@sveltejs/kit 2.2.0 → 2.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/exports/public.d.ts +7 -0
- package/src/runtime/server/page/csp.js +35 -3
- package/src/version.js +1 -1
- package/types/index.d.ts +7 -0
- package/types/index.d.ts.map +1 -1
package/package.json
CHANGED
package/src/exports/public.d.ts
CHANGED
|
@@ -370,6 +370,7 @@ export interface KitConfig {
|
|
|
370
370
|
/**
|
|
371
371
|
* A prefix that signals that an environment variable is unsafe to expose to client-side code. Environment variables matching neither the public nor the private prefix will be discarded completely. See [`$env/static/private`](/docs/modules#$env-static-private) and [`$env/dynamic/private`](/docs/modules#$env-dynamic-private).
|
|
372
372
|
* @default ""
|
|
373
|
+
* @since 1.21.0
|
|
373
374
|
*/
|
|
374
375
|
privatePrefix?: string;
|
|
375
376
|
};
|
|
@@ -453,6 +454,7 @@ export interface KitConfig {
|
|
|
453
454
|
* - `preload-js` - uses `<link rel="preload">`. Prevents waterfalls in Chromium and Safari, but Chromium will parse each module twice (once as a script, once as a module). Causes modules to be requested twice in Firefox. This is a good setting if you want to maximise performance for users on iOS devices at the cost of a very slight degradation for Chromium users.
|
|
454
455
|
* - `preload-mjs` - uses `<link rel="preload">` but with the `.mjs` extension which prevents double-parsing in Chromium. Some static webservers will fail to serve .mjs files with a `Content-Type: application/javascript` header, which will cause your application to break. If that doesn't apply to you, this is the option that will deliver the best performance for the largest number of users, until `modulepreload` is more widely supported.
|
|
455
456
|
* @default "modulepreload"
|
|
457
|
+
* @since 1.8.4
|
|
456
458
|
*/
|
|
457
459
|
preloadStrategy?: 'modulepreload' | 'preload-js' | 'preload-mjs';
|
|
458
460
|
};
|
|
@@ -480,6 +482,7 @@ export interface KitConfig {
|
|
|
480
482
|
* In 1.0, `undefined` was a valid value, which was set by default. In that case, if `paths.assets` was not external, SvelteKit would replace `%sveltekit.assets%` with a relative path and use relative paths to reference build artifacts, but `base` and `assets` imported from `$app/paths` would be as specified in your config.
|
|
481
483
|
*
|
|
482
484
|
* @default true
|
|
485
|
+
* @since 1.9.0
|
|
483
486
|
*/
|
|
484
487
|
relative?: boolean;
|
|
485
488
|
};
|
|
@@ -531,6 +534,7 @@ export interface KitConfig {
|
|
|
531
534
|
* ```
|
|
532
535
|
*
|
|
533
536
|
* @default "fail"
|
|
537
|
+
* @since 1.15.7
|
|
534
538
|
*/
|
|
535
539
|
handleHttpError?: PrerenderHttpErrorHandlerValue;
|
|
536
540
|
/**
|
|
@@ -542,6 +546,7 @@ export interface KitConfig {
|
|
|
542
546
|
* - `(details) => void` — a custom error handler that takes a `details` object with `path`, `id`, `referrers` and `message` properties. If you `throw` from this function, the build will fail
|
|
543
547
|
*
|
|
544
548
|
* @default "fail"
|
|
549
|
+
* @since 1.15.7
|
|
545
550
|
*/
|
|
546
551
|
handleMissingId?: PrerenderMissingIdHandlerValue;
|
|
547
552
|
/**
|
|
@@ -553,6 +558,7 @@ export interface KitConfig {
|
|
|
553
558
|
* - `(details) => void` — a custom error handler that takes a `details` object with `generatedFromId`, `entry`, `matchedId` and `message` properties. If you `throw` from this function, the build will fail
|
|
554
559
|
*
|
|
555
560
|
* @default "fail"
|
|
561
|
+
* @since 1.16.0
|
|
556
562
|
*/
|
|
557
563
|
handleEntryGeneratorMismatch?: PrerenderEntryGeneratorMismatchHandlerValue;
|
|
558
564
|
/**
|
|
@@ -578,6 +584,7 @@ export interface KitConfig {
|
|
|
578
584
|
* A function that allows you to edit the generated `tsconfig.json`. You can mutate the config (recommended) or return a new one.
|
|
579
585
|
* This is useful for extending a shared `tsconfig.json` in a monorepo root, for example.
|
|
580
586
|
* @default (config) => config
|
|
587
|
+
* @since 1.3.0
|
|
581
588
|
*/
|
|
582
589
|
config?: (config: Record<string, any>) => Record<string, any> | void;
|
|
583
590
|
};
|
|
@@ -92,16 +92,32 @@ class BaseProvider {
|
|
|
92
92
|
// }
|
|
93
93
|
|
|
94
94
|
// ...and add unsafe-inline so we can inject <style> elements
|
|
95
|
+
// Note that 'unsafe-inline' is ignored if either a hash or nonce value is present in the source list, so we remove those during dev when injecting unsafe-inline
|
|
95
96
|
if (effective_style_src && !effective_style_src.includes('unsafe-inline')) {
|
|
96
|
-
d['style-src'] = [
|
|
97
|
+
d['style-src'] = [
|
|
98
|
+
...effective_style_src.filter(
|
|
99
|
+
(value) => !(value.startsWith('sha256-') || value.startsWith('nonce-'))
|
|
100
|
+
),
|
|
101
|
+
'unsafe-inline'
|
|
102
|
+
];
|
|
97
103
|
}
|
|
98
104
|
|
|
99
105
|
if (style_src_attr && !style_src_attr.includes('unsafe-inline')) {
|
|
100
|
-
d['style-src-attr'] = [
|
|
106
|
+
d['style-src-attr'] = [
|
|
107
|
+
...style_src_attr.filter(
|
|
108
|
+
(value) => !(value.startsWith('sha256-') || value.startsWith('nonce-'))
|
|
109
|
+
),
|
|
110
|
+
'unsafe-inline'
|
|
111
|
+
];
|
|
101
112
|
}
|
|
102
113
|
|
|
103
114
|
if (style_src_elem && !style_src_elem.includes('unsafe-inline')) {
|
|
104
|
-
d['style-src-elem'] = [
|
|
115
|
+
d['style-src-elem'] = [
|
|
116
|
+
...style_src_elem.filter(
|
|
117
|
+
(value) => !(value.startsWith('sha256-') || value.startsWith('nonce-'))
|
|
118
|
+
),
|
|
119
|
+
'unsafe-inline'
|
|
120
|
+
];
|
|
105
121
|
}
|
|
106
122
|
}
|
|
107
123
|
|
|
@@ -152,6 +168,11 @@ class BaseProvider {
|
|
|
152
168
|
/** @param {string} content */
|
|
153
169
|
add_style(content) {
|
|
154
170
|
if (this.#style_needs_csp) {
|
|
171
|
+
// this is the hash for "/* empty */"
|
|
172
|
+
// adding it so that svelte does not break csp
|
|
173
|
+
// see https://github.com/sveltejs/svelte/pull/7800
|
|
174
|
+
const empty_comment_hash = '9OlNO0DNEeaVzHL4RZwCLsBHA8WBQ8toBp/4F5XV2nc=';
|
|
175
|
+
|
|
155
176
|
const d = this.#directives;
|
|
156
177
|
|
|
157
178
|
if (this.#use_hashes) {
|
|
@@ -163,6 +184,13 @@ class BaseProvider {
|
|
|
163
184
|
this.#style_src_attr.push(`sha256-${hash}`);
|
|
164
185
|
}
|
|
165
186
|
if (d['style-src-elem']?.length) {
|
|
187
|
+
if (
|
|
188
|
+
hash !== empty_comment_hash &&
|
|
189
|
+
!d['style-src-elem'].includes(`sha256-${empty_comment_hash}`)
|
|
190
|
+
) {
|
|
191
|
+
this.#style_src_elem.push(`sha256-${empty_comment_hash}`);
|
|
192
|
+
}
|
|
193
|
+
|
|
166
194
|
this.#style_src_elem.push(`sha256-${hash}`);
|
|
167
195
|
}
|
|
168
196
|
} else {
|
|
@@ -173,6 +201,10 @@ class BaseProvider {
|
|
|
173
201
|
this.#style_src_attr.push(`nonce-${this.#nonce}`);
|
|
174
202
|
}
|
|
175
203
|
if (d['style-src-elem']?.length) {
|
|
204
|
+
if (!d['style-src-elem'].includes(`sha256-${empty_comment_hash}`)) {
|
|
205
|
+
this.#style_src_elem.push(`sha256-${empty_comment_hash}`);
|
|
206
|
+
}
|
|
207
|
+
|
|
176
208
|
this.#style_src_elem.push(`nonce-${this.#nonce}`);
|
|
177
209
|
}
|
|
178
210
|
}
|
package/src/version.js
CHANGED
package/types/index.d.ts
CHANGED
|
@@ -352,6 +352,7 @@ declare module '@sveltejs/kit' {
|
|
|
352
352
|
/**
|
|
353
353
|
* A prefix that signals that an environment variable is unsafe to expose to client-side code. Environment variables matching neither the public nor the private prefix will be discarded completely. See [`$env/static/private`](/docs/modules#$env-static-private) and [`$env/dynamic/private`](/docs/modules#$env-dynamic-private).
|
|
354
354
|
* @default ""
|
|
355
|
+
* @since 1.21.0
|
|
355
356
|
*/
|
|
356
357
|
privatePrefix?: string;
|
|
357
358
|
};
|
|
@@ -435,6 +436,7 @@ declare module '@sveltejs/kit' {
|
|
|
435
436
|
* - `preload-js` - uses `<link rel="preload">`. Prevents waterfalls in Chromium and Safari, but Chromium will parse each module twice (once as a script, once as a module). Causes modules to be requested twice in Firefox. This is a good setting if you want to maximise performance for users on iOS devices at the cost of a very slight degradation for Chromium users.
|
|
436
437
|
* - `preload-mjs` - uses `<link rel="preload">` but with the `.mjs` extension which prevents double-parsing in Chromium. Some static webservers will fail to serve .mjs files with a `Content-Type: application/javascript` header, which will cause your application to break. If that doesn't apply to you, this is the option that will deliver the best performance for the largest number of users, until `modulepreload` is more widely supported.
|
|
437
438
|
* @default "modulepreload"
|
|
439
|
+
* @since 1.8.4
|
|
438
440
|
*/
|
|
439
441
|
preloadStrategy?: 'modulepreload' | 'preload-js' | 'preload-mjs';
|
|
440
442
|
};
|
|
@@ -462,6 +464,7 @@ declare module '@sveltejs/kit' {
|
|
|
462
464
|
* In 1.0, `undefined` was a valid value, which was set by default. In that case, if `paths.assets` was not external, SvelteKit would replace `%sveltekit.assets%` with a relative path and use relative paths to reference build artifacts, but `base` and `assets` imported from `$app/paths` would be as specified in your config.
|
|
463
465
|
*
|
|
464
466
|
* @default true
|
|
467
|
+
* @since 1.9.0
|
|
465
468
|
*/
|
|
466
469
|
relative?: boolean;
|
|
467
470
|
};
|
|
@@ -513,6 +516,7 @@ declare module '@sveltejs/kit' {
|
|
|
513
516
|
* ```
|
|
514
517
|
*
|
|
515
518
|
* @default "fail"
|
|
519
|
+
* @since 1.15.7
|
|
516
520
|
*/
|
|
517
521
|
handleHttpError?: PrerenderHttpErrorHandlerValue;
|
|
518
522
|
/**
|
|
@@ -524,6 +528,7 @@ declare module '@sveltejs/kit' {
|
|
|
524
528
|
* - `(details) => void` — a custom error handler that takes a `details` object with `path`, `id`, `referrers` and `message` properties. If you `throw` from this function, the build will fail
|
|
525
529
|
*
|
|
526
530
|
* @default "fail"
|
|
531
|
+
* @since 1.15.7
|
|
527
532
|
*/
|
|
528
533
|
handleMissingId?: PrerenderMissingIdHandlerValue;
|
|
529
534
|
/**
|
|
@@ -535,6 +540,7 @@ declare module '@sveltejs/kit' {
|
|
|
535
540
|
* - `(details) => void` — a custom error handler that takes a `details` object with `generatedFromId`, `entry`, `matchedId` and `message` properties. If you `throw` from this function, the build will fail
|
|
536
541
|
*
|
|
537
542
|
* @default "fail"
|
|
543
|
+
* @since 1.16.0
|
|
538
544
|
*/
|
|
539
545
|
handleEntryGeneratorMismatch?: PrerenderEntryGeneratorMismatchHandlerValue;
|
|
540
546
|
/**
|
|
@@ -560,6 +566,7 @@ declare module '@sveltejs/kit' {
|
|
|
560
566
|
* A function that allows you to edit the generated `tsconfig.json`. You can mutate the config (recommended) or return a new one.
|
|
561
567
|
* This is useful for extending a shared `tsconfig.json` in a monorepo root, for example.
|
|
562
568
|
* @default (config) => config
|
|
569
|
+
* @since 1.3.0
|
|
563
570
|
*/
|
|
564
571
|
config?: (config: Record<string, any>) => Record<string, any> | void;
|
|
565
572
|
};
|
package/types/index.d.ts.map
CHANGED
|
@@ -143,5 +143,5 @@
|
|
|
143
143
|
null,
|
|
144
144
|
null
|
|
145
145
|
],
|
|
146
|
-
"mappings": ";;;;;;;;;kBA2BiBA,OAAOA;;;;;;;;;;;;aAYZC,cAAcA;;;;;;aAMdC,cAAcA;;;;;;;;;;;;;;;kBAeTC,aAAaA;;;;;;;;;;;;;;;;kBAgBbC,OAAOA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBA4FPC,MAAMA;;;;;;;;;;;;;;;;;;;;;kBAqBNC,OAAOA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBAyDPC,SAASA
|
|
146
|
+
"mappings": ";;;;;;;;;kBA2BiBA,OAAOA;;;;;;;;;;;;aAYZC,cAAcA;;;;;;aAMdC,cAAcA;;;;;;;;;;;;;;;kBAeTC,aAAaA;;;;;;;;;;;;;;;;kBAgBbC,OAAOA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBA4FPC,MAAMA;;;;;;;;;;;;;;;;;;;;;kBAqBNC,OAAOA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBAyDPC,SAASA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;aA+YdC,MAAMA;;;;;;;;;;;aAWNC,iBAAiBA;;;;;;;;;;;;;aAajBC,iBAAiBA;;;;;;;;;;aAUjBC,WAAWA;;;;;;;;;;aAUXC,IAAIA;;;;;;;;;;;;kBAYCC,SAASA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBA4GTC,eAAeA;;;;;;;;;;;;;;;;;;;;;;;;;;kBA0BfC,gBAAgBA;;;;;;;;;;;;;;;;;;;;;;;;aAwBrBC,cAAcA;;kBAETC,UAAUA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBAoCVC,cAAcA;;;;;;;;;;kBAUdC,UAAUA;;;;;;;;;;;;;;;;;;kBAkBVC,aAAaA;;;;;;;;;;;;;;;;;;;kBAmBbC,IAAIA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;aA8CTC,YAAYA;;kBAEPC,YAAYA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;aA4FjBC,cAAcA;;;;;kBAKTC,cAAcA;;;;;;;;;;;;;;;;;;;;;;;kBAuBdC,eAAeA;;;;;;;;;;;;;;;cAenBC,MAAMA;;;;;;kBAMFC,iBAAiBA;;;;kBAIjBC,WAAWA;;;;;;;;;;;;;;;;;;;aAmBhBC,UAAUA;;;;;;;kBAOLC,eAAeA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;aAqEpBC,MAAMA;;;;;;;;;;aAUNC,OAAOA;;;;;;;;;;;;;;;;aAgBPC,YAAYA;;;;;;;;;;;;kBC1uCXC,SAASA;;;;;;;;;;kBAqBTC,QAAQA;;;;;;;aDkvCTC,cAAcA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBA6BTC,QAAQA;;;;WE9xCRC,YAAYA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAkDZC,GAAGA;;;;;;;;;;;;;;;;;;;;;;WAsBHC,aAAaA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAmElBC,UAAUA;;WAELC,MAAMA;;;;;;;;;MASXC,YAAYA;;WAEPC,WAAWA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAmCXC,yBAAyBA;;;;;;;;;;WAUzBC,yBAAyBA;;;;WAIzBC,sCAAsCA;;;;MAI3CC,8BAA8BA;MAC9BC,8BAA8BA;MAC9BC,2CAA2CA;;;;;;aAM3CC,eAAeA;;WAIVC,cAAcA;;;;;WAKdC,YAAYA;;;;;;MAMjBC,aAAaA;WCnMRC,KAAKA;;;;;;WAaLC,SAASA;;;;;;;;;;;;;;;;WAuETC,YAAYA;;;;;;;WAOZC,QAAQA;;;;;;;;;;;;;MAwBbC,iBAAiBA;;;;;;;;WAUZC,UAAUA;;;;;;;;;;;;;WAaVC,SAASA;;;;;;;;;;;;;;;;;;;;;;;WAsGTC,YAAYA;;;;;;;;;;;;;MAajBC,kBAAkBA;;WAEbC,OAAOA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAsCZC,aAAaA;;WA2BRC,eAAeA;;;;;;MAMpBC,uBAAuBA;;MAEvBC,WAAWA;;;;;;;;WAQNC,QAAQA;;;;;;;;;MAyCbC,eAAeA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBCtVXC,WAAWA;;;;;;;;;;;iBAcXC,QAAQA;;;;;iBAaRC,UAAUA;;;;;;iBASVC,IAAIA;;;;;;iBA8BJC,IAAIA;;;;;;;;;;;;aApI6CC,QAAQA;aAMVC,YAAYA;cCX9DC,OAAOA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBCiEJC,QAAQA;;;;iBC+BFC,UAAUA;;;;;;iBAeVC,WAAWA;;;;;;;;;iBChGjBC,gBAAgBA;;;;;;;iBCyHVC,SAASA;;;;;;;;cCrIlBC,OAAOA;;;;cAKPC,GAAGA;;;;;;;;;;;;;;;;;;;;;;iBCkBAC,WAAWA;;;;;;;;;;;;;;;;;;;;;iBAyCXC,OAAOA;;;;;;;iBC2uDDC,WAAWA;;;;;;;;;iBA5RjBC,aAAaA;;;;;;;;;;;;iBAiBbC,cAAcA;;;;;;;;;;iBAedC,UAAUA;;;;;iBASVC,qBAAqBA;;;;;;;;iBA2BrBC,IAAIA;;;;;;;;;;;;;;;;;;;;;;;;iBAsCJC,UAAUA;;;;iBAmBVC,aAAaA;;;;;;;;;;;;iBAqBPC,WAAWA;;;;;;;;;;;;;;;;;;iBAoCjBC,WAAWA;;;;;iBA2BXC,SAASA;;;;;iBAuCTC,YAAYA;MVjnDhBxD,YAAYA;;;;;;;;;;;;;;;;;;iBWxIRyD,YAAYA;;;;iBCZfC,SAASA;;;;;;;;;;;;;;cAwBTC,IAAIA;;;;;;;;cAeJC,UAAUA;;;;;;cAaVC,OAAOA"
|
|
147
147
|
}
|