@sveltejs/kit 1.0.0-next.467 → 1.0.0-next.468

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +1 -1
  2. package/src/runtime/server/page/fetch.js +22 -4
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sveltejs/kit",
3
- "version": "1.0.0-next.467",
3
+ "version": "1.0.0-next.468",
4
4
  "repository": {
5
5
  "type": "git",
6
6
  "url": "https://github.com/sveltejs/kit",
package/src/runtime/server/page/fetch.js CHANGED
@@ -152,6 +152,8 @@ export function create_fetch({ event, options, state, route, prerender_default }
152
152
  requested = event.url.protocol + requested;
153
153
  }
154
154
 
155
+ const url = new URL(requested);
156
+
155
157
  // external fetch
156
158
  // allow cookie passthrough for "same-origin"
157
159
  // if SvelteKit is serving my.domain.com:
@@ -161,10 +163,7 @@ export function create_fetch({ event, options, state, route, prerender_default }
161
163
  // - sub.my.domain.com WILL receive cookies
162
164
  // ports do not affect the resolution
163
165
  // leading dot prevents mydomain.com matching domain.com
164
- if (
165
- `.${new URL(requested).hostname}`.endsWith(`.${event.url.hostname}`) &&
166
- opts.credentials !== 'omit'
167
- ) {
166
+ if (`.${url.hostname}`.endsWith(`.${event.url.hostname}`) && opts.credentials !== 'omit') {
168
167
  const cookie = event.request.headers.get('cookie');
169
168
  if (cookie) opts.headers.set('cookie', cookie);
170
169
  }
@@ -176,6 +175,25 @@ export function create_fetch({ event, options, state, route, prerender_default }
176
175
 
177
176
  const external_request = new Request(requested, /** @type {RequestInit} */ (opts));
178
177
  response = await options.hooks.externalFetch.call(null, external_request);
178
+
179
+ if (opts.mode === 'no-cors') {
180
+ response = new Response('', {
181
+ status: response.status,
182
+ statusText: response.statusText,
183
+ headers: response.headers
184
+ });
185
+ } else {
186
+ if (url.origin !== event.url.origin) {
187
+ const acao = response.headers.get('access-control-allow-origin');
188
+ if (!acao || (acao !== event.url.origin && acao !== '*')) {
189
+ throw new Error(
190
+ `CORS error: ${
191
+ acao ? 'Incorrect' : 'No'
192
+ } 'Access-Control-Allow-Origin' header is present on the requested resource`
193
+ );
194
+ }
195
+ }
196
+ }
179
197
  }
180
198
 
181
199
  const set_cookie = response.headers.get('set-cookie');