@sveltejs/kit 1.0.0-next.505 → 1.0.0-next.507

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sveltejs/kit",
-  "version": "1.0.0-next.505",
+  "version": "1.0.0-next.507",
   "repository": {
     "type": "git",
     "url": "https://github.com/sveltejs/kit",

package/src/core/prerender/prerender.js

@@ -28,7 +28,7 @@ prerender();
 function format_error({ status, path, referrer, referenceType }, config) {
 	const message =
 		status === 404 && !path.startsWith(config.paths.base)
-			? `${path} does not begin with \`base\`, which is configured in \`paths.base\` and can be imported from \`$app/paths\``
+			? `${path} does not begin with \`base\`, which is configured in \`paths.base\` and can be imported from \`$app/paths\` - see https://kit.svelte.dev/docs/configuration#paths for more info`
 			: path;
 
 	return `${status} ${message}${referrer ? ` (${referenceType} from ${referrer})` : ''}`;
@@ -244,10 +244,13 @@ export async function prerender() {
 
 			const prerender = headers['x-sveltekit-prerender'];
 			if (prerender) {
-				const route_id = headers['x-sveltekit-routeid'];
-				const existing_value = prerender_map.get(route_id);
-				if (existing_value !== 'auto') {
-					prerender_map.set(route_id, prerender === 'true' ? true : 'auto');
+				const encoded_route_id = headers['x-sveltekit-routeid'];
+				if (encoded_route_id != null) {
+					const route_id = decodeURI(encoded_route_id);
+					const existing_value = prerender_map.get(route_id);
+					if (existing_value !== 'auto') {
+						prerender_map.set(route_id, prerender === 'true' ? true : 'auto');
+					}
 				}
 			}
 
@@ -305,7 +308,8 @@ export async function prerender() {
 
 		if (written.has(file)) return;
 
-		const route_id = response.headers.get('x-sveltekit-routeid');
+		const encoded_route_id = response.headers.get('x-sveltekit-routeid');
+		const route_id = encoded_route_id != null ? decodeURI(encoded_route_id) : null;
 		if (route_id !== null) prerendered_routes.add(route_id);
 
 		if (response_type === REDIRECT) {

package/src/exports/node/polyfills.js

@@ -1,7 +1,7 @@
-import { fetch, Response, Request, Headers } from 'undici';
+import { fetch, Response, Request, Headers, FormData } from 'undici';
 import { ReadableStream, TransformStream, WritableStream } from 'stream/web';
 import { Readable } from 'stream';
-import { Request as NodeFetchRequest, FormData } from 'node-fetch';
+import { Request as NodeFetchRequest } from 'node-fetch';
 import { webcrypto as crypto } from 'crypto';
 
 /** @type {Record<string, any>} */
@@ -13,12 +13,18 @@ const globals = {
 	// https://github.com/nodejs/undici/issues/974
 	Request: class extends Request {
 		// @ts-expect-error
-		formData() {
-			return new NodeFetchRequest(this.url, {
+		async formData() {
+			const nodeFetchFormData = await new NodeFetchRequest(this.url, {
 				method: this.method,
 				headers: this.headers,
 				body: this.body && Readable.from(this.body)
 			}).formData();
+
+			const formData = new FormData();
+			for (const [name, value] of nodeFetchFormData.entries()) {
+				formData.append(name, value);
+			}
+			return formData;
 		}
 	},
 	Headers,

package/src/runtime/app/forms.js

@@ -96,6 +96,7 @@ export function enhance(form, submit = () => {}) {
 			action,
 			data,
 			form,
+			update: () => fallback_callback({ action, result }),
 			// @ts-expect-error generic constraints stuff we don't care about
 			result,
 			// TODO remove for 1.0

package/src/runtime/client/fetcher.js

@@ -71,7 +71,7 @@ export function initial_fetch(resource, resolved, opts) {
 
 	let selector = `script[data-sveltekit-fetched][data-url=${url}]`;
 
-	if (opts && typeof opts.body === 'string') {
+	if (opts?.body && (typeof opts.body === 'string' || ArrayBuffer.isView(opts.body))) {
 		selector += `[data-hash="${hash(opts.body)}"]`;
 	}
 

package/src/runtime/hash.js

@@ -4,12 +4,16 @@
  */
 export function hash(value) {
 	let hash = 5381;
-	let i = value.length;
 
 	if (typeof value === 'string') {
+		let i = value.length;
 		while (i) hash = (hash * 33) ^ value.charCodeAt(--i);
+	} else if (ArrayBuffer.isView(value)) {
+		const buffer = new Uint8Array(value.buffer, value.byteOffset, value.byteLength);
+		let i = buffer.length;
+		while (i) hash = (hash * 33) ^ buffer[--i];
 	} else {
-		while (i) hash = (hash * 33) ^ value[--i];
+		throw new TypeError('value must be a string or TypedArray');
 	}
 
 	return (hash >>> 0).toString(36);

package/src/runtime/server/cookie.js

@@ -1,12 +1,5 @@
 import { parse, serialize } from 'cookie';
 
-/** @type {import('cookie').CookieSerializeOptions} */
-const DEFAULT_SERIALIZE_OPTIONS = {
-	httpOnly: true,
-	secure: true,
-	sameSite: 'lax'
-};
-
 /**
  * @param {Request} request
  * @param {URL} url
@@ -15,6 +8,13 @@ export function get_cookies(request, url) {
 	/** @type {Map<string, import('./page/types').Cookie>} */
 	const new_cookies = new Map();
 
+	/** @type {import('cookie').CookieSerializeOptions} */
+	const defaults = {
+		httpOnly: true,
+		sameSite: 'lax',
+		secure: url.hostname === 'localhost' && url.protocol === 'http:' ? false : true
+	};
+
 	/** @type {import('types').Cookies} */
 	const cookies = {
 		// The JSDoc param annotations appearing below for get, set and delete
@@ -51,7 +51,7 @@ export function get_cookies(request, url) {
 				name,
 				value,
 				options: {
-					...DEFAULT_SERIALIZE_OPTIONS,
+					...defaults,
 					...opts
 				}
 			});
@@ -66,7 +66,7 @@ export function get_cookies(request, url) {
 				name,
 				value: '',
 				options: {
-					...DEFAULT_SERIALIZE_OPTIONS,
+					...defaults,
 					...opts,
 					maxAge: 0
 				}
@@ -80,7 +80,7 @@ export function get_cookies(request, url) {
 		 */
 		serialize(name, value, opts) {
 			return serialize(name, value, {
-				...DEFAULT_SERIALIZE_OPTIONS,
+				...defaults,
 				...opts
 			});
 		}

package/src/runtime/server/index.js

@@ -298,7 +298,7 @@ export async function respond(request, options, state) {
 					add_cookies_to_headers(response.headers, Array.from(new_cookies.values()));
 
 					if (state.prerendering && event.routeId !== null) {
-						response.headers.set('x-sveltekit-routeid', event.routeId);
+						response.headers.set('x-sveltekit-routeid', encodeURI(event.routeId));
 					}
 
 					return response;

package/src/runtime/server/page/fetch.js

@@ -165,13 +165,13 @@ export function create_fetch({ event, options, state, route, prerender_default,
 					}
 				}
 
-				if (request_body && typeof request_body !== 'string') {
+				if (request_body && typeof request_body !== 'string' && !ArrayBuffer.isView(request_body)) {
 					// TODO is this still necessary? we just bail out below
 					// per https://developer.mozilla.org/en-US/docs/Web/API/Request/Request, this can be a
 					// Blob, BufferSource, FormData, URLSearchParams, USVString, or ReadableStream object.
 					// non-string bodies are irksome to deal with, but luckily aren't particularly useful
 					// in this context anyway, so we take the easy route and ban them
-					throw new Error('Request body must be a string');
+					throw new Error('Request body must be a string or TypedArray');
 				}
 
 				response = await respond(request, options, {
@@ -220,7 +220,7 @@ export function create_fetch({ event, options, state, route, prerender_default,
 								? request.url.slice(event.url.origin.length)
 								: request.url,
 							method: request.method,
-							request_body: /** @type {string | undefined} */ (request_body),
+							request_body: /** @type {string | ArrayBufferView | undefined} */ (request_body),
 							response_body: body,
 							response: response
 						});

package/src/runtime/server/page/types.d.ts

@@ -4,7 +4,7 @@ import { SSRNode, CspDirectives } from 'types';
 export interface Fetched {
 	url: string;
 	method: string;
-	request_body?: string | null;
+	request_body?: string | ArrayBufferView | null;
 	response_body: string;
 	response: Response;
 }

package/types/ambient.d.ts

@@ -110,6 +110,7 @@ declare module '$app/forms' {
 				form: HTMLFormElement;
 				action: URL;
 				result: ActionResult<Success, Invalid>;
+				update: () => Promise<void>;
 		  }) => void);
 
 	/**
@@ -135,6 +136,8 @@ declare module '$app/forms' {
 		 * - invalidates all data in case of successful submission with no redirect response
 		 * - redirects in case of a redirect response
 		 * - redirects to the nearest error page in case of an unexpected error
+		 *
+		 * If you provide a custom function with a callback and want to use the default behavior, invoke `update` in your callback.
 		 */
 		submit?: SubmitFunction<Success, Invalid>
 	): { destroy: () => void };
@@ -174,7 +177,7 @@ declare module '$app/navigation' {
 	/**
 	 * Returns a Promise that resolves when SvelteKit navigates (or fails to navigate, in which case the promise rejects) to the specified `url`.
 	 *
-	 * @param url Where to navigate to
+	 * @param url Where to navigate to. Note that if you've set [`config.kit.paths.base`](https://kit.svelte.dev/docs/configuration#paths) and the URL is root-relative, you need to prepend the base path if you want to navigate within the app.
 	 * @param opts.replaceState If `true`, will replace the current `history` entry rather than creating a new one with `pushState`
 	 * @param opts.noscroll If `true`, the browser will maintain its scroll position rather than scrolling to the top of the page after navigation
 	 * @param opts.keepfocus If `true`, the currently focused element will retain focus after navigation. Otherwise, focus will be reset to the body
@@ -255,7 +258,9 @@ declare module '$app/navigation' {
  */
 declare module '$app/paths' {
 	/**
-	 * A string that matches [`config.kit.paths.base`](https://kit.svelte.dev/docs/configuration#paths). It must start, but not end with `/` (e.g. `/base-path`), unless it is the empty string.
+	 * A string that matches [`config.kit.paths.base`](https://kit.svelte.dev/docs/configuration#paths).
+	 *
+	 * Example usage: `<a href="{base}/your-page">Link</a>`
 	 */
 	export const base: `/${string}`;
 	/**

package/types/index.d.ts

@@ -151,7 +151,7 @@ export interface Cookies {
 	/**
 	 * Sets a cookie. This will add a `set-cookie` header to the response, but also make the cookie available via `cookies.get` during the current request.
 	 *
-	 * The `httpOnly` and `secure` options are `true` by default, and must be explicitly disabled if you want cookies to be readable by client-side JavaScript and/or transmitted over HTTP. The `sameSite` option defaults to `lax`.
+	 * The `httpOnly` and `secure` options are `true` by default (except on http://localhost, where `secure` is `false`), and must be explicitly disabled if you want cookies to be readable by client-side JavaScript and/or transmitted over HTTP. The `sameSite` option defaults to `lax`.
 	 *
 	 * By default, the `path` of a cookie is the 'directory' of the current pathname. In most cases you should explicitly set `path: '/'` to make the cookie available throughout your app.
 	 */
@@ -165,7 +165,7 @@ export interface Cookies {
 	/**
 	 * Serialize a cookie name-value pair into a Set-Cookie header string.
 	 *
-	 * The `httpOnly` and `secure` options are `true` by default, and must be explicitly disabled if you want cookies to be readable by client-side JavaScript and/or transmitted over HTTP. The `sameSite` option defaults to `lax`.
+	 * The `httpOnly` and `secure` options are `true` by default (except on http://localhost, where `secure` is `false`), and must be explicitly disabled if you want cookies to be readable by client-side JavaScript and/or transmitted over HTTP. The `sameSite` option defaults to `lax`.
 	 *
 	 * By default, the `path` of a cookie is the current pathname. In most cases you should explicitly set `path: '/'` to make the cookie available throughout your app.
 	 *

package/types/internal.d.ts

@@ -353,7 +353,7 @@ export interface SSRState {
 	prerender_default?: PrerenderOption;
 }
 
-export type StrictBody = string | Uint8Array;
+export type StrictBody = string | ArrayBufferView;
 
 export interface Uses {
 	dependencies: Set<string>;