@sveltejs/kit 1.1.4 → 1.2.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sveltejs/kit",
-  "version": "1.1.4",
+  "version": "1.2.1",
   "repository": {
     "type": "git",
     "url": "https://github.com/sveltejs/kit",
@@ -22,7 +22,7 @@
     "set-cookie-parser": "^2.5.1",
     "sirv": "^2.0.2",
     "tiny-glob": "^0.2.9",
-    "undici": "5.15.0"
+    "undici": "5.15.1"
   },
   "devDependencies": {
     "@playwright/test": "^1.29.2",
@@ -86,6 +86,7 @@
     "format": "pnpm lint --write",
     "test": "pnpm test:unit && pnpm test:integration",
     "test:integration": "pnpm -r --workspace-concurrency 1 --filter=\"./test/**\" test",
+    "test:cross-browser": "pnpm -r --workspace-concurrency 1 --filter=\"./test/**\" test:cross-browser",
     "test:unit": "uvu src \"(spec\\.js|test[\\\\/]index\\.js)\"",
     "postinstall": "node postinstall.js"
   }

package/src/core/config/index.js

@@ -9,24 +9,33 @@ import options from './options.js';
  * @param {string} cwd
  * @param {import('types').ValidatedConfig} config
  */
-export function load_template(cwd, config) {
-	const { appTemplate } = config.kit.files;
-	const relative = path.relative(cwd, appTemplate);
-
-	if (fs.existsSync(appTemplate)) {
-		const contents = fs.readFileSync(appTemplate, 'utf8');
-
-		const expected_tags = ['%sveltekit.head%', '%sveltekit.body%'];
-		expected_tags.forEach((tag) => {
-			if (contents.indexOf(tag) === -1) {
-				throw new Error(`${relative} is missing ${tag}`);
-			}
-		});
-	} else {
+export function load_template(cwd, { kit }) {
+	const { env, files } = kit;
+
+	const relative = path.relative(cwd, files.appTemplate);
+
+	if (!fs.existsSync(files.appTemplate)) {
 		throw new Error(`${relative} does not exist`);
 	}
 
-	return fs.readFileSync(appTemplate, 'utf-8');
+	const contents = fs.readFileSync(files.appTemplate, 'utf8');
+
+	const expected_tags = ['%sveltekit.head%', '%sveltekit.body%'];
+	expected_tags.forEach((tag) => {
+		if (contents.indexOf(tag) === -1) {
+			throw new Error(`${relative} is missing ${tag}`);
+		}
+	});
+
+	for (const match of contents.matchAll(/%sveltekit\.env\.([^%]+)%/g)) {
+		if (!match[1].startsWith(env.publicPrefix)) {
+			throw new Error(
+				`Environment variables in ${relative} must start with ${env.publicPrefix} (saw %sveltekit.env.${match[1]}%)`
+			);
+		}
+	}
+
+	return contents;
 }
 
 /**

package/src/core/sync/write_server.js

@@ -38,11 +38,15 @@ export const options = {
 	root,
 	service_worker: ${has_service_worker},
 	templates: {
-		app: ({ head, body, assets, nonce }) => ${s(template)
+		app: ({ head, body, assets, nonce, env }) => ${s(template)
 			.replace('%sveltekit.head%', '" + head + "')
 			.replace('%sveltekit.body%', '" + body + "')
 			.replace(/%sveltekit\.assets%/g, '" + assets + "')
-			.replace(/%sveltekit\.nonce%/g, '" + nonce + "')},
+			.replace(/%sveltekit\.nonce%/g, '" + nonce + "')
+			.replace(
+				/%sveltekit\.env\.([^%]+)%/g,
+				(_match, capture) => `" + (env[${s(capture)}] ?? "") + "`
+			)},
 		error: ({ status, message }) => ${s(error_page)
 			.replace(/%sveltekit\.status%/g, '" + status + "')
 			.replace(/%sveltekit\.error\.message%/g, '" + message + "')}

package/src/exports/index.js

@@ -29,12 +29,36 @@ export function redirect(status, location) {
 export function json(data, init) {
 	// TODO deprecate this in favour of `Response.json` when it's
 	// more widely supported
+	const body = JSON.stringify(data);
+
+	// we can't just do `text(JSON.stringify(data), init)` because
+	// it will set a default `content-type` header. duplicated code
+	// means less duplicated work
 	const headers = new Headers(init?.headers);
+	if (!headers.has('content-length')) {
+		headers.set('content-length', encoder.encode(body).byteLength.toString());
+	}
+
 	if (!headers.has('content-type')) {
 		headers.set('content-type', 'application/json');
 	}
 
-	return new Response(JSON.stringify(data), {
+	return new Response(body, {
+		...init,
+		headers
+	});
+}
+
+const encoder = new TextEncoder();
+
+/** @type {import('@sveltejs/kit').text} */
+export function text(body, init) {
+	const headers = new Headers(init?.headers);
+	if (!headers.has('content-length')) {
+		headers.set('content-length', encoder.encode(body).byteLength.toString());
+	}
+
+	return new Response(body, {
 		...init,
 		headers
 	});

package/src/exports/vite/dev/index.js

@@ -73,8 +73,7 @@ export async function dev(vite, vite_config, svelte_config) {
 		} catch (error) {
 			manifest_error = /** @type {Error} */ (error);
 
-			console.error(colors.bold().red('Invalid routes'));
-			console.error(error);
+			console.error(colors.bold().red(manifest_error.message));
 			vite.ws.send({
 				type: 'error',
 				err: {
@@ -444,8 +443,7 @@ export async function dev(vite, vite_config, svelte_config) {
 				}
 
 				if (manifest_error) {
-					console.error(colors.bold().red('Invalid routes'));
-					console.error(manifest_error);
+					console.error(colors.bold().red(manifest_error.message));
 
 					const error_page = load_error_page(svelte_config);
 

package/src/runtime/env-public.js

@@ -1,3 +1,4 @@
+/** @type {Record<string, string>} */
 export let env = {};
 
 /** @type {(environment: Record<string, string>) => void} */

package/src/runtime/server/cookie.js

@@ -8,6 +8,12 @@ import { normalize_path } from '../../utils/url.js';
  * @type {Record<string, Set<string>>} */
 const cookie_paths = {};
 
+/**
+ * Cookies that are larger than this size (including the name and other
+ * attributes) are discarded by browsers
+ */
+const MAX_COOKIE_SIZE = 4129;
+
 /**
  * @param {Request} request
  * @param {URL} url
@@ -111,6 +117,11 @@ export function get_cookies(request, url, trailing_slash) {
 			};
 
 			if (__SVELTEKIT_DEV__) {
+				const serialized = serialize(name, value, new_cookies[name].options);
+				if (new TextEncoder().encode(serialized).byteLength > MAX_COOKIE_SIZE) {
+					throw new Error(`Cookie "${name}" is too large, and will be discarded by the browser`);
+				}
+
 				cookie_paths[name] = cookie_paths[name] ?? new Set();
 				if (!value) {
 					if (!cookie_paths[name].has(path) && cookie_paths[name].size > 0) {

package/src/runtime/server/data/index.js

@@ -4,6 +4,7 @@ import { once } from '../../../utils/functions.js';
 import { load_server_data } from '../page/load_data.js';
 import { clarify_devalue_error, handle_error_and_jsonify, serialize_data_node } from '../utils.js';
 import { normalize_path } from '../../../utils/url.js';
+import { text } from '../../../exports/index.js';
 
 export const INVALIDATED_PARAM = 'x-sveltekit-invalidated';
 
@@ -139,7 +140,7 @@ export async function render_data(
  * @param {number} [status]
  */
 function json_response(json, status = 200) {
-	return new Response(json, {
+	return text(json, {
 		status,
 		headers: {
 			'content-type': 'application/json',

package/src/runtime/server/page/index.js

@@ -1,3 +1,4 @@
+import { text } from '../../../exports/index.js';
 import { compact } from '../../../utils/array.js';
 import { normalize_error } from '../../../utils/error.js';
 import { add_data_suffix } from '../../../utils/url.js';
@@ -32,7 +33,7 @@ import { respond_with_error } from './respond_with_error.js';
 export async function render_page(event, route, page, options, manifest, state, resolve_opts) {
 	if (state.initiator === route) {
 		// infinite request cycle detected
-		return new Response(`Not found: ${event.url.pathname}`, {
+		return text(`Not found: ${event.url.pathname}`, {
 			status: 404
 		});
 	}
@@ -239,7 +240,7 @@ export async function render_page(event, route, page, options, manifest, state,
 							});
 
 							state.prerendering.dependencies.set(data_pathname, {
-								response: new Response(body),
+								response: text(body),
 								body
 							});
 						}
@@ -294,7 +295,7 @@ export async function render_page(event, route, page, options, manifest, state,
 				.join(',')}]}`;
 
 			state.prerendering.dependencies.set(data_pathname, {
-				response: new Response(body),
+				response: text(body),
 				body
 			});
 		}

package/src/runtime/server/page/render.js

@@ -9,6 +9,7 @@ import { uneval_action_response } from './actions.js';
 import { clarify_devalue_error } from '../utils.js';
 import { assets, base, version } from '../../shared.js';
 import { env } from '../../env-public.js';
+import { text } from '../../../exports/index.js';
 
 // TODO rename this function/module
 
@@ -366,7 +367,8 @@ export async function render_response({
 		head,
 		body,
 		assets: resolved_assets,
-		nonce: /** @type {string} */ (csp.nonce)
+		nonce: /** @type {string} */ (csp.nonce),
+		env
 	});
 
 	// TODO flush chunks as early as we can
@@ -407,7 +409,7 @@ export async function render_response({
 		}
 	}
 
-	return new Response(transformed, {
+	return text(transformed, {
 		status,
 		headers
 	});

package/src/runtime/server/respond.js

@@ -23,7 +23,7 @@ import {
 	validate_page_server_exports,
 	validate_server_exports
 } from '../../utils/exports.js';
-import { error, json } from '../../exports/index.js';
+import { error, json, text } from '../../exports/index.js';
 import * as paths from '../shared.js';
 
 /* global __SVELTEKIT_ADAPTER_NAME__ */
@@ -53,7 +53,7 @@ export async function respond(request, options, manifest, state) {
 			if (request.headers.get('accept') === 'application/json') {
 				return json(csrf_error.body, { status: csrf_error.status });
 			}
-			return new Response(csrf_error.body.message, { status: csrf_error.status });
+			return text(csrf_error.body.message, { status: csrf_error.status });
 		}
 	}
 
@@ -61,7 +61,7 @@ export async function respond(request, options, manifest, state) {
 	try {
 		decoded = decode_pathname(url.pathname);
 	} catch {
-		return new Response('Malformed URI', { status: 400 });
+		return text('Malformed URI', { status: 400 });
 	}
 
 	/** @type {import('types').SSRRoute | null} */
@@ -72,7 +72,7 @@ export async function respond(request, options, manifest, state) {
 
 	if (paths.base && !state.prerendering?.fallback) {
 		if (!decoded.startsWith(paths.base)) {
-			return new Response('Not found', { status: 404 });
+			return text('Not found', { status: 404 });
 		}
 		decoded = decoded.slice(paths.base.length) || '/';
 	}
@@ -374,7 +374,7 @@ export async function respond(request, options, manifest, state) {
 			}
 
 			if (state.initiator === GENERIC_ERROR) {
-				return new Response('Internal Server Error', {
+				return text('Internal Server Error', {
 					status: 500
 				});
 			}
@@ -394,7 +394,7 @@ export async function respond(request, options, manifest, state) {
 			}
 
 			if (state.prerendering) {
-				return new Response('not found', { status: 404 });
+				return text('not found', { status: 404 });
 			}
 
 			// we can't load the endpoint from our own manifest,

package/src/runtime/server/utils.js

@@ -1,4 +1,5 @@
 import * as devalue from 'devalue';
+import { json, text } from '../../exports/index.js';
 import { coalesce_to_error } from '../../utils/error.js';
 import { negotiate } from '../../utils/http.js';
 import { has_data_suffix } from '../../utils/url.js';
@@ -27,7 +28,7 @@ export const GENERIC_ERROR = {
  * @param {import('types').HttpMethod} method
  */
 export function method_not_allowed(mod, method) {
-	return new Response(`${method} method not allowed`, {
+	return text(`${method} method not allowed`, {
 		status: 405,
 		headers: {
 			// https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/405
@@ -75,7 +76,7 @@ export function get_option(nodes, option) {
  * @param {string} message
  */
 export function static_error_page(options, status, message) {
-	return new Response(options.templates.error({ status, message }), {
+	return text(options.templates.error({ status, message }), {
 		headers: { 'content-type': 'text/html; charset=utf-8' },
 		status
 	});
@@ -98,9 +99,8 @@ export async function handle_fatal_error(event, options, error) {
 	]);
 
 	if (has_data_suffix(new URL(event.request.url).pathname) || type === 'application/json') {
-		return new Response(JSON.stringify(body), {
-			status,
-			headers: { 'content-type': 'application/json; charset=utf-8' }
+		return json(body, {
+			status
 		});
 	}
 

package/types/index.d.ts

@@ -1123,10 +1123,17 @@ export interface Redirect {
 /**
  * Create a JSON `Response` object from the supplied data.
  * @param data The value that will be serialized as JSON.
- * @param init Options such as `status` and `headers` that will be added to the response. A `Content-Type: application/json` header will be added automatically.
+ * @param init Options such as `status` and `headers` that will be added to the response. `Content-Type: application/json` and `Content-Length` headers will be added automatically.
  */
 export function json(data: any, init?: ResponseInit): Response;
 
+/**
+ * Create a `Response` object from the supplied body.
+ * @param body The value that will be used as-is.
+ * @param init Options such as `status` and `headers` that will be added to the response. A `Content-Length` header will be added automatically.
+ */
+export function text(body: string, init?: ResponseInit): Response;
+
 /**
  * Create an `ActionFailure` object.
  * @param status The [HTTP status code](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status#client_error_responses). Must be in the range 400-599.

package/types/internal.d.ts

@@ -306,7 +306,13 @@ export interface SSROptions {
 	root: SSRComponent['default'];
 	service_worker: boolean;
 	templates: {
-		app(values: { head: string; body: string; assets: string; nonce: string }): string;
+		app(values: {
+			head: string;
+			body: string;
+			assets: string;
+			nonce: string;
+			env: Record<string, string>;
+		}): string;
 		error(values: { message: string; status: number }): string;
 	};
 }