@sveltejs/kit 1.0.0-next.340 → 1.0.0-next.341

package/assets/client/start.js

@@ -682,6 +682,10 @@ function create_client({ target, session, base, trailing_slash }) {
 		if (started) {
 			current = navigation_result.state;
 
+			if (navigation_result.props.page) {
+				navigation_result.props.page.url = url;
+			}
+
 			root.$set(navigation_result.props);
 		} else {
 			initialize(navigation_result);

package/assets/server/index.js

@@ -885,33 +885,11 @@ function base64(bytes) {
 /** @type {Promise<void>} */
 let csp_ready;
 
-/** @type {() => string} */
-let generate_nonce;
+const array = new Uint8Array(16);
 
-/** @type {(input: string) => string} */
-let generate_hash;
-
-if (typeof crypto !== 'undefined') {
-	const array = new Uint8Array(16);
-
-	generate_nonce = () => {
-		crypto.getRandomValues(array);
-		return base64(array);
-	};
-
-	generate_hash = sha256;
-} else {
-	// TODO: remove this in favor of web crypto API once we no longer support Node 14
-	const name = 'crypto'; // store in a variable to fool esbuild when adapters bundle kit
-	csp_ready = import(name).then((crypto) => {
-		generate_nonce = () => {
-			return crypto.randomBytes(16).toString('base64');
-		};
-
-		generate_hash = (input) => {
-			return crypto.createHash('sha256').update(input, 'utf-8').digest().toString('base64');
-		};
-	});
+function generate_nonce() {
+	crypto.getRandomValues(array);
+	return base64(array);
 }
 
 const quoted = new Set([
@@ -1014,7 +992,7 @@ class Csp {
 	add_script(content) {
 		if (this.#script_needs_csp) {
 			if (this.#use_hashes) {
-				this.#script_src.push(`sha256-${generate_hash(content)}`);
+				this.#script_src.push(`sha256-${sha256(content)}`);
 			} else if (this.#script_src.length === 0) {
 				this.#script_src.push(`nonce-${this.nonce}`);
 			}
@@ -1025,7 +1003,7 @@ class Csp {
 	add_style(content) {
 		if (this.#style_needs_csp) {
 			if (this.#use_hashes) {
-				this.#style_src.push(`sha256-${generate_hash(content)}`);
+				this.#style_src.push(`sha256-${sha256(content)}`);
 			} else if (this.#style_src.length === 0) {
 				this.#style_src.push(`nonce-${this.nonce}`);
 			}
@@ -2132,6 +2110,11 @@ async function load_node({
 			props: shadow.body || {},
 			routeId: event.routeId,
 			get session() {
+				if (node.module.prerender ?? options.prerender.default) {
+					throw Error(
+						'Attempted to access session from a prerendered page. Session would never be populated.'
+					);
+				}
 				uses_credentials = true;
 				return $session;
 			},

package/dist/chunks/cert.js

@@ -1,4 +1,4 @@
-import { c as commonjsGlobal } from '../install-fetch.js';
+import { c as commonjsGlobal } from '../node/polyfills.js';
 import require$$1 from 'crypto';
 import 'node:http';
 import 'node:https';

package/dist/chunks/index.js

@@ -6,7 +6,7 @@ import { g as get_runtime_path, r as resolve_entry, $, l as load_template, c as
 import fs__default from 'fs';
 import { URL } from 'url';
 import { S as SVELTE_KIT_ASSETS, s as sirv } from './constants.js';
-import { installFetch } from '../install-fetch.js';
+import { installPolyfills } from '../node/polyfills.js';
 import { update, init } from './sync.js';
 import { getRequest, setResponse } from '../node.js';
 import { p as posixify } from './filesystem.js';
@@ -23,6 +23,7 @@ import 'node:zlib';
 import 'node:stream';
 import 'node:util';
 import 'node:url';
+import 'crypto';
 import './write_tsconfig.js';
 import 'stream';
 
@@ -30,12 +31,13 @@ import 'stream';
 // https://github.com/vitejs/vite/blob/3edd1af56e980aef56641a5a51cf2932bb580d41/packages/vite/src/node/plugins/css.ts#L96
 const style_pattern = /\.(css|less|sass|scss|styl|stylus|pcss|postcss)$/;
 
+const cwd$1 = process.cwd();
+
 /**
  * @param {import('types').ValidatedConfig} config
- * @param {string} cwd
  * @returns {Promise<import('vite').Plugin>}
  */
-async function create_plugin(config, cwd) {
+async function create_plugin(config) {
 	const runtime = get_runtime_path(config);
 
 	process.env.VITE_SVELTEKIT_APP_VERSION_POLL_INTERVAL = '0';
@@ -47,7 +49,7 @@ async function create_plugin(config, cwd) {
 		name: 'vite-plugin-svelte-kit',
 
 		configureServer(vite) {
-			installFetch();
+			installPolyfills();
 
 			/** @type {import('types').SSRManifest} */
 			let manifest;
@@ -123,7 +125,7 @@ async function create_plugin(config, cwd) {
 									types,
 									shadow: route.shadow
 										? async () => {
-												const url = path__default.resolve(cwd, /** @type {string} */ (route.shadow));
+												const url = path__default.resolve(cwd$1, /** @type {string} */ (route.shadow));
 												return await vite.ssrLoadModule(url, { fixStacktrace: false });
 										  }
 										: null,
@@ -139,7 +141,7 @@ async function create_plugin(config, cwd) {
 								names,
 								types,
 								load: async () => {
-									const url = path__default.resolve(cwd, route.file);
+									const url = path__default.resolve(cwd$1, route.file);
 									return await vite.ssrLoadModule(url, { fixStacktrace: false });
 								}
 							};
@@ -150,7 +152,7 @@ async function create_plugin(config, cwd) {
 
 							for (const key in manifest_data.matchers) {
 								const file = manifest_data.matchers[key];
-								const url = path__default.resolve(cwd, file);
+								const url = path__default.resolve(cwd$1, file);
 								const module = await vite.ssrLoadModule(url, { fixStacktrace: false });
 
 								if (module.match) {
@@ -261,13 +263,13 @@ async function create_plugin(config, cwd) {
 						// can get loaded twice via different URLs, which causes failures. Might
 						// require changes to Vite to fix
 						const { default: root } = await vite.ssrLoadModule(
-							`/${posixify(path__default.relative(cwd, `${config.kit.outDir}/generated/root.svelte`))}`,
+							`/${posixify(path__default.relative(cwd$1, `${config.kit.outDir}/generated/root.svelte`))}`,
 							{ fixStacktrace: false }
 						);
 
 						const paths = await vite.ssrLoadModule(
 							true
-								? `/${posixify(path__default.relative(cwd, `${config.kit.outDir}/runtime/paths.js`))}`
+								? `/${posixify(path__default.relative(cwd$1, `${config.kit.outDir}/runtime/paths.js`))}`
 								: `/@fs${runtime}/paths.js`,
 							{ fixStacktrace: false }
 						);
@@ -286,7 +288,7 @@ async function create_plugin(config, cwd) {
 							return res.end(err.reason || 'Invalid request body');
 						}
 
-						const template = load_template(cwd, config);
+						const template = load_template(cwd$1, config);
 
 						const rendered = await respond(
 							request,
@@ -440,9 +442,10 @@ async function find_deps(vite, node, deps) {
 	await Promise.all(branches);
 }
 
+const cwd = process.cwd();
+
 /**
  * @typedef {{
- *   cwd: string,
  *   port: number,
  *   host?: string,
  *   https: boolean,
@@ -452,7 +455,7 @@ async function find_deps(vite, node, deps) {
  */
 
 /** @param {Options} opts */
-async function dev({ cwd, port, host, https, config }) {
+async function dev({ port, host, https, config }) {
 	init(config);
 
 	const [vite_config] = deep_merge(
@@ -504,7 +507,7 @@ async function dev({ cwd, port, host, https, config }) {
 				},
 				configFile: false
 			}),
-			await create_plugin(config, cwd)
+			await create_plugin(config)
 		],
 		base: '/'
 	});

package/dist/chunks/index2.js

@@ -9,7 +9,7 @@ import { s } from './misc.js';
 import { d as deep_merge } from './object.js';
 import { svelte } from '@sveltejs/vite-plugin-svelte';
 import { pathToFileURL, URL as URL$1 } from 'url';
-import { installFetch } from '../install-fetch.js';
+import { installPolyfills } from '../node/polyfills.js';
 import './write_tsconfig.js';
 import 'sade';
 import 'child_process';
@@ -22,6 +22,7 @@ import 'node:zlib';
 import 'node:stream';
 import 'node:util';
 import 'node:url';
+import 'crypto';
 
 const absolute = /^([a-z]+:)?\/?\//;
 const scheme = /^[a-z]+:/;
@@ -1068,7 +1069,7 @@ async function prerender({ config, entries, files, log }) {
 		return prerendered;
 	}
 
-	installFetch();
+	installPolyfills();
 
 	const server_root = join(config.kit.outDir, 'output');
 

package/dist/chunks/index5.js

@@ -5,7 +5,7 @@ import { join } from 'path';
 import { S as SVELTE_KIT_ASSETS, s as sirv } from './constants.js';
 import { pathToFileURL } from 'url';
 import { getRequest, setResponse } from '../node.js';
-import { installFetch } from '../install-fetch.js';
+import { installPolyfills } from '../node/polyfills.js';
 import 'querystring';
 import 'stream';
 import 'node:http';
@@ -15,6 +15,7 @@ import 'node:stream';
 import 'node:util';
 import 'node:url';
 import 'net';
+import 'crypto';
 
 /** @typedef {import('http').IncomingMessage} Req */
 /** @typedef {import('http').ServerResponse} Res */
@@ -42,7 +43,7 @@ const mutable = (dir) =>
  * }} opts
  */
 async function preview({ port, host, config, https: use_https = false }) {
-	installFetch();
+	installPolyfills();
 
 	const { paths } = config.kit;
 	const base = paths.base;

package/dist/chunks/multipart-parser.js

@@ -1,7 +1,7 @@
 import 'node:fs';
 import 'node:path';
 import { MessageChannel } from 'node:worker_threads';
-import { F as FormData, a as File } from '../install-fetch.js';
+import { F as FormData, a as File } from '../node/polyfills.js';
 import 'node:http';
 import 'node:https';
 import 'node:zlib';
@@ -9,6 +9,7 @@ import 'node:stream';
 import 'node:util';
 import 'node:url';
 import 'net';
+import 'crypto';
 
 globalThis.DOMException || (() => {
   const port = new MessageChannel().port1;

package/dist/cli.js

@@ -904,7 +904,7 @@ async function launch(port, https, base) {
 	exec(`${cmd} ${https ? 'https' : 'http'}://localhost:${port}${base}`);
 }
 
-const prog = sade('svelte-kit').version('1.0.0-next.340');
+const prog = sade('svelte-kit').version('1.0.0-next.341');
 
 prog
 	.command('dev')
@@ -926,10 +926,7 @@ prog
 		async function start(config) {
 			const { dev } = await import('./chunks/index.js');
 
-			const cwd = process.cwd();
-
 			const { address_info, server_config, close } = await dev({
-				cwd,
 				port,
 				host,
 				https,
@@ -943,8 +940,7 @@ prog
 				open: first && (open || !!server_config.open),
 				base: config.kit.paths.base,
 				loose: server_config.fs.strict === false,
-				allow: server_config.fs.allow,
-				cwd
+				allow: server_config.fs.allow
 			});
 
 			first = false;
@@ -1126,7 +1122,7 @@ async function check_port(port) {
 function welcome({ port, host, https, open, base, loose, allow, cwd }) {
 	if (open) launch(port, https, base);
 
-	console.log($.bold().cyan(`\n  SvelteKit v${'1.0.0-next.340'}\n`));
+	console.log($.bold().cyan(`\n  SvelteKit v${'1.0.0-next.341'}\n`));
 
 	const protocol = https ? 'https:' : 'http:';
 	const exposed = typeof host !== 'undefined' && host !== 'localhost' && host !== '127.0.0.1';

package/dist/{install-fetch.js → node/polyfills.js}

@@ -5,6 +5,9 @@ import Stream, { PassThrough, pipeline } from 'node:stream';
 import { types, deprecate } from 'node:util';
 import { format } from 'node:url';
 import { isIP } from 'net';
+import { webcrypto } from 'crypto';
+
+var commonjsGlobal = typeof globalThis !== 'undefined' ? globalThis : typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {};
 
 /**
  * Returns a `Buffer` instance from the given data URI `uri`.
@@ -58,8 +61,6 @@ function dataUriToBuffer(uri) {
     return buffer;
 }
 
-var commonjsGlobal = typeof globalThis !== 'undefined' ? globalThis : typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {};
-
 var ponyfill_es2018 = {exports: {}};
 
 /**
@@ -4840,7 +4841,7 @@ class Body {
 			return formData;
 		}
 
-		const {toFormData} = await import('./chunks/multipart-parser.js');
+		const {toFormData} = await import('../chunks/multipart-parser.js');
 		return toFormData(this.body, ct);
 	}
 
@@ -6489,30 +6490,25 @@ function fixResponseChunkedTransferBadEnding(request, errorCallback) {
 	});
 }
 
+/** @type {Record<string, any>} */
+const globals = {
+	crypto: webcrypto,
+	fetch,
+	Response,
+	Request,
+	Headers
+};
+
 // exported for dev/preview and node environments
-function installFetch() {
-	Object.defineProperties(globalThis, {
-		fetch: {
-			enumerable: true,
-			configurable: true,
-			value: fetch
-		},
-		Response: {
+function installPolyfills() {
+	for (const name in globals) {
+		// TODO use built-in fetch once https://github.com/nodejs/undici/issues/1262 is resolved
+		Object.defineProperty(globalThis, name, {
 			enumerable: true,
 			configurable: true,
-			value: Response
-		},
-		Request: {
-			enumerable: true,
-			configurable: true,
-			value: Request
-		},
-		Headers: {
-			enumerable: true,
-			configurable: true,
-			value: Headers
-		}
-	});
+			value: globals[name]
+		});
+	}
 }
 
-export { FormData as F, File as a, commonjsGlobal as c, installFetch };
+export { FormData as F, File as a, commonjsGlobal as c, installPolyfills };

package/dist/node.js

@@ -1,5 +1,208 @@
 import { Readable } from 'stream';
 
+var setCookie = {exports: {}};
+
+var defaultParseOptions = {
+  decodeValues: true,
+  map: false,
+  silent: false,
+};
+
+function isNonEmptyString(str) {
+  return typeof str === "string" && !!str.trim();
+}
+
+function parseString(setCookieValue, options) {
+  var parts = setCookieValue.split(";").filter(isNonEmptyString);
+  var nameValue = parts.shift().split("=");
+  var name = nameValue.shift();
+  var value = nameValue.join("="); // everything after the first =, joined by a "=" if there was more than one part
+
+  options = options
+    ? Object.assign({}, defaultParseOptions, options)
+    : defaultParseOptions;
+
+  try {
+    value = options.decodeValues ? decodeURIComponent(value) : value; // decode cookie value
+  } catch (e) {
+    console.error(
+      "set-cookie-parser encountered an error while decoding a cookie with value '" +
+        value +
+        "'. Set options.decodeValues to false to disable this feature.",
+      e
+    );
+  }
+
+  var cookie = {
+    name: name, // grab everything before the first =
+    value: value,
+  };
+
+  parts.forEach(function (part) {
+    var sides = part.split("=");
+    var key = sides.shift().trimLeft().toLowerCase();
+    var value = sides.join("=");
+    if (key === "expires") {
+      cookie.expires = new Date(value);
+    } else if (key === "max-age") {
+      cookie.maxAge = parseInt(value, 10);
+    } else if (key === "secure") {
+      cookie.secure = true;
+    } else if (key === "httponly") {
+      cookie.httpOnly = true;
+    } else if (key === "samesite") {
+      cookie.sameSite = value;
+    } else {
+      cookie[key] = value;
+    }
+  });
+
+  return cookie;
+}
+
+function parse(input, options) {
+  options = options
+    ? Object.assign({}, defaultParseOptions, options)
+    : defaultParseOptions;
+
+  if (!input) {
+    if (!options.map) {
+      return [];
+    } else {
+      return {};
+    }
+  }
+
+  if (input.headers && input.headers["set-cookie"]) {
+    // fast-path for node.js (which automatically normalizes header names to lower-case
+    input = input.headers["set-cookie"];
+  } else if (input.headers) {
+    // slow-path for other environments - see #25
+    var sch =
+      input.headers[
+        Object.keys(input.headers).find(function (key) {
+          return key.toLowerCase() === "set-cookie";
+        })
+      ];
+    // warn if called on a request-like object with a cookie header rather than a set-cookie header - see #34, 36
+    if (!sch && input.headers.cookie && !options.silent) {
+      console.warn(
+        "Warning: set-cookie-parser appears to have been called on a request object. It is designed to parse Set-Cookie headers from responses, not Cookie headers from requests. Set the option {silent: true} to suppress this warning."
+      );
+    }
+    input = sch;
+  }
+  if (!Array.isArray(input)) {
+    input = [input];
+  }
+
+  options = options
+    ? Object.assign({}, defaultParseOptions, options)
+    : defaultParseOptions;
+
+  if (!options.map) {
+    return input.filter(isNonEmptyString).map(function (str) {
+      return parseString(str, options);
+    });
+  } else {
+    var cookies = {};
+    return input.filter(isNonEmptyString).reduce(function (cookies, str) {
+      var cookie = parseString(str, options);
+      cookies[cookie.name] = cookie;
+      return cookies;
+    }, cookies);
+  }
+}
+
+/*
+  Set-Cookie header field-values are sometimes comma joined in one string. This splits them without choking on commas
+  that are within a single set-cookie field-value, such as in the Expires portion.
+
+  This is uncommon, but explicitly allowed - see https://tools.ietf.org/html/rfc2616#section-4.2
+  Node.js does this for every header *except* set-cookie - see https://github.com/nodejs/node/blob/d5e363b77ebaf1caf67cd7528224b651c86815c1/lib/_http_incoming.js#L128
+  React Native's fetch does this for *every* header, including set-cookie.
+
+  Based on: https://github.com/google/j2objc/commit/16820fdbc8f76ca0c33472810ce0cb03d20efe25
+  Credits to: https://github.com/tomball for original and https://github.com/chrusart for JavaScript implementation
+*/
+function splitCookiesString(cookiesString) {
+  if (Array.isArray(cookiesString)) {
+    return cookiesString;
+  }
+  if (typeof cookiesString !== "string") {
+    return [];
+  }
+
+  var cookiesStrings = [];
+  var pos = 0;
+  var start;
+  var ch;
+  var lastComma;
+  var nextStart;
+  var cookiesSeparatorFound;
+
+  function skipWhitespace() {
+    while (pos < cookiesString.length && /\s/.test(cookiesString.charAt(pos))) {
+      pos += 1;
+    }
+    return pos < cookiesString.length;
+  }
+
+  function notSpecialChar() {
+    ch = cookiesString.charAt(pos);
+
+    return ch !== "=" && ch !== ";" && ch !== ",";
+  }
+
+  while (pos < cookiesString.length) {
+    start = pos;
+    cookiesSeparatorFound = false;
+
+    while (skipWhitespace()) {
+      ch = cookiesString.charAt(pos);
+      if (ch === ",") {
+        // ',' is a cookie separator if we have later first '=', not ';' or ','
+        lastComma = pos;
+        pos += 1;
+
+        skipWhitespace();
+        nextStart = pos;
+
+        while (pos < cookiesString.length && notSpecialChar()) {
+          pos += 1;
+        }
+
+        // currently special character
+        if (pos < cookiesString.length && cookiesString.charAt(pos) === "=") {
+          // we found cookies separator
+          cookiesSeparatorFound = true;
+          // pos is inside the next cookie, so back up and return it.
+          pos = nextStart;
+          cookiesStrings.push(cookiesString.substring(start, lastComma));
+          start = pos;
+        } else {
+          // in param ',' or param separator ';',
+          // we continue from that comma
+          pos = lastComma + 1;
+        }
+      } else {
+        pos += 1;
+      }
+    }
+
+    if (!cookiesSeparatorFound || pos >= cookiesString.length) {
+      cookiesStrings.push(cookiesString.substring(start, cookiesString.length));
+    }
+  }
+
+  return cookiesStrings;
+}
+
+setCookie.exports = parse;
+setCookie.exports.parse = parse;
+setCookie.exports.parseString = parseString;
+var splitCookiesString_1 = setCookie.exports.splitCookiesString = splitCookiesString;
+
 /** @param {import('http').IncomingMessage} req */
 function get_raw_body(req) {
 	return new Promise((fulfil, reject) => {
@@ -56,6 +259,7 @@ async function getRequest(base, req) {
 	if (req.httpVersionMajor === 2) {
 		// we need to strip out the HTTP/2 pseudo-headers because node-fetch's
 		// Request implementation doesn't like them
+		// TODO is this still true with Node 18
 		headers = Object.assign({}, headers);
 		delete headers[':method'];
 		delete headers[':path'];
@@ -74,8 +278,11 @@ async function setResponse(res, response) {
 	const headers = Object.fromEntries(response.headers);
 
 	if (response.headers.has('set-cookie')) {
-		// @ts-expect-error (headers.raw() is non-standard)
-		headers['set-cookie'] = response.headers.raw()['set-cookie'];
+		const header = /** @type {string} */ (response.headers.get('set-cookie'));
+		const split = splitCookiesString_1(header);
+
+		// @ts-expect-error
+		headers['set-cookie'] = split;
 	}
 
 	res.writeHead(response.status, headers);
@@ -84,7 +291,7 @@ async function setResponse(res, response) {
 		response.body.pipe(res);
 	} else {
 		if (response.body) {
-			res.write(await response.arrayBuffer());
+			res.write(new Uint8Array(await response.arrayBuffer()));
 		}
 
 		res.end();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sveltejs/kit",
-  "version": "1.0.0-next.340",
+  "version": "1.0.0-next.341",
   "repository": {
     "type": "git",
     "url": "https://github.com/sveltejs/kit",
@@ -52,11 +52,11 @@
     "./node": {
       "import": "./dist/node.js"
     },
+    "./node/polyfills": {
+      "import": "./dist/node/polyfills.js"
+    },
     "./hooks": {
       "import": "./dist/hooks.js"
-    },
-    "./install-fetch": {
-      "import": "./dist/install-fetch.js"
     }
   },
   "types": "types/index.d.ts",

package/types/ambient.d.ts

@@ -283,11 +283,16 @@ declare module '@sveltejs/kit/hooks' {
 /**
  * A polyfill for `fetch` and its related interfaces, used by adapters for environments that don't provide a native implementation.
  */
-declare module '@sveltejs/kit/install-fetch' {
+declare module '@sveltejs/kit/node/polyfills' {
 	/**
-	 * Make `fetch`, `Headers`, `Request` and `Response` available as globals, via `node-fetch`
+	 * Make various web APIs available as globals:
+	 * - `crypto`
+	 * - `fetch`
+	 * - `Headers`
+	 * - `Request`
+	 * - `Response`
 	 */
-	export function installFetch(): void;
+	export function installPolyfills(): void;
 }
 
 /**