@sveltejs/kit 1.0.0-next.509 → 1.0.0-next.510

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sveltejs/kit",
-  "version": "1.0.0-next.509",
+  "version": "1.0.0-next.510",
   "repository": {
     "type": "git",
     "url": "https://github.com/sveltejs/kit",

package/src/runtime/server/cookie.js

@@ -5,8 +5,12 @@ import { parse, serialize } from 'cookie';
  * @param {URL} url
  */
 export function get_cookies(request, url) {
-	/** @type {Map<string, import('./page/types').Cookie>} */
-	const new_cookies = new Map();
+	const header = request.headers.get('cookie') ?? '';
+
+	const initial_cookies = parse(header);
+
+	/** @type {Record<string, import('./page/types').Cookie>} */
+	const new_cookies = {};
 
 	/** @type {import('cookie').CookieSerializeOptions} */
 	const defaults = {
@@ -27,7 +31,7 @@ export function get_cookies(request, url) {
 		 * @param {import('cookie').CookieParseOptions} opts
 		 */
 		get(name, opts) {
-			const c = new_cookies.get(name);
+			const c = new_cookies[name];
 			if (
 				c &&
 				domain_matches(url.hostname, c.options.domain) &&
@@ -37,7 +41,7 @@ export function get_cookies(request, url) {
 			}
 
 			const decode = opts?.decode || decodeURIComponent;
-			const req_cookies = parse(request.headers.get('cookie') ?? '', { decode });
+			const req_cookies = parse(header, { decode });
 			return req_cookies[name]; // the decoded string or undefined
 		},
 
@@ -47,14 +51,14 @@ export function get_cookies(request, url) {
 		 * @param {import('cookie').CookieSerializeOptions} opts
 		 */
 		set(name, value, opts = {}) {
-			new_cookies.set(name, {
+			new_cookies[name] = {
 				name,
 				value,
 				options: {
 					...defaults,
 					...opts
 				}
-			});
+			};
 		},
 
 		/**
@@ -62,7 +66,7 @@ export function get_cookies(request, url) {
 		 * @param {import('cookie').CookieSerializeOptions} opts
 		 */
 		delete(name, opts = {}) {
-			new_cookies.set(name, {
+			new_cookies[name] = {
 				name,
 				value: '',
 				options: {
@@ -70,7 +74,7 @@ export function get_cookies(request, url) {
 					...opts,
 					maxAge: 0
 				}
-			});
+			};
 		},
 
 		/**
@@ -86,7 +90,42 @@ export function get_cookies(request, url) {
 		}
 	};
 
-	return { cookies, new_cookies };
+	/**
+	 * @param {URL} destination
+	 * @param {string | null} header
+	 */
+	function get_cookie_header(destination, header) {
+		/** @type {Record<string, string>} */
+		const combined_cookies = {};
+
+		// cookies sent by the user agent have lowest precedence
+		for (const name in initial_cookies) {
+			combined_cookies[name] = initial_cookies[name];
+		}
+
+		// cookies previous set during this event with cookies.set have higher precedence
+		for (const key in new_cookies) {
+			const cookie = new_cookies[key];
+			if (!domain_matches(destination.hostname, cookie.options.domain)) continue;
+			if (!path_matches(destination.pathname, cookie.options.path)) continue;
+
+			combined_cookies[cookie.name] = cookie.value;
+		}
+
+		// explicit header has highest precedence
+		if (header) {
+			const parsed = parse(header);
+			for (const name in parsed) {
+				combined_cookies[name] = parsed[name];
+			}
+		}
+
+		return Object.entries(combined_cookies)
+			.map(([name, value]) => `${name}=${value}`)
+			.join('; ');
+	}
+
+	return { cookies, new_cookies, get_cookie_header };
 }
 
 /**

package/src/runtime/server/{page/fetch.js → fetch.js}

@@ -1,58 +1,17 @@
-import * as cookie from 'cookie';
 import * as set_cookie_parser from 'set-cookie-parser';
-import { respond } from '../index.js';
-import { domain_matches, path_matches } from '../cookie.js';
+import { respond } from './index.js';
 
 /**
  * @param {{
  *   event: import('types').RequestEvent;
  *   options: import('types').SSROptions;
  *   state: import('types').SSRState;
- *   route: import('types').SSRRoute | import('types').SSRErrorPage;
- *   prerender_default?: import('types').PrerenderOption;
- *   resolve_opts: import('types').RequiredResolveOptions;
+ *   get_cookie_header: (url: URL, header: string | null) => string;
  * }} opts
+ * @returns {typeof fetch}
  */
-export function create_fetch({ event, options, state, route, prerender_default, resolve_opts }) {
-	/** @type {import('./types').Fetched[]} */
-	const fetched = [];
-
-	const initial_cookies = cookie.parse(event.request.headers.get('cookie') || '');
-
-	/** @type {import('./types').Cookie[]} */
-	const set_cookies = [];
-
-	/**
-	 * @param {URL} url
-	 * @param {string | null} header
-	 */
-	function get_cookie_header(url, header) {
-		/** @type {Record<string, string>} */
-		const new_cookies = {};
-
-		for (const cookie of set_cookies) {
-			if (!domain_matches(url.hostname, cookie.options.domain)) continue;
-			if (!path_matches(url.pathname, cookie.options.path)) continue;
-
-			new_cookies[cookie.name] = cookie.value;
-		}
-
-		// cookies from explicit `cookie` header take precedence over cookies previously set
-		// during this load with `set-cookie`, which take precedence over the cookies
-		// sent by the user agent
-		const combined_cookies = {
-			...initial_cookies,
-			...new_cookies,
-			...cookie.parse(header ?? '')
-		};
-
-		return Object.entries(combined_cookies)
-			.map(([name, value]) => `${name}=${value}`)
-			.join('; ');
-	}
-
-	/** @type {typeof fetch} */
-	const fetcher = async (info, init) => {
+export function create_fetch({ event, options, state, get_cookie_header }) {
+	return async (info, init) => {
 		const request = normalize_fetch_input(info, init, event.url);
 
 		const request_body = init?.body;
@@ -60,7 +19,7 @@ export function create_fetch({ event, options, state, route, prerender_default,
 		/** @type {import('types').PrerenderDependency} */
 		let dependency;
 
-		const response = await options.hooks.handleFetch({
+		return await options.hooks.handleFetch({
 			event,
 			request,
 			fetch: async (info, init) => {
@@ -174,11 +133,7 @@ export function create_fetch({ event, options, state, route, prerender_default,
 					throw new Error('Request body must be a string or TypedArray');
 				}
 
-				response = await respond(request, options, {
-					prerender_default,
-					...state,
-					initiator: route
-				});
+				response = await respond(request, options, state);
 
 				if (state.prerendering) {
 					dependency = { response, body: null };
@@ -187,104 +142,22 @@ export function create_fetch({ event, options, state, route, prerender_default,
 
 				const set_cookie = response.headers.get('set-cookie');
 				if (set_cookie) {
-					set_cookies.push(
-						...set_cookie_parser.splitCookiesString(set_cookie).map((str) => {
-							const { name, value, ...options } = set_cookie_parser.parseString(str);
-							// options.sameSite is string, something more specific is required - type cast is safe
-							return /** @type{import('./types').Cookie} */ ({ name, value, options });
-						})
-					);
-				}
-
-				return response;
-			}
-		});
-
-		const proxy = new Proxy(response, {
-			get(response, key, _receiver) {
-				async function text() {
-					const body = await response.text();
-
-					if (!body || typeof body === 'string') {
-						const status_number = Number(response.status);
-						if (isNaN(status_number)) {
-							throw new Error(
-								`response.status is not a number. value: "${
-									response.status
-								}" type: ${typeof response.status}`
-							);
-						}
-
-						fetched.push({
-							url: request.url.startsWith(event.url.origin)
-								? request.url.slice(event.url.origin.length)
-								: request.url,
-							method: request.method,
-							request_body: /** @type {string | ArrayBufferView | undefined} */ (request_body),
-							response_body: body,
-							response: response
-						});
-
-						// ensure that excluded headers can't be read
-						const get = response.headers.get;
-						response.headers.get = (key) => {
-							const lower = key.toLowerCase();
-							const value = get.call(response.headers, lower);
-							if (value && !lower.startsWith('x-sveltekit-')) {
-								const included = resolve_opts.filterSerializedResponseHeaders(lower, value);
-								if (!included) {
-									throw new Error(
-										`Failed to get response header "${lower}" — it must be included by the \`filterSerializedResponseHeaders\` option: https://kit.svelte.dev/docs/hooks#handle`
-									);
-								}
-							}
-
-							return value;
-						};
+					for (const str of set_cookie_parser.splitCookiesString(set_cookie)) {
+						const { name, value, ...options } = set_cookie_parser.parseString(str);
+
+						// options.sameSite is string, something more specific is required - type cast is safe
+						event.cookies.set(
+							name,
+							value,
+							/** @type {import('cookie').CookieSerializeOptions} */ (options)
+						);
 					}
-
-					if (dependency) {
-						dependency.body = body;
-					}
-
-					return body;
 				}
 
-				if (key === 'arrayBuffer') {
-					return async () => {
-						const buffer = await response.arrayBuffer();
-
-						if (dependency) {
-							dependency.body = new Uint8Array(buffer);
-						}
-
-						// TODO should buffer be inlined into the page (albeit base64'd)?
-						// any conditions in which it shouldn't be?
-
-						return buffer;
-					};
-				}
-
-				if (key === 'text') {
-					return text;
-				}
-
-				if (key === 'json') {
-					return async () => {
-						return JSON.parse(await text());
-					};
-				}
-
-				// TODO arrayBuffer?
-
-				return Reflect.get(response, key, response);
+				return response;
 			}
 		});
-
-		return proxy;
 	};
-
-	return { fetcher, fetched, cookies: set_cookies };
 }
 
 /**

package/src/runtime/server/index.js

@@ -10,6 +10,7 @@ import { render_data } from './data/index.js';
 import { DATA_SUFFIX } from '../../constants.js';
 import { add_cookies_to_headers, get_cookies } from './cookie.js';
 import { HttpError } from '../control.js';
+import { create_fetch } from './fetch.js';
 
 /* global __SVELTEKIT_ADAPTER_NAME__ */
 
@@ -96,13 +97,15 @@ export async function respond(request, options, state) {
 	/** @type {Record<string, string>} */
 	const headers = {};
 
-	const { cookies, new_cookies } = get_cookies(request, url);
+	const { cookies, new_cookies, get_cookie_header } = get_cookies(request, url);
 
 	if (state.prerendering) disable_search(url);
 
 	/** @type {import('types').RequestEvent} */
 	const event = {
 		cookies,
+		// @ts-expect-error this is added in the next step, because `create_fetch` needs a reference to `event`
+		fetch: null,
 		getClientAddress:
 			state.getClientAddress ||
 			(() => {
@@ -138,6 +141,8 @@ export async function respond(request, options, state) {
 		url
 	};
 
+	event.fetch = create_fetch({ event, options, state, get_cookie_header });
+
 	// TODO remove this for 1.0
 	/**
 	 * @param {string} property
@@ -215,7 +220,6 @@ export async function respond(request, options, state) {
 					error: null,
 					branch: [],
 					fetched: [],
-					cookies: [],
 					resolve_opts
 				});
 			}
@@ -295,7 +299,7 @@ export async function respond(request, options, state) {
 							response.headers.set(key, /** @type {string} */ (value));
 						}
 					}
-					add_cookies_to_headers(response.headers, Array.from(new_cookies.values()));
+					add_cookies_to_headers(response.headers, Object.values(new_cookies));
 
 					if (state.prerendering && event.routeId !== null) {
 						response.headers.set('x-sveltekit-routeid', encodeURI(event.routeId));

package/src/runtime/server/page/index.js

@@ -15,7 +15,6 @@ import {
 	is_action_json_request,
 	is_action_request
 } from './actions.js';
-import { create_fetch } from './fetch.js';
 import { load_data, load_server_data } from './load_data.js';
 import { render_response } from './render.js';
 import { respond_with_error } from './respond_with_error.js';
@@ -37,6 +36,8 @@ export async function render_page(event, route, page, options, state, resolve_op
 		});
 	}
 
+	state.initiator = route;
+
 	if (is_action_json_request(event)) {
 		const node = await options.manifest._.nodes[page.leaf]();
 		if (node.server) {
@@ -93,20 +94,17 @@ export async function render_page(event, route, page, options, state, resolve_op
 			});
 		}
 
-		const { fetcher, fetched, cookies } = create_fetch({
-			event,
-			options,
-			state,
-			route,
-			prerender_default: should_prerender,
-			resolve_opts
-		});
+		// if we fetch any endpoints while loading data for this page, they should
+		// inherit the prerender option of the page
+		state.prerender_default = should_prerender;
+
+		/** @type {import('./types').Fetched[]} */
+		const fetched = [];
 
 		if (get_option(nodes, 'ssr') === false) {
 			return await render_response({
 				branch: [],
 				fetched,
-				cookies,
 				page_config: {
 					ssr: false,
 					csr: get_option(nodes, 'csr') ?? true
@@ -169,7 +167,7 @@ export async function render_page(event, route, page, options, state, resolve_op
 				try {
 					return await load_data({
 						event,
-						fetcher,
+						fetched,
 						node,
 						parent: async () => {
 							const data = {};
@@ -178,6 +176,7 @@ export async function render_page(event, route, page, options, state, resolve_op
 							}
 							return data;
 						},
+						resolve_opts,
 						server_data_promise: server_promises[i],
 						state
 					});
@@ -217,7 +216,7 @@ export async function render_page(event, route, page, options, state, resolve_op
 							});
 						}
 
-						return redirect_response(err.status, err.location, cookies);
+						return redirect_response(err.status, err.location);
 					}
 
 					const status = err instanceof HttpError ? err.status : 500;
@@ -244,8 +243,7 @@ export async function render_page(event, route, page, options, state, resolve_op
 									data: null,
 									server_data: null
 								}),
-								fetched,
-								cookies
+								fetched
 							});
 						}
 					}
@@ -286,8 +284,7 @@ export async function render_page(event, route, page, options, state, resolve_op
 			error: null,
 			branch: compact(branch),
 			action_result,
-			fetched,
-			cookies
+			fetched
 		});
 	} catch (error) {
 		// if we end up here, it means the data loaded successfull

package/src/runtime/server/page/load_data.js

@@ -68,27 +68,126 @@ export async function load_server_data({ event, state, node, parent }) {
  * Calls the user's `load` function.
  * @param {{
  *   event: import('types').RequestEvent;
- *   fetcher: typeof fetch;
+ *   fetched: import('./types').Fetched[];
  *   node: import('types').SSRNode | undefined;
  *   parent: () => Promise<Record<string, any>>;
+ *   resolve_opts: import('types').RequiredResolveOptions;
  *   server_data_promise: Promise<import('types').ServerDataNode | null>;
  *   state: import('types').SSRState;
  * }} opts
  * @returns {Promise<Record<string, any> | null>}
  */
-export async function load_data({ event, fetcher, node, parent, server_data_promise }) {
+export async function load_data({
+	event,
+	fetched,
+	node,
+	parent,
+	server_data_promise,
+	state,
+	resolve_opts
+}) {
 	const server_data_node = await server_data_promise;
 
 	if (!node?.shared?.load) {
 		return server_data_node?.data ?? null;
 	}
 
+	/** @type {import('types').LoadEvent} */
 	const load_event = {
 		url: event.url,
 		params: event.params,
 		data: server_data_node?.data ?? null,
 		routeId: event.routeId,
-		fetch: fetcher,
+		fetch: async (input, init) => {
+			const response = await event.fetch(input, init);
+
+			const url = new URL(input instanceof Request ? input.url : input, event.url);
+			const same_origin = url.origin === event.url.origin;
+
+			const request_body = init?.body;
+			const dependency = same_origin && state.prerendering?.dependencies.get(url.pathname);
+
+			const proxy = new Proxy(response, {
+				get(response, key, _receiver) {
+					async function text() {
+						const body = await response.text();
+
+						if (!body || typeof body === 'string') {
+							const status_number = Number(response.status);
+							if (isNaN(status_number)) {
+								throw new Error(
+									`response.status is not a number. value: "${
+										response.status
+									}" type: ${typeof response.status}`
+								);
+							}
+
+							fetched.push({
+								url: same_origin ? url.href.slice(event.url.origin.length) : url.href,
+								method: event.request.method,
+								request_body: /** @type {string | ArrayBufferView | undefined} */ (request_body),
+								response_body: body,
+								response: response
+							});
+
+							// ensure that excluded headers can't be read
+							const get = response.headers.get;
+							response.headers.get = (key) => {
+								const lower = key.toLowerCase();
+								const value = get.call(response.headers, lower);
+								if (value && !lower.startsWith('x-sveltekit-')) {
+									const included = resolve_opts.filterSerializedResponseHeaders(lower, value);
+									if (!included) {
+										throw new Error(
+											`Failed to get response header "${lower}" — it must be included by the \`filterSerializedResponseHeaders\` option: https://kit.svelte.dev/docs/hooks#handle`
+										);
+									}
+								}
+
+								return value;
+							};
+						}
+
+						if (dependency) {
+							dependency.body = body;
+						}
+
+						return body;
+					}
+
+					if (key === 'arrayBuffer') {
+						return async () => {
+							const buffer = await response.arrayBuffer();
+
+							if (dependency) {
+								dependency.body = new Uint8Array(buffer);
+							}
+
+							// TODO should buffer be inlined into the page (albeit base64'd)?
+							// any conditions in which it shouldn't be?
+
+							return buffer;
+						};
+					}
+
+					if (key === 'text') {
+						return text;
+					}
+
+					if (key === 'json') {
+						return async () => {
+							return JSON.parse(await text());
+						};
+					}
+
+					// TODO arrayBuffer?
+
+					return Reflect.get(response, key, response);
+				}
+			});
+
+			return proxy;
+		},
 		setHeaders: event.setHeaders,
 		depends: () => {},
 		parent

package/src/runtime/server/page/render.js

@@ -4,7 +4,6 @@ import { hash } from '../../hash.js';
 import { serialize_data } from './serialize_data.js';
 import { s } from '../../../utils/misc.js';
 import { Csp } from './csp.js';
-import { add_cookies_to_headers } from '../cookie.js';
 
 // TODO rename this function/module
 
@@ -18,7 +17,6 @@ const updated = {
  * @param {{
  *   branch: Array<import('./types').Loaded>;
  *   fetched: Array<import('./types').Fetched>;
- *   cookies: import('./types').Cookie[];
  *   options: import('types').SSROptions;
  *   state: import('types').SSRState;
  *   page_config: { ssr: boolean; csr: boolean };
@@ -32,7 +30,6 @@ const updated = {
 export async function render_response({
 	branch,
 	fetched,
-	cookies,
 	options,
 	state,
 	page_config,
@@ -329,8 +326,6 @@ export async function render_response({
 			headers.set('content-security-policy-report-only', report_only_header);
 		}
 
-		add_cookies_to_headers(headers, cookies);
-
 		if (link_header_preloads.size) {
 			headers.set('link', Array.from(link_header_preloads).join(', '));
 		}

package/src/runtime/server/page/respond_with_error.js

@@ -2,12 +2,11 @@ import { render_response } from './render.js';
 import { load_data, load_server_data } from './load_data.js';
 import {
 	handle_error_and_jsonify,
-	GENERIC_ERROR,
 	get_option,
 	static_error_page,
-	redirect_response
+	redirect_response,
+	GENERIC_ERROR
 } from '../utils.js';
-import { create_fetch } from './fetch.js';
 import { HttpError, Redirect } from '../../control.js';
 
 /**
@@ -27,13 +26,8 @@ import { HttpError, Redirect } from '../../control.js';
  * }} opts
  */
 export async function respond_with_error({ event, options, state, status, error, resolve_opts }) {
-	const { fetcher, fetched, cookies } = create_fetch({
-		event,
-		options,
-		state,
-		route: GENERIC_ERROR,
-		resolve_opts
-	});
+	/** @type {import('./types').Fetched[]} */
+	const fetched = [];
 
 	try {
 		const branch = [];
@@ -41,6 +35,8 @@ export async function respond_with_error({ event, options, state, status, error,
 		const ssr = get_option([default_layout], 'ssr') ?? true;
 
 		if (ssr) {
+			state.initiator = GENERIC_ERROR;
+
 			const server_data_promise = load_server_data({
 				event,
 				state,
@@ -52,9 +48,10 @@ export async function respond_with_error({ event, options, state, status, error,
 
 			const data = await load_data({
 				event,
-				fetcher,
+				fetched,
 				node: default_layout,
 				parent: async () => ({}),
+				resolve_opts,
 				server_data_promise,
 				state
 			});
@@ -84,7 +81,6 @@ export async function respond_with_error({ event, options, state, status, error,
 			error: handle_error_and_jsonify(event, options, error),
 			branch,
 			fetched,
-			cookies,
 			event,
 			resolve_opts
 		});
@@ -92,7 +88,7 @@ export async function respond_with_error({ event, options, state, status, error,
 		// Edge case: If route is a 404 and the user redirects to somewhere from the root layout,
 		// we end up here.
 		if (error instanceof Redirect) {
-			return redirect_response(error.status, error.location, cookies);
+			return redirect_response(error.status, error.location);
 		}
 
 		return static_error_page(

package/src/runtime/server/page/types.d.ts

@@ -9,12 +9,6 @@ export interface Fetched {
 	response: Response;
 }
 
-export interface FetchState {
-	fetched: Fetched[];
-	cookies: string[];
-	new_cookies: string[];
-}
-
 export type Loaded = {
 	node: SSRNode;
 	data: Record<string, any> | null;

package/src/runtime/server/utils.js

@@ -2,7 +2,6 @@ import * as devalue from 'devalue';
 import { DATA_SUFFIX } from '../../constants.js';
 import { negotiate } from '../../utils/http.js';
 import { HttpError } from '../control.js';
-import { add_cookies_to_headers } from './cookie.js';
 
 /** @param {any} body */
 export function is_pojo(body) {
@@ -167,13 +166,11 @@ export function handle_error_and_jsonify(event, options, error) {
 /**
  * @param {number} status
  * @param {string} location
- * @param {import('./page/types.js').Cookie[]} [cookies]
  */
-export function redirect_response(status, location, cookies = []) {
+export function redirect_response(status, location) {
 	const response = new Response(undefined, {
 		status,
 		headers: { location }
 	});
-	add_cookies_to_headers(response.headers, cookies);
 	return response;
 }

package/types/index.d.ts

@@ -341,6 +341,7 @@ export interface RequestEvent<
 	Params extends Partial<Record<string, string>> = Partial<Record<string, string>>
 > {
 	cookies: Cookies;
+	fetch: typeof fetch;
 	getClientAddress: () => string;
 	locals: App.Locals;
 	params: Params;