@sveltejs/kit 1.0.0-next.482 → 1.0.0-next.483

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/package.json +1 -1
  2. package/src/runtime/server/cookie.js +54 -27
  3. package/src/runtime/server/index.js +1 -1
  4. package/types/index.d.ts +6 -6
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sveltejs/kit",
3
- "version": "1.0.0-next.482",
3
+ "version": "1.0.0-next.483",
4
4
  "repository": {
5
5
  "type": "git",
6
6
  "url": "https://github.com/sveltejs/kit",
package/src/runtime/server/cookie.js CHANGED
@@ -1,49 +1,76 @@
1
- import * as cookie from 'cookie';
1
+ import { parse } from 'cookie';
2
+
3
+ /** @type {import('cookie').CookieSerializeOptions} */
4
+ const DEFAULT_SERIALIZE_OPTIONS = {
5
+ httpOnly: true,
6
+ secure: true,
7
+ sameSite: 'lax'
8
+ };
2
9
 
3
10
  /**
4
11
  * @param {Request} request
5
12
  * @param {URL} url
6
13
  */
7
14
  export function get_cookies(request, url) {
8
- const initial_cookies = cookie.parse(request.headers.get('cookie') ?? '');
9
-
10
- /** @type {Array<{ name: string, value: string, options: import('cookie').CookieSerializeOptions }>} */
11
- const new_cookies = [];
15
+ /** @type {Map<string, {name: string; value: string; options: import('cookie').CookieSerializeOptions;}>} */
16
+ const new_cookies = new Map();
12
17
 
13
18
  /** @type {import('types').Cookies} */
14
19
  const cookies = {
15
- get(name, opts) {
16
- const decode = opts?.decode || decodeURIComponent;
20
+ // The JSDoc param annotations appearing below for get, set and delete
21
+ // are necessary to expose the `cookie` library types to
22
+ // typescript users. `@type {import('types').Cookies}` above is not
23
+ // sufficient to do so.
17
24
 
18
- let i = new_cookies.length;
19
- while (i--) {
20
- const cookie = new_cookies[i];
21
-
22
- if (
23
- cookie.name === name &&
24
- domain_matches(url.hostname, cookie.options.domain) &&
25
- path_matches(url.pathname, cookie.options.path)
26
- ) {
27
- return cookie.value;
28
- }
25
+ /**
26
+ * @param {string} name
27
+ * @param {import('cookie').CookieParseOptions} opts
28
+ */
29
+ get(name, opts) {
30
+ const c = new_cookies.get(name);
31
+ if (
32
+ c &&
33
+ domain_matches(url.hostname, c.options.domain) &&
34
+ path_matches(url.pathname, c.options.path)
35
+ ) {
36
+ return c.value;
29
37
  }
30
38
 
31
- return name in initial_cookies ? decode(initial_cookies[name]) : undefined;
39
+ const decode = opts?.decode || decodeURIComponent;
40
+ const req_cookies = parse(request.headers.get('cookie') ?? '', { decode });
41
+ return req_cookies[name]; // the decoded string or undefined
32
42
  },
33
- set(name, value, options = {}) {
34
- new_cookies.push({
43
+
44
+ /**
45
+ * @param {string} name
46
+ * @param {string} value
47
+ * @param {import('cookie').CookieSerializeOptions} opts
48
+ */
49
+ set(name, value, opts = {}) {
50
+ new_cookies.set(name, {
35
51
  name,
36
52
  value,
37
53
  options: {
38
- httpOnly: true,
39
- secure: true,
40
- ...options
54
+ ...DEFAULT_SERIALIZE_OPTIONS,
55
+ ...opts
41
56
  }
42
57
  });
43
58
  },
44
- delete(name) {
45
- new_cookies.push({ name, value: '', options: { expires: new Date(0) } });
46
- delete initial_cookies[name];
59
+
60
+ /**
61
+ * @param {string} name
62
+ * @param {import('cookie').CookieSerializeOptions} opts
63
+ */
64
+ delete(name, opts = {}) {
65
+ new_cookies.set(name, {
66
+ name,
67
+ value: '',
68
+ options: {
69
+ ...DEFAULT_SERIALIZE_OPTIONS,
70
+ ...opts,
71
+ maxAge: 0
72
+ }
73
+ });
47
74
  }
48
75
  };
49
76
 
package/src/runtime/server/index.js CHANGED
@@ -246,7 +246,7 @@ export async function respond(request, options, state) {
246
246
  }
247
247
  }
248
248
 
249
- for (const new_cookie of new_cookies) {
249
+ for (const new_cookie of Array.from(new_cookies.values())) {
250
250
  response.headers.append(
251
251
  'set-cookie',
252
252
  cookie.serialize(new_cookie.name, new_cookie.value, new_cookie.options)
package/types/index.d.ts CHANGED
@@ -128,21 +128,21 @@ export interface Cookies {
128
128
  /**
129
129
  * Gets a cookie that was previously set with `cookies.set`, or from the request headers.
130
130
  */
131
- get(name: string, opts?: import('cookie').CookieParseOptions): string | undefined;
131
+ get(name: string, opts?: import('cookie').CookieParseOptions): string | void;
132
132
 
133
133
  /**
134
- * Sets a cookie. This will add a `set-cookie` header to the response, but also make
135
- * the cookie available via `cookies.get` during the current request.
134
+ * Sets a cookie. This will add a `set-cookie` header to the response, but also make the cookie available via `cookies.get` during the current request.
136
135
  *
137
- * The `httpOnly` and `secure` options are `true` by default, and must be explicitly
138
- * disabled if you want cookies to be readable by client-side JavaScript and/or transmitted over HTTP
136
+ * The `httpOnly` and `secure` options are `true` by default, and must be explicitly disabled if you want cookies to be readable by client-side JavaScript and/or transmitted over HTTP. The `sameSite` option defaults to `lax`.
137
+ *
138
+ * By default, the `path` of a cookie is the 'directory' of the current pathname. In most cases you should explicitly set `path: '/'` to make the cookie available throughout your app.
139
139
  */
140
140
  set(name: string, value: string, opts?: import('cookie').CookieSerializeOptions): void;
141
141
 
142
142
  /**
143
143
  * Deletes a cookie by setting its value to an empty string and setting the expiry date in the past.
144
144
  */
145
- delete(name: string): void;
145
+ delete(name: string, opts?: import('cookie').CookieSerializeOptions): void;
146
146
  }
147
147
 
148
148
  export interface KitConfig {