@sveltejs/kit 2.34.0 → 2.35.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sveltejs/kit",
-  "version": "2.34.0",
+  "version": "2.35.0",
   "description": "SvelteKit is the fastest way to build Svelte apps",
   "keywords": [
     "framework",

package/src/core/postbuild/prerender.js

@@ -125,6 +125,12 @@ async function prerender({ hash, out, manifest_path, metadata, verbose, env }) {
 
 	installPolyfills();
 
+	const server = new Server(manifest);
+	await server.init({
+		env,
+		read: (file) => createReadableStream(`${config.outDir}/output/server/${file}`)
+	});
+
 	/** @type {Map<string, string>} */
 	const saved = new Map();
 
@@ -503,12 +509,6 @@ async function prerender({ hash, out, manifest_path, metadata, verbose, env }) {
 
 	log.info('Prerendering');
 
-	const server = new Server(manifest);
-	await server.init({
-		env,
-		read: (file) => createReadableStream(`${config.outDir}/output/server/${file}`)
-	});
-
 	for (const entry of config.prerender.entries) {
 		if (entry === '*') {
 			for (const [id, prerender] of prerender_map) {

package/src/runtime/server/constants.js

@@ -0,0 +1 @@
+export const NULL_BODY_STATUS = [101, 103, 204, 205, 304];

package/src/runtime/server/cookie.js

@@ -27,6 +27,21 @@ function validate_options(options) {
 	}
 }
 
+/**
+ * Generates a unique key for a cookie based on its domain, path, and name in
+ * the format: `<domain>/<path>?<name>`.
+ * If domain is undefined, it will be omitted.
+ * For example: `/?name`, `example.com/foo?name`.
+ *
+ * @param {string | undefined} domain
+ * @param {string} path
+ * @param {string} name
+ * @returns {string}
+ */
+function generate_cookie_key(domain, path, name) {
+	return `${domain || ''}${path}?${encodeURIComponent(name)}`;
+}
+
 /**
  * @param {Request} request
  * @param {URL} url
@@ -38,8 +53,8 @@ export function get_cookies(request, url) {
 	/** @type {string | undefined} */
 	let normalized_url;
 
-	/** @type {Record<string, import('./page/types.js').Cookie>} */
-	const new_cookies = {};
+	/** @type {Map<string, import('./page/types.js').Cookie>} */
+	const new_cookies = new Map();
 
 	/** @type {import('cookie').CookieSerializeOptions} */
 	const defaults = {
@@ -60,13 +75,19 @@ export function get_cookies(request, url) {
 		 * @param {import('cookie').CookieParseOptions} [opts]
 		 */
 		get(name, opts) {
-			const c = new_cookies[name];
-			if (
-				c &&
-				domain_matches(url.hostname, c.options.domain) &&
-				path_matches(url.pathname, c.options.path)
-			) {
-				return c.value;
+			// Look for the most specific matching cookie from new_cookies
+			const best_match = Array.from(new_cookies.values())
+				.filter((c) => {
+					return (
+						c.name === name &&
+						domain_matches(url.hostname, c.options.domain) &&
+						path_matches(url.pathname, c.options.path)
+					);
+				})
+				.sort((a, b) => b.options.path.length - a.options.path.length)[0];
+
+			if (best_match) {
+				return best_match.options.maxAge === 0 ? undefined : best_match.value;
 			}
 
 			const req_cookies = parse(header, { decode: opts?.decode });
@@ -98,15 +119,28 @@ export function get_cookies(request, url) {
 		getAll(opts) {
 			const cookies = parse(header, { decode: opts?.decode });
 
-			for (const c of Object.values(new_cookies)) {
+			// Group cookies by name and find the most specific one for each name
+			const lookup = new Map();
+
+			for (const c of new_cookies.values()) {
 				if (
 					domain_matches(url.hostname, c.options.domain) &&
 					path_matches(url.pathname, c.options.path)
 				) {
-					cookies[c.name] = c.value;
+					const existing = lookup.get(c.name);
+
+					// If no existing cookie or this one has a more specific (longer) path, use this one
+					if (!existing || c.options.path.length > existing.options.path.length) {
+						lookup.set(c.name, c);
+					}
 				}
 			}
 
+			// Add the most specific cookies to the result
+			for (const c of lookup.values()) {
+				cookies[c.name] = c.value;
+			}
+
 			return Object.entries(cookies).map(([name, value]) => ({ name, value }));
 		},
 
@@ -172,8 +206,7 @@ export function get_cookies(request, url) {
 		};
 
 		// cookies previous set during this event with cookies.set have higher precedence
-		for (const key in new_cookies) {
-			const cookie = new_cookies[key];
+		for (const cookie of new_cookies.values()) {
 			if (!domain_matches(destination.hostname, cookie.options.domain)) continue;
 			if (!path_matches(destination.pathname, cookie.options.path)) continue;
 
@@ -214,10 +247,13 @@ export function get_cookies(request, url) {
 			path = resolve(normalized_url, path);
 		}
 
-		new_cookies[name] = { name, value, options: { ...options, path } };
+		// Generate unique key for cookie storage
+		const cookie_key = generate_cookie_key(options.domain, path, name);
+		const cookie = { name, value, options: { ...options, path } };
+		new_cookies.set(cookie_key, cookie);
 
 		if (__SVELTEKIT_DEV__) {
-			const serialized = serialize(name, value, new_cookies[name].options);
+			const serialized = serialize(name, value, cookie.options);
 			if (text_encoder.encode(serialized).byteLength > MAX_COOKIE_SIZE) {
 				throw new Error(`Cookie "${name}" is too large, and will be discarded by the browser`);
 			}
@@ -271,7 +307,7 @@ export function path_matches(path, constraint) {
 
 /**
  * @param {Headers} headers
- * @param {import('./page/types.js').Cookie[]} cookies
+ * @param {MapIterator<import('./page/types.js').Cookie>} cookies
  */
 export function add_cookies_to_headers(headers, cookies) {
 	for (const new_cookie of cookies) {

package/src/runtime/server/index.js

@@ -3,6 +3,7 @@ import { set_private_env, set_public_env } from '../shared-server.js';
 import { options, get_hooks } from '__SERVER__/internal.js';
 import { DEV } from 'esm-env';
 import { filter_env } from '../../utils/env.js';
+import { format_server_error } from './utils.js';
 import { set_read_implementation, set_manifest } from '__sveltekit/server';
 import { set_app } from './app.js';
 
@@ -87,8 +88,14 @@ export class Server {
 					handle: module.handle || (({ event, resolve }) => resolve(event)),
 					handleError:
 						module.handleError ||
-						(({ status, error }) =>
-							console.error((status === 404 && /** @type {Error} */ (error)?.message) || error)),
+						(({ status, error, event }) => {
+							const error_message = format_server_error(
+								status,
+								/** @type {Error} */ (error),
+								event
+							);
+							console.error(error_message);
+						}),
 					handleFetch: module.handleFetch || (({ request, fetch }) => fetch(request)),
 					handleValidationError:
 						module.handleValidationError ||

package/src/runtime/server/page/load_data.js

@@ -6,6 +6,7 @@ import { with_request_store, merge_tracing } from '@sveltejs/kit/internal/server
 import { record_span } from '../../telemetry/record_span.js';
 import { clarify_devalue_error, get_node_type } from '../utils.js';
 import { base64_encode, text_decoder } from '../../utils.js';
+import { NULL_BODY_STATUS } from '../constants.js';
 
 /**
  * Calls the user's server `load` function.
@@ -345,7 +346,7 @@ export function create_universal_fetch(event, state, fetched, csr, resolve_opts)
 		const proxy = new Proxy(response, {
 			get(response, key, _receiver) {
 				/**
-				 * @param {string} body
+				 * @param {string | undefined} body
 				 * @param {boolean} is_b64
 				 */
 				async function push_fetched(body, is_b64) {
@@ -427,6 +428,11 @@ export function create_universal_fetch(event, state, fetched, csr, resolve_opts)
 				async function text() {
 					const body = await response.text();
 
+					if (body === '' && NULL_BODY_STATUS.includes(response.status)) {
+						await push_fetched(undefined, false);
+						return undefined;
+					}
+
 					if (!body || typeof body === 'string') {
 						await push_fetched(body, false);
 					}
@@ -444,7 +450,8 @@ export function create_universal_fetch(event, state, fetched, csr, resolve_opts)
 
 				if (key === 'json') {
 					return async () => {
-						return JSON.parse(await text());
+						const body = await text();
+						return body ? JSON.parse(body) : undefined;
 					};
 				}
 

package/src/runtime/server/page/render.js

@@ -72,8 +72,18 @@ export async function render_response({
 	const stylesheets = new Set(client.stylesheets);
 	const fonts = new Set(client.fonts);
 
-	/** @type {Set<string>} */
-	const link_header_preloads = new Set();
+	/**
+	 * The value of the Link header that is added to the response when not prerendering
+	 * @type {Set<string>}
+	 */
+	const link_headers = new Set();
+
+	/**
+	 * `<link>` tags that are added to prerendered responses
+	 * (note that stylesheets are always added, prerendered or not)
+	 * @type {Set<string>}
+	 */
+	const link_tags = new Set();
 
 	/** @type {Map<string, string>} */
 	// TODO if we add a client entry point one day, we will need to include inline_styles with the entry, otherwise stylesheets will be linked even if they are below inlineStyleThreshold
@@ -264,8 +274,7 @@ export async function render_response({
 			attributes.push('disabled', 'media="(max-width: 0)"');
 		} else {
 			if (resolve_opts.preload({ type: 'css', path })) {
-				const preload_atts = ['rel="preload"', 'as="style"'];
-				link_header_preloads.add(`<${encodeURI(path)}>; ${preload_atts.join(';')}; nopush`);
+				link_headers.add(`<${encodeURI(path)}>; rel="preload"; as="style"; nopush`);
 			}
 		}
 
@@ -277,15 +286,12 @@ export async function render_response({
 
 		if (resolve_opts.preload({ type: 'font', path })) {
 			const ext = dep.slice(dep.lastIndexOf('.') + 1);
-			const attributes = [
-				'rel="preload"',
-				'as="font"',
-				`type="font/${ext}"`,
-				`href="${path}"`,
-				'crossorigin'
-			];
 
-			head += `\n\t\t<link ${attributes.join(' ')}>`;
+			link_tags.add(`<link rel="preload" as="font" type="font/${ext}" href="${path}" crossorigin>`);
+
+			link_headers.add(
+				`<${encodeURI(path)}>; rel="preload"; as="font"; type="font/${ext}"; crossorigin; nopush`
+			);
 		}
 	}
 
@@ -322,15 +328,22 @@ export async function render_response({
 
 			for (const path of included_modulepreloads) {
 				// see the kit.output.preloadStrategy option for details on why we have multiple options here
-				link_header_preloads.add(`<${encodeURI(path)}>; rel="modulepreload"; nopush`);
+				link_headers.add(`<${encodeURI(path)}>; rel="modulepreload"; nopush`);
+
 				if (options.preload_strategy !== 'modulepreload') {
 					head += `\n\t\t<link rel="preload" as="script" crossorigin="anonymous" href="${path}">`;
-				} else if (state.prerendering) {
-					head += `\n\t\t<link rel="modulepreload" href="${path}">`;
+				} else {
+					link_tags.add(`<link rel="modulepreload" href="${path}">`);
 				}
 			}
 		}
 
+		if (state.prerendering && link_tags.size > 0) {
+			head += Array.from(link_tags)
+				.map((tag) => `\n\t\t${tag}`)
+				.join('');
+		}
+
 		// prerender a `/path/to/page/__route.js` module
 		if (manifest._.client.routes && state.prerendering && !state.prerendering.fallback) {
 			const pathname = add_resolution_suffix(event.url.pathname);
@@ -545,8 +558,8 @@ export async function render_response({
 			headers.set('content-security-policy-report-only', report_only_header);
 		}
 
-		if (link_header_preloads.size) {
-			headers.set('link', Array.from(link_header_preloads).join(', '));
+		if (link_headers.size) {
+			headers.set('link', Array.from(link_headers).join(', '));
 		}
 	}
 

package/src/runtime/server/page/types.d.ts

@@ -6,7 +6,7 @@ export interface Fetched {
 	method: string;
 	request_body?: string | ArrayBufferView | null;
 	request_headers?: HeadersInit | undefined;
-	response_body: string;
+	response_body: string | undefined;
 	response: Response;
 	is_b64?: boolean;
 }

package/src/runtime/server/respond.js

@@ -432,7 +432,7 @@ export async function internal_respond(request, options, manifest, state) {
 													response.headers.set(key, /** @type {string} */ (value));
 												}
 
-												add_cookies_to_headers(response.headers, Object.values(new_cookies));
+												add_cookies_to_headers(response.headers, new_cookies.values());
 
 												if (state.prerendering && event.route.id !== null) {
 													response.headers.set('x-sveltekit-routeid', encodeURI(event.route.id));
@@ -507,7 +507,7 @@ export async function internal_respond(request, options, manifest, state) {
 				: route?.page && is_action_json_request(event)
 					? action_json_redirect(e)
 					: redirect_response(e.status, e.location);
-			add_cookies_to_headers(response.headers, Object.values(new_cookies));
+			add_cookies_to_headers(response.headers, new_cookies.values());
 			return response;
 		}
 		return await handle_fatal_error(event, event_state, options, e);

package/src/runtime/server/utils.js

@@ -100,7 +100,8 @@ export async function handle_fatal_error(event, state, options, error) {
  */
 export async function handle_error_and_jsonify(event, state, options, error) {
 	if (error instanceof HttpError) {
-		return error.body;
+		// @ts-expect-error custom user errors may not have a message field if App.Error is overwritten
+		return { message: 'Unknown Error', ...error.body };
 	}
 
 	if (__SVELTEKIT_DEV__ && typeof error == 'object') {
@@ -186,6 +187,59 @@ export function has_prerendered_path(manifest, pathname) {
 	);
 }
 
+/**
+ * Formats the error into a nice message with sanitized stack trace
+ * @param {number} status
+ * @param {Error} error
+ * @param {import('@sveltejs/kit').RequestEvent} event
+ */
+export function format_server_error(status, error, event) {
+	const formatted_text = `\n\x1b[1;31m[${status}] ${event.request.method} ${event.url.pathname}\x1b[0m\n`;
+
+	if (status === 404) {
+		return formatted_text + error.message;
+	}
+
+	return formatted_text + (DEV ? clean_up_stack_trace(error) : error.stack);
+}
+
+/**
+ * In dev, tidy up stack traces by making paths relative to the current project directory
+ * @param {string} file
+ */
+let relative = (file) => file;
+
+if (DEV) {
+	try {
+		const path = await import('node:path');
+		const process = await import('node:process');
+
+		relative = (file) => path.relative(process.cwd(), file);
+	} catch {
+		// do nothing
+	}
+}
+
+/**
+ * Provides a refined stack trace by excluding lines following the last occurrence of a line containing +page. +layout. or +server.
+ * @param {Error} error
+ */
+export function clean_up_stack_trace(error) {
+	const stack_trace = (error.stack?.split('\n') ?? []).map((line) => {
+		return line.replace(/\((.+)(:\d+:\d+)\)$/, (_, file, loc) => `(${relative(file)}${loc})`);
+	});
+
+	// progressive enhancement for people who haven't configured kit.files.src to something else
+	const last_line_from_src_code = stack_trace.findLastIndex((line) => /\(src[\\/]/.test(line));
+
+	if (last_line_from_src_code === -1) {
+		// default to the whole stack trace
+		return error.stack;
+	}
+
+	return stack_trace.slice(0, last_line_from_src_code + 1).join('\n');
+}
+
 /**
  * Returns the filename without the extension. e.g., `+page.server`, `+page`, etc.
  * @param {string | undefined} node_id

package/src/version.js

@@ -1,4 +1,4 @@
 // generated during release, do not modify
 
 /** @type {string} */
-export const VERSION = '2.34.0';
+export const VERSION = '2.35.0';