@sveltejs/kit 1.30.2 → 2.0.0

package/src/runtime/client/constants.js

@@ -1,6 +1,10 @@
 export const SNAPSHOT_KEY = 'sveltekit:snapshot';
 export const SCROLL_KEY = 'sveltekit:scroll';
-export const INDEX_KEY = 'sveltekit:index';
+export const STATES_KEY = 'sveltekit:states';
+export const PAGE_URL_KEY = 'sveltekit:pageurl';
+
+export const HISTORY_INDEX = 'sveltekit:history';
+export const NAVIGATION_INDEX = 'sveltekit:navigation';
 
 export const PRELOAD_PRIORITIES = /** @type {const} */ ({
 	tap: 1,

package/src/runtime/client/session-storage.js

@@ -1,10 +1,11 @@
 /**
  * Read a value from `sessionStorage`
  * @param {string} key
+ * @param {(value: string) => any} parse
  */
-export function get(key) {
+export function get(key, parse = JSON.parse) {
 	try {
-		return JSON.parse(sessionStorage[key]);
+		return parse(sessionStorage[key]);
 	} catch {
 		// do nothing
 	}
@@ -14,11 +15,12 @@ export function get(key) {
  * Write a value to `sessionStorage`
  * @param {string} key
  * @param {any} value
+ * @param {(value: any) => string} stringify
  */
-export function set(key, value) {
-	const json = JSON.stringify(value);
+export function set(key, value, stringify = JSON.stringify) {
+	const data = stringify(value);
 	try {
-		sessionStorage[key] = json;
+		sessionStorage[key] = data;
 	} catch {
 		// do nothing
 	}

package/src/runtime/client/singletons.js

@@ -21,7 +21,13 @@ export function init(opts) {
  */
 export function client_method(key) {
 	if (!BROWSER) {
-		if (key === 'before_navigate' || key === 'after_navigate' || key === 'on_navigate') {
+		if (
+			key === 'before_navigate' ||
+			key === 'after_navigate' ||
+			key === 'on_navigate' ||
+			key === 'push_state' ||
+			key === 'replace_state'
+		) {
 			// @ts-expect-error doesn't recognize that both keys here return void so expects a async function
 			return () => {};
 		} else {

package/src/runtime/client/types.d.ts

@@ -7,7 +7,9 @@ import {
 	invalidate,
 	invalidateAll,
 	preloadCode,
-	preloadData
+	preloadData,
+	pushState,
+	replaceState
 } from '../app/navigation.js';
 import { SvelteComponent } from 'svelte';
 import { ClientHooks, CSRPageNode, CSRPageNodeLoader, CSRRoute, TrailingSlash, Uses } from 'types';
@@ -51,6 +53,8 @@ export interface Client {
 	invalidate_all: typeof invalidateAll;
 	preload_code: typeof preloadCode;
 	preload_data: typeof preloadData;
+	push_state: typeof pushState;
+	replace_state: typeof replaceState;
 	apply_action: typeof applyAction;
 
 	// private API
@@ -92,7 +96,7 @@ export type NavigationFinished = {
 	props: {
 		constructors: Array<typeof SvelteComponent>;
 		components?: Array<SvelteComponent>;
-		page?: Page;
+		page: Page;
 		form?: Record<string, any> | null;
 		[key: `data_${number}`]: Record<string, any>;
 	};

package/src/runtime/client/utils.js

@@ -8,16 +8,18 @@ import { PRELOAD_PRIORITIES } from './constants.js';
 
 export const origin = BROWSER ? location.origin : '';
 
-/** @param {HTMLDocument} doc */
-export function get_base_uri(doc) {
-	let baseURI = doc.baseURI;
+/** @param {string | URL} url */
+export function resolve_url(url) {
+	if (url instanceof URL) return url;
+
+	let baseURI = document.baseURI;
 
 	if (!baseURI) {
-		const baseTags = doc.getElementsByTagName('base');
-		baseURI = baseTags.length ? baseTags[0].href : doc.URL;
+		const baseTags = document.getElementsByTagName('base');
+		baseURI = baseTags.length ? baseTags[0].href : document.URL;
 	}
 
-	return baseURI;
+	return new URL(url, baseURI);
 }
 
 export function scroll_state() {
@@ -147,7 +149,7 @@ export function get_link_info(a, base) {
  */
 export function get_router_options(element) {
 	/** @type {ValidLinkOptions<'keepfocus'> | null} */
-	let keep_focus = null;
+	let keepfocus = null;
 
 	/** @type {ValidLinkOptions<'noscroll'> | null} */
 	let noscroll = null;
@@ -170,7 +172,7 @@ export function get_router_options(element) {
 	while (el && el !== document.documentElement) {
 		if (preload_code === null) preload_code = link_option(el, 'preload-code');
 		if (preload_data === null) preload_data = link_option(el, 'preload-data');
-		if (keep_focus === null) keep_focus = link_option(el, 'keepfocus');
+		if (keepfocus === null) keepfocus = link_option(el, 'keepfocus');
 		if (noscroll === null) noscroll = link_option(el, 'noscroll');
 		if (reload === null) reload = link_option(el, 'reload');
 		if (replace_state === null) replace_state = link_option(el, 'replacestate');
@@ -188,14 +190,14 @@ export function get_router_options(element) {
 			case 'false':
 				return false;
 			default:
-				return null;
+				return undefined;
 		}
 	}
 
 	return {
 		preload_code: levels[preload_code ?? 'off'],
 		preload_data: levels[preload_data ?? 'off'],
-		keep_focus: get_option_state(keep_focus),
+		keepfocus: get_option_state(keepfocus),
 		noscroll: get_option_state(noscroll),
 		reload: get_option_state(reload),
 		replace_state: get_option_state(replace_state)

package/src/runtime/control.js

@@ -30,15 +30,20 @@ export class Redirect {
 	}
 }
 
-export class NotFound extends Error {
+/**
+ * An error that was thrown from within the SvelteKit runtime that is not fatal and doesn't result in a 500, such as a 404.
+ * `SvelteKitError` goes through `handleError`.
+ */
+export class SvelteKitError extends Error {
 	/**
-	 * @param {string} pathname
+	 * @param {number} status
+	 * @param {string} text
+	 * @param {string} message
 	 */
-	constructor(pathname) {
-		super();
-
-		this.status = 404;
-		this.message = `Not found: ${pathname}`;
+	constructor(status, text, message) {
+		super(message);
+		this.status = status;
+		this.text = text;
 	}
 }
 
@@ -48,7 +53,7 @@ export class NotFound extends Error {
 export class ActionFailure {
 	/**
 	 * @param {number} status
-	 * @param {T} [data]
+	 * @param {T} data
 	 */
 	constructor(status, data) {
 		this.status = status;
@@ -66,6 +71,7 @@ export class ActionFailure {
  *   ActionFailure: typeof ActionFailure;
  *   HttpError: typeof HttpError;
  *   Redirect: typeof Redirect;
+ *   SvelteKitError: typeof SvelteKitError;
  * }} implementations
  */
 export function replace_implementations(implementations) {
@@ -75,4 +81,6 @@ export function replace_implementations(implementations) {
 	HttpError = implementations.HttpError; // eslint-disable-line no-class-assign
 	// @ts-expect-error
 	Redirect = implementations.Redirect; // eslint-disable-line no-class-assign
+	// @ts-expect-error
+	SvelteKitError = implementations.SvelteKitError; // eslint-disable-line no-class-assign
 }

package/src/runtime/server/cookie.js

@@ -1,6 +1,5 @@
 import { parse, serialize } from 'cookie';
-import { normalize_path, resolve } from '../../utils/url.js';
-import { warn_with_callsite } from './utils.js';
+import { add_data_suffix, normalize_path, resolve } from '../../utils/url.js';
 
 /**
  * Tracks all cookies set during dev mode so we can emit warnings
@@ -15,24 +14,11 @@ const cookie_paths = {};
  */
 const MAX_COOKIE_SIZE = 4129;
 
-/**
- *
- * @param {import('cookie').CookieSerializeOptions} opts
- * @param {'set' | 'delete' | 'serialize'} method
- */
-function deprecate_missing_path(opts, method) {
-	if (opts.path === undefined) {
-		warn_with_callsite(
-			`Calling \`cookies.${method}(...)\` without specifying a \`path\` is deprecated, and will be disallowed in SvelteKit 2.0. Relative paths can be used`,
-			1
-		);
-	}
-
-	if (opts.path === '') {
-		warn_with_callsite(
-			`Calling \`cookies.${method}(...)\` with \`path: ''\` will behave differently in SvelteKit 2.0. Instead of using the browser default behaviour, it will set the cookie path to the current pathname`,
-			1
-		);
+// TODO 3.0 remove this check
+/** @param {import('./page/types.js').Cookie['options']} options */
+function validate_options(options) {
+	if (options?.path === undefined) {
+		throw new Error('You must specify a `path` when setting, deleting or serializing cookies');
 	}
 }
 
@@ -46,8 +32,6 @@ export function get_cookies(request, url, trailing_slash) {
 	const initial_cookies = parse(header, { decode: (value) => value });
 
 	const normalized_url = normalize_path(url.pathname, trailing_slash);
-	// Emulate browser-behavior: if the cookie is set at '/foo/bar', its path is '/foo'
-	const default_path = normalized_url.split('/').slice(0, -1).join('/') || '/';
 
 	/** @type {Record<string, import('./page/types.js').Cookie>} */
 	const new_cookies = {};
@@ -126,39 +110,37 @@ export function get_cookies(request, url, trailing_slash) {
 		/**
 		 * @param {string} name
 		 * @param {string} value
-		 * @param {import('cookie').CookieSerializeOptions} opts
+		 * @param {import('./page/types.js').Cookie['options']} options
 		 */
-		set(name, value, opts = {}) {
-			deprecate_missing_path(opts, 'set');
-			set_internal(name, value, { ...defaults, ...opts });
+		set(name, value, options) {
+			validate_options(options);
+			set_internal(name, value, { ...defaults, ...options });
 		},
 
 		/**
 		 * @param {string} name
-		 * @param {import('cookie').CookieSerializeOptions} opts
+		 *  @param {import('./page/types.js').Cookie['options']} options
 		 */
-		delete(name, opts = {}) {
-			deprecate_missing_path(opts, 'delete');
-
-			cookies.set(name, '', {
-				path: default_path, // TODO 2.0 remove this
-				...opts,
-				maxAge: 0
-			});
+		delete(name, options) {
+			validate_options(options);
+			cookies.set(name, '', { ...options, maxAge: 0 });
 		},
 
 		/**
 		 * @param {string} name
 		 * @param {string} value
-		 * @param {import('cookie').CookieSerializeOptions} opts
+		 *  @param {import('./page/types.js').Cookie['options']} options
 		 */
-		serialize(name, value, opts = {}) {
-			deprecate_missing_path(opts, 'serialize');
+		serialize(name, value, options) {
+			validate_options(options);
+
+			let path = options.path;
+
+			if (!options.domain || options.domain === url.hostname) {
+				path = resolve(normalized_url, path);
+			}
 
-			return serialize(name, value, {
-				...defaults,
-				...opts
-			});
+			return serialize(name, value, { ...defaults, ...options, path });
 		}
 	};
 
@@ -199,27 +181,16 @@ export function get_cookies(request, url, trailing_slash) {
 	/**
 	 * @param {string} name
 	 * @param {string} value
-	 * @param {import('cookie').CookieSerializeOptions} opts
+	 * @param {import('./page/types.js').Cookie['options']} options
 	 */
-	function set_internal(name, value, opts) {
-		let path = opts.path;
+	function set_internal(name, value, options) {
+		let path = options.path;
 
-		if (!opts.domain || opts.domain === url.hostname) {
-			if (path) {
-				if (path[0] === '.') path = resolve(url.pathname, path);
-			} else {
-				path = default_path;
-			}
+		if (!options.domain || options.domain === url.hostname) {
+			path = resolve(normalized_url, path);
 		}
 
-		new_cookies[name] = {
-			name,
-			value,
-			options: {
-				...opts,
-				path
-			}
-		};
+		new_cookies[name] = { name, value, options: { ...options, path } };
 
 		if (__SVELTEKIT_DEV__) {
 			const serialized = serialize(name, value, new_cookies[name].options);
@@ -230,10 +201,8 @@ export function get_cookies(request, url, trailing_slash) {
 			cookie_paths[name] ??= new Set();
 
 			if (!value) {
-				// @ts-expect-error temporary
 				cookie_paths[name].delete(path);
 			} else {
-				// @ts-expect-error temporary
 				cookie_paths[name].add(path);
 			}
 		}
@@ -276,6 +245,14 @@ export function add_cookies_to_headers(headers, cookies) {
 	for (const new_cookie of cookies) {
 		const { name, value, options } = new_cookie;
 		headers.append('set-cookie', serialize(name, value, options));
+
+		// special case — for routes ending with .html, the route data lives in a sibling
+		// `.html__data.json` file rather than a child `/__data.json` file, which means
+		// we need to duplicate the cookie
+		if (options.path.endsWith('.html')) {
+			const path = add_data_suffix(options.path);
+			headers.append('set-cookie', serialize(name, value, { ...options, path }));
+		}
 	}
 }
 

package/src/runtime/server/data/index.js

@@ -1,4 +1,4 @@
-import { HttpError, Redirect } from '../../control.js';
+import { HttpError, SvelteKitError, Redirect } from '../../control.js';
 import { normalize_error } from '../../../utils/error.js';
 import { once } from '../../../utils/functions.js';
 import { load_server_data } from '../page/load_data.js';
@@ -76,8 +76,7 @@ export async function render_data(
 								}
 							}
 							return data;
-						},
-						track_server_fetches: options.track_server_fetches
+						}
 					});
 				} catch (e) {
 					aborted = true;
@@ -110,7 +109,10 @@ export async function render_data(
 					return /** @type {import('types').ServerErrorNode} */ ({
 						type: 'error',
 						error: await handle_error_and_jsonify(event, options, error),
-						status: error instanceof HttpError ? error.status : undefined
+						status:
+							error instanceof HttpError || error instanceof SvelteKitError
+								? error.status
+								: undefined
 					});
 				})
 			)

package/src/runtime/server/env_module.js

@@ -0,0 +1,29 @@
+import { public_env } from '../shared-server.js';
+
+/** @type {string} */
+let body;
+
+/** @type {string} */
+let etag;
+
+/** @type {Headers} */
+let headers;
+
+/**
+ * @param {Request} request
+ * @returns {Response}
+ */
+export function get_public_env(request) {
+	body ??= `export const env=${JSON.stringify(public_env)}`;
+	etag ??= `W/${Date.now()}`;
+	headers ??= new Headers({
+		'content-type': 'application/javascript; charset=utf-8',
+		etag
+	});
+
+	if (request.headers.get('if-none-match') === etag) {
+		return new Response(undefined, { status: 304, headers });
+	}
+
+	return new Response(body, { headers });
+}

package/src/runtime/server/fetch.js

@@ -9,7 +9,7 @@ import * as paths from '__sveltekit/paths';
  *   manifest: import('@sveltejs/kit').SSRManifest;
  *   state: import('types').SSRState;
  *   get_cookie_header: (url: URL, header: string | null) => string;
- *   set_internal: (name: string, value: string, opts: import('cookie').CookieSerializeOptions) => void;
+ *   set_internal: (name: string, value: string, opts: import('./page/types.js').Cookie['options']) => void;
  * }} opts
  * @returns {typeof fetch}
  */
@@ -134,12 +134,13 @@ export function create_fetch({ event, options, manifest, state, get_cookie_heade
 					for (const str of set_cookie_parser.splitCookiesString(set_cookie)) {
 						const { name, value, ...options } = set_cookie_parser.parseString(str);
 
+						const path = options.path ?? (url.pathname.split('/').slice(0, -1).join('/') || '/');
+
 						// options.sameSite is string, something more specific is required - type cast is safe
-						set_internal(
-							name,
-							value,
-							/** @type {import('cookie').CookieSerializeOptions} */ (options)
-						);
+						set_internal(name, value, {
+							path,
+							.../** @type {import('cookie').CookieSerializeOptions} */ (options)
+						});
 					}
 				}
 

package/src/runtime/server/index.js

@@ -1,8 +1,18 @@
 import { respond } from './respond.js';
-import { set_private_env, set_public_env } from '../shared-server.js';
+import { set_private_env, set_public_env, set_safe_public_env } from '../shared-server.js';
 import { options, get_hooks } from '__SERVER__/internal.js';
 import { DEV } from 'esm-env';
 import { filter_private_env, filter_public_env } from '../../utils/env.js';
+import { building } from '../app/environment.js';
+
+/** @type {ProxyHandler<{ type: 'public' | 'private' }>} */
+const prerender_env_handler = {
+	get({ type }, prop) {
+		throw new Error(
+			`Cannot read values from $env/dynamic/${type} while prerendering (attempted to read env.${prop.toString()}). Use $env/static/${type} instead`
+		);
+	}
+};
 
 export class Server {
 	/** @type {import('types').SSROptions} */
@@ -27,19 +37,19 @@ export class Server {
 		// Take care: Some adapters may have to call `Server.init` per-request to set env vars,
 		// so anything that shouldn't be rerun should be wrapped in an `if` block to make sure it hasn't
 		// been done already.
+
 		// set env, in case it's used in initialisation
-		set_private_env(
-			filter_private_env(env, {
-				public_prefix: this.#options.env_public_prefix,
-				private_prefix: this.#options.env_private_prefix
-			})
-		);
-		set_public_env(
-			filter_public_env(env, {
-				public_prefix: this.#options.env_public_prefix,
-				private_prefix: this.#options.env_private_prefix
-			})
-		);
+		const prefixes = {
+			public_prefix: this.#options.env_public_prefix,
+			private_prefix: this.#options.env_private_prefix
+		};
+
+		const private_env = filter_private_env(env, prefixes);
+		const public_env = filter_public_env(env, prefixes);
+
+		set_private_env(building ? new Proxy({ type: 'private' }, prerender_env_handler) : private_env);
+		set_public_env(building ? new Proxy({ type: 'public' }, prerender_env_handler) : public_env);
+		set_safe_public_env(public_env);
 
 		if (!this.#options.hooks) {
 			try {
@@ -71,13 +81,6 @@ export class Server {
 	 * @param {import('types').RequestOptions} options
 	 */
 	async respond(request, options) {
-		// TODO this should probably have been removed for 1.0 — i think we can get rid of it?
-		if (!(request instanceof Request)) {
-			throw new Error(
-				'The first argument to server.respond must be a Request object. See https://github.com/sveltejs/kit/pull/3384 for details'
-			);
-		}
-
 		return respond(request, this.#options, this.#manifest, {
 			...options,
 			error: false,

package/src/runtime/server/page/actions.js

@@ -1,8 +1,8 @@
 import * as devalue from 'devalue';
-import { error, json } from '../../../exports/index.js';
-import { normalize_error } from '../../../utils/error.js';
+import { json } from '../../../exports/index.js';
+import { get_status, normalize_error } from '../../../utils/error.js';
 import { is_form_content_type, negotiate } from '../../../utils/http.js';
-import { HttpError, Redirect, ActionFailure } from '../../control.js';
+import { HttpError, Redirect, ActionFailure, SvelteKitError } from '../../control.js';
 import { handle_error_and_jsonify } from '../utils.js';
 
 /** @param {import('@sveltejs/kit').RequestEvent} event */
@@ -24,8 +24,11 @@ export async function handle_action_json_request(event, options, server) {
 	const actions = server?.actions;
 
 	if (!actions) {
-		// TODO should this be a different error altogether?
-		const no_actions_error = error(405, 'POST method not allowed. No actions exist for this page');
+		const no_actions_error = new SvelteKitError(
+			405,
+			'Method Not Allowed',
+			'POST method not allowed. No actions exist for this page'
+		);
 		return action_json(
 			{
 				type: 'error',
@@ -81,7 +84,7 @@ export async function handle_action_json_request(event, options, server) {
 				error: await handle_error_and_jsonify(event, options, check_incorrect_fail_use(err))
 			},
 			{
-				status: err instanceof HttpError ? err.status : 500
+				status: get_status(err)
 			}
 		);
 	}
@@ -139,7 +142,11 @@ export async function handle_action_request(event, server) {
 		});
 		return {
 			type: 'error',
-			error: error(405, 'POST method not allowed. No actions exist for this page')
+			error: new SvelteKitError(
+				405,
+				'Method Not Allowed',
+				'POST method not allowed. No actions exist for this page'
+			)
 		};
 	}
 
@@ -198,7 +205,7 @@ function check_named_default_separate(actions) {
 /**
  * @param {import('@sveltejs/kit').RequestEvent} event
  * @param {NonNullable<import('types').SSRNode['server']['actions']>} actions
- * @throws {Redirect | ActionFailure | HttpError | Error}
+ * @throws {Redirect | HttpError | SvelteKitError | Error}
  */
 async function call_action(event, actions) {
 	const url = new URL(event.request.url);
@@ -216,12 +223,16 @@ async function call_action(event, actions) {
 
 	const action = actions[name];
 	if (!action) {
-		throw new Error(`No action with name '${name}' found`);
+		throw new SvelteKitError(404, 'Not Found', `No action with name '${name}' found`);
 	}
 
 	if (!is_form_content_type(event.request)) {
-		throw new Error(
-			`Actions expect form-encoded data (received ${event.request.headers.get('content-type')})`
+		throw new SvelteKitError(
+			415,
+			'Unsupported Media Type',
+			`Form actions expect form-encoded data — received ${event.request.headers.get(
+				'content-type'
+			)}`
 		);
 	}
 
@@ -231,13 +242,11 @@ async function call_action(event, actions) {
 /** @param {any} data */
 function validate_action_return(data) {
 	if (data instanceof Redirect) {
-		throw new Error('Cannot `return redirect(...)` — use `throw redirect(...)` instead');
+		throw new Error('Cannot `return redirect(...)` — use `redirect(...)` instead');
 	}
 
 	if (data instanceof HttpError) {
-		throw new Error(
-			'Cannot `return error(...)` — use `throw error(...)` or `return fail(...)` instead'
-		);
+		throw new Error('Cannot `return error(...)` — use `error(...)` or `return fail(...)` instead');
 	}
 }
 

package/src/runtime/server/page/index.js

@@ -1,8 +1,8 @@
 import { text } from '../../../exports/index.js';
 import { compact } from '../../../utils/array.js';
-import { normalize_error } from '../../../utils/error.js';
+import { get_status, normalize_error } from '../../../utils/error.js';
 import { add_data_suffix } from '../../../utils/url.js';
-import { HttpError, Redirect } from '../../control.js';
+import { Redirect } from '../../control.js';
 import { redirect_response, static_error_page, handle_error_and_jsonify } from '../utils.js';
 import {
 	handle_action_json_request,
@@ -65,8 +65,7 @@ export async function render_page(event, page, options, manifest, state, resolve
 				return redirect_response(action_result.status, action_result.location);
 			}
 			if (action_result?.type === 'error') {
-				const error = action_result.error;
-				status = error instanceof HttpError ? error.status : 500;
+				status = get_status(action_result.error);
 			}
 			if (action_result?.type === 'failure') {
 				status = action_result.status;
@@ -78,7 +77,7 @@ export async function render_page(event, page, options, manifest, state, resolve
 
 		// it's crucial that we do this before returning the non-SSR response, otherwise
 		// SvelteKit will erroneously believe that the path has been prerendered,
-		// causing functions to be omitted from the manifesst generated later
+		// causing functions to be omitted from the manifest generated later
 		const should_prerender = get_option(nodes, 'prerender') ?? false;
 		if (should_prerender) {
 			const mod = leaf_node.server;
@@ -150,8 +149,7 @@ export async function render_page(event, page, options, manifest, state, resolve
 								if (parent) Object.assign(data, await parent.data);
 							}
 							return data;
-						},
-						track_server_fetches: options.track_server_fetches
+						}
 					});
 				} catch (e) {
 					load_error = /** @type {Error} */ (e);
@@ -222,7 +220,7 @@ export async function render_page(event, page, options, manifest, state, resolve
 						return redirect_response(err.status, err.location);
 					}
 
-					const status = err instanceof HttpError ? err.status : 500;
+					const status = get_status(err);
 					const error = await handle_error_and_jsonify(event, options, err);
 
 					while (i--) {