "^2.4.8",
     "sirv": "^2.0.0",
     "svelte": "^3.44.2",
     "svelte-check": "^2.5.0",

package/types/ambient.d.ts

@@ -103,9 +103,9 @@ declare module '$app/navigation' {
 	): Promise<void>;
 	/**
 	 * Causes any `load` functions belonging to the currently active page to re-run if they `fetch` the resource in question. Returns a `Promise` that resolves when the page is subsequently updated.
-	 * @param href The invalidated resource
+	 * @param dependency The invalidated resource
 	 */
-	export function invalidate(href: string): Promise<void>;
+	export function invalidate(dependency: string | ((href: string) => boolean)): Promise<void>;
 	/**
 	 * Programmatically prefetches the given page, which means
 	 *  1. ensuring that the code for the page is loaded, and

package/types/index.d.ts

@@ -38,7 +38,7 @@ export interface Builder {
 	 * Create entry points that map to individual functions
 	 * @param fn A function that groups a set of routes into an entry point
 	 */
-	createEntries(fn: (route: RouteDefinition) => AdapterEntry): void;
+	createEntries(fn: (route: RouteDefinition) => AdapterEntry): Promise<void>;
 
 	generateManifest: (opts: { relativePath: string; format?: 'esm' | 'cjs' }) => string;
 

package/types/private.d.ts

@@ -23,7 +23,7 @@ export interface AdapterEntry {
 	 */
 	complete: (entry: {
 		generateManifest: (opts: { relativePath: string; format?: 'esm' | 'cjs' }) => string;
-	}) => void;
+	}) => Promise<void>;
 }
 
 // Based on https://github.com/josh-hemphill/csp-typed-directives/blob/latest/src/csp.types.ts
@@ -222,6 +222,7 @@ export interface ResolveOptions {
 export type ResponseHeaders = Record<string, string | number | string[]>;
 
 export interface RouteDefinition {
+	id: string;
 	type: 'page' | 'endpoint';
 	pattern: RegExp;
 	segments: RouteSegment[];