@sveltejs/kit 1.0.0-next.345 → 1.0.0-next.348

package/assets/client/start.js

@@ -1398,6 +1398,12 @@ function create_client({ target, session, base, trailing_slash }) {
 		return new Promise(() => {});
 	}
 
+	if (import.meta.hot) {
+		import.meta.hot.on('vite:beforeUpdate', () => {
+			if (current.error) location.reload();
+		});
+	}
+
 	return {
 		after_navigate: (fn) => {
 			onMount(() => {

package/assets/server/index.js

@@ -2231,10 +2231,7 @@ async function load_node({
 					}
 
 					response = await respond(
-						// we set `credentials` to `undefined` to workaround a bug in Cloudflare
-						// (https://github.com/sveltejs/kit/issues/3728) — which is fine, because
-						// we only need the headers
-						new Request(new URL(requested, event.url).href, { ...opts, credentials: undefined }),
+						new Request(new URL(requested, event.url).href, { ...opts }),
 						options,
 						{
 							...state,
@@ -3096,8 +3093,9 @@ async function respond(request, options, state) {
 	const is_data_request = decoded.endsWith(DATA_SUFFIX);
 
 	if (is_data_request) {
-		decoded = decoded.slice(0, -DATA_SUFFIX.length) || '/';
-		url = new URL(url.origin + url.pathname.slice(0, -DATA_SUFFIX.length) + url.search);
+		const data_suffix_length = DATA_SUFFIX.length - (options.trailing_slash === 'always' ? 1 : 0);
+		decoded = decoded.slice(0, -data_suffix_length) || '/';
+		url = new URL(url.origin + url.pathname.slice(0, -data_suffix_length) + url.search);
 	}
 
 	if (!state.prerendering?.fallback) {
@@ -3116,19 +3114,26 @@ async function respond(request, options, state) {
 		}
 	}
 
-	if (route?.type === 'page') {
-		const normalized = normalize_path(url.pathname, options.trailing_slash);
+	if (route) {
+		if (route.type === 'page') {
+			const normalized = normalize_path(url.pathname, options.trailing_slash);
 
-		if (normalized !== url.pathname && !state.prerendering?.fallback) {
+			if (normalized !== url.pathname && !state.prerendering?.fallback) {
+				return new Response(undefined, {
+					status: 301,
+					headers: {
+						'x-sveltekit-normalize': '1',
+						location:
+							// ensure paths starting with '//' are not treated as protocol-relative
+							(normalized.startsWith('//') ? url.origin + normalized : normalized) +
+							(url.search === '?' ? '' : url.search)
+					}
+				});
+			}
+		} else if (is_data_request) {
+			// requesting /__data.json should fail for a standalone endpoint
 			return new Response(undefined, {
-				status: 301,
-				headers: {
-					'x-sveltekit-normalize': '1',
-					location:
-						// ensure paths starting with '//' are not treated as protocol-relative
-						(normalized.startsWith('//') ? url.origin + normalized : normalized) +
-						(url.search === '?' ? '' : url.search)
-				}
+				status: 404
 			});
 		}
 	}

package/dist/chunks/cert.js

@@ -4,9 +4,12 @@ import 'node:http';
 import 'node:https';
 import 'node:zlib';
 import 'node:stream';
+import 'node:buffer';
 import 'node:util';
 import 'node:url';
-import 'net';
+import 'node:net';
+import 'node:fs';
+import 'node:path';
 
 /**
  * Node.js module for Forge.
@@ -5240,6 +5243,10 @@ _IN('1.3.14.3.2.29', 'sha1WithRSASignature');
 _IN('2.16.840.1.101.3.4.2.1', 'sha256');
 _IN('2.16.840.1.101.3.4.2.2', 'sha384');
 _IN('2.16.840.1.101.3.4.2.3', 'sha512');
+_IN('2.16.840.1.101.3.4.2.4', 'sha224');
+_IN('2.16.840.1.101.3.4.2.5', 'sha512-224');
+_IN('2.16.840.1.101.3.4.2.6', 'sha512-256');
+_IN('1.2.840.113549.2.2', 'md2');
 _IN('1.2.840.113549.2.5', 'md5');
 
 // pkcs#7 content types
@@ -5781,6 +5788,8 @@ var _getValueLength = function(bytes, remaining) {
  * @param [options] object with options or boolean strict flag
  *          [strict] true to be strict when checking value lengths, false to
  *            allow truncated values (default: true).
+ *          [parseAllBytes] true to ensure all bytes are parsed
+ *            (default: true)
  *          [decodeBitStrings] true to attempt to decode the content of
  *            BIT STRINGs (not OCTET STRINGs) using strict mode. Note that
  *            without schema support to understand the data context this can
@@ -5788,24 +5797,31 @@ var _getValueLength = function(bytes, remaining) {
  *            flag will be deprecated or removed as soon as schema support is
  *            available. (default: true)
  *
+ * @throws Will throw an error for various malformed input conditions.
+ *
  * @return the parsed asn1 object.
  */
 asn1$8.fromDer = function(bytes, options) {
   if(options === undefined) {
     options = {
       strict: true,
+      parseAllBytes: true,
       decodeBitStrings: true
     };
   }
   if(typeof options === 'boolean') {
     options = {
       strict: options,
+      parseAllBytes: true,
       decodeBitStrings: true
     };
   }
   if(!('strict' in options)) {
     options.strict = true;
   }
+  if(!('parseAllBytes' in options)) {
+    options.parseAllBytes = true;
+  }
   if(!('decodeBitStrings' in options)) {
     options.decodeBitStrings = true;
   }
@@ -5815,7 +5831,15 @@ asn1$8.fromDer = function(bytes, options) {
     bytes = forge$x.util.createBuffer(bytes);
   }
 
-  return _fromDer(bytes, bytes.length(), 0, options);
+  var byteCount = bytes.length();
+  var value = _fromDer(bytes, bytes.length(), 0, options);
+  if(options.parseAllBytes && bytes.length() !== 0) {
+    var error = new Error('Unparsed DER bytes remain after ASN.1 parsing.');
+    error.byteCount = byteCount;
+    error.remaining = bytes.length();
+    throw error;
+  }
+  return value;
 };
 
 /**
@@ -5936,7 +5960,6 @@ function _fromDer(bytes, remaining, depth, options) {
         start = bytes.length();
         var subOptions = {
           // enforce strict mode to avoid parsing ASN.1 from plain data
-          verbose: options.verbose,
           strict: true,
           decodeBitStrings: true
         };
@@ -5985,6 +6008,7 @@ function _fromDer(bytes, remaining, depth, options) {
       }
     } else {
       value = bytes.getBytes(length);
+      remaining -= length;
     }
   }
 
@@ -6760,7 +6784,16 @@ asn1$8.prettyPrint = function(obj, level, indentation) {
       }
       rval += '0x' + forge$x.util.bytesToHex(obj.value);
     } else if(obj.type === asn1$8.Type.UTF8) {
-      rval += forge$x.util.decodeUtf8(obj.value);
+      try {
+        rval += forge$x.util.decodeUtf8(obj.value);
+      } catch(e) {
+        if(e.message === 'URI malformed') {
+          rval +=
+            '0x' + forge$x.util.bytesToHex(obj.value) + ' (malformed UTF8)';
+        } else {
+          throw e;
+        }
+      }
     } else if(obj.type === asn1$8.Type.PRINTABLESTRING ||
       obj.type === asn1$8.Type.IA5String) {
       rval += obj.value;
@@ -11937,6 +11970,43 @@ var publicKeyValidator$2 = forge$i.pki.rsa.publicKeyValidator = {
   }]
 };
 
+// validator for a DigestInfo structure
+var digestInfoValidator = {
+  name: 'DigestInfo',
+  tagClass: asn1$7.Class.UNIVERSAL,
+  type: asn1$7.Type.SEQUENCE,
+  constructed: true,
+  value: [{
+    name: 'DigestInfo.DigestAlgorithm',
+    tagClass: asn1$7.Class.UNIVERSAL,
+    type: asn1$7.Type.SEQUENCE,
+    constructed: true,
+    value: [{
+      name: 'DigestInfo.DigestAlgorithm.algorithmIdentifier',
+      tagClass: asn1$7.Class.UNIVERSAL,
+      type: asn1$7.Type.OID,
+      constructed: false,
+      capture: 'algorithmIdentifier'
+    }, {
+      // NULL paramters
+      name: 'DigestInfo.DigestAlgorithm.parameters',
+      tagClass: asn1$7.Class.UNIVERSAL,
+      type: asn1$7.Type.NULL,
+      // captured only to check existence for md2 and md5
+      capture: 'parameters',
+      optional: true,
+      constructed: false
+    }]
+  }, {
+    // digest
+    name: 'DigestInfo.digest',
+    tagClass: asn1$7.Class.UNIVERSAL,
+    type: asn1$7.Type.OCTETSTRING,
+    constructed: false,
+    capture: 'digest'
+  }]
+};
+
 /**
  * Wrap digest in DigestInfo object.
  *
@@ -12765,15 +12835,27 @@ pki$4.setRsaPublicKey = pki$4.rsa.setPublicKey = function(n, e) {
    *          a Forge PSS object for RSASSA-PSS,
    *          'NONE' or null for none, DigestInfo will not be expected, but
    *            PKCS#1 v1.5 padding will still be used.
+   * @param options optional verify options
+   *          _parseAllDigestBytes testing flag to control parsing of all
+   *            digest bytes. Unsupported and not for general usage.
+   *            (default: true)
    *
    * @return true if the signature was verified, false if not.
    */
-  key.verify = function(digest, signature, scheme) {
+  key.verify = function(digest, signature, scheme, options) {
     if(typeof scheme === 'string') {
       scheme = scheme.toUpperCase();
     } else if(scheme === undefined) {
       scheme = 'RSASSA-PKCS1-V1_5';
     }
+    if(options === undefined) {
+      options = {
+        _parseAllDigestBytes: true
+      };
+    }
+    if(!('_parseAllDigestBytes' in options)) {
+      options._parseAllDigestBytes = true;
+    }
 
     if(scheme === 'RSASSA-PKCS1-V1_5') {
       scheme = {
@@ -12781,9 +12863,51 @@ pki$4.setRsaPublicKey = pki$4.rsa.setPublicKey = function(n, e) {
           // remove padding
           d = _decodePkcs1_v1_5(d, key, true);
           // d is ASN.1 BER-encoded DigestInfo
-          var obj = asn1$7.fromDer(d);
+          var obj = asn1$7.fromDer(d, {
+            parseAllBytes: options._parseAllDigestBytes
+          });
+
+          // validate DigestInfo
+          var capture = {};
+          var errors = [];
+          if(!asn1$7.validate(obj, digestInfoValidator, capture, errors)) {
+            var error = new Error(
+              'ASN.1 object does not contain a valid RSASSA-PKCS1-v1_5 ' +
+              'DigestInfo value.');
+            error.errors = errors;
+            throw error;
+          }
+          // check hash algorithm identifier
+          // see PKCS1-v1-5DigestAlgorithms in RFC 8017
+          // FIXME: add support to vaidator for strict value choices
+          var oid = asn1$7.derToOid(capture.algorithmIdentifier);
+          if(!(oid === forge$i.oids.md2 ||
+            oid === forge$i.oids.md5 ||
+            oid === forge$i.oids.sha1 ||
+            oid === forge$i.oids.sha224 ||
+            oid === forge$i.oids.sha256 ||
+            oid === forge$i.oids.sha384 ||
+            oid === forge$i.oids.sha512 ||
+            oid === forge$i.oids['sha512-224'] ||
+            oid === forge$i.oids['sha512-256'])) {
+            var error = new Error(
+              'Unknown RSASSA-PKCS1-v1_5 DigestAlgorithm identifier.');
+            error.oid = oid;
+            throw error;
+          }
+
+          // special check for md2 and md5 that NULL parameters exist
+          if(oid === forge$i.oids.md2 || oid === forge$i.oids.md5) {
+            if(!('parameters' in capture)) {
+              throw new Error(
+                'ASN.1 object does not contain a valid RSASSA-PKCS1-v1_5 ' +
+                'DigestInfo value. ' +
+                'Missing algorithm identifer NULL parameters.');
+            }
+          }
+
           // compare the given digest to the decrypted one
-          return digest === obj.value[1].value;
+          return digest === capture.digest;
         }
       };
     } else if(scheme === 'NONE' || scheme === 'NULL' || scheme === null) {
@@ -26379,7 +26503,7 @@ if(typeof(console) !== 'undefined' && 'log' in console) {
 }
 
 /*
- * Check for logging control query vars.
+ * Check for logging control query vars in current URL.
  *
  * console.level=<level-name>
  * Set's the console log level by name.  Useful to override defaults and
@@ -26390,13 +26514,10 @@ if(typeof(console) !== 'undefined' && 'log' in console) {
  * after console.level is processed.  Useful to force a level of verbosity
  * that could otherwise be limited by a user config.
  */
-if(sConsoleLogger !== null) {
-  var query;
-  if(typeof window !== 'undefined' && window.location) {
-    query = new URL(window.location.href).searchParams;
-  } else {
-    query = new URLSearchParams();
-  }
+if(sConsoleLogger !== null &&
+  typeof window !== 'undefined' && window.location
+) {
+  var query = new URL(window.location.href).searchParams;
   if(query.has('console.level')) {
     // set with last value
     forge$3.log.setLevel(

package/dist/chunks/constants.js

@@ -577,7 +577,7 @@ function toHeaders(name, stats, isEtag) {
 	return headers;
 }
 
-function sirv (dir, opts={}) {
+function sirv (dir, opts) {
 	dir = resolve(dir || '.');
 
 	let isNotFound = opts.onNoMatch || is404;