@sveltejs/kit 2.7.4 → 2.7.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/package.json +1 -1
  2. package/src/exports/vite/index.js +16 -0
  3. package/src/runtime/server/cookie.js +11 -0
  4. package/src/version.js +1 -1
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sveltejs/kit",
3
- "version": "2.7.4",
3
+ "version": "2.7.5",
4
4
  "description": "SvelteKit is the fastest way to build Svelte apps",
5
5
  "keywords": [
6
6
  "framework",
package/src/exports/vite/index.js CHANGED
@@ -349,6 +349,22 @@ async function kit({ svelte_config }) {
349
349
  * Stores the final config.
350
350
  */
351
351
  configResolved(config) {
352
+ // we search for this plugin by name because we can't detect it
353
+ // since it doesn't directly modify the https config unlike the mkcert plugin
354
+ const vite_basic_ssl = config.plugins.find(({ name }) => name === 'vite:basic-ssl');
355
+
356
+ // by default, when enabling HTTPS in Vite, it also enables HTTP/2
357
+ // however, undici has not yet enabled HTTP/2 by default: https://github.com/nodejs/undici/issues/2750
358
+ // we set a no-op proxy config to force Vite to downgrade to TLS-only
359
+ // see https://vitejs.dev/config/#server-https
360
+ if ((config.server.https || vite_basic_ssl) && !config.server.proxy) {
361
+ config.server.proxy = {};
362
+ }
363
+
364
+ if ((config.preview.https || vite_basic_ssl) && !config.preview.proxy) {
365
+ config.preview.proxy = {};
366
+ }
367
+
352
368
  vite_config = config;
353
369
  }
354
370
  };
package/src/runtime/server/cookie.js CHANGED
@@ -1,6 +1,9 @@
1
1
  import { parse, serialize } from 'cookie';
2
2
  import { add_data_suffix, normalize_path, resolve } from '../../utils/url.js';
3
3
 
4
+ // eslint-disable-next-line no-control-regex -- control characters are invalid in cookie names
5
+ const INVALID_COOKIE_CHARACTER_REGEX = /[\x00-\x1F\x7F()<>@,;:"/[\]?={} \t]/;
6
+
4
7
  /**
5
8
  * Tracks all cookies set during dev mode so we can emit warnings
6
9
  * when we detect that there's likely cookie misusage due to wrong paths
@@ -113,6 +116,14 @@ export function get_cookies(request, url, trailing_slash) {
113
116
  * @param {import('./page/types.js').Cookie['options']} options
114
117
  */
115
118
  set(name, value, options) {
119
+ // TODO: remove this check in 3.0
120
+ const illegal_characters = name.match(INVALID_COOKIE_CHARACTER_REGEX);
121
+ if (illegal_characters) {
122
+ console.warn(
123
+ `The cookie name "${name}" will be invalid in SvelteKit 3.0 as it contains ${illegal_characters.join(' and ')}. See RFC 2616 for more details https://datatracker.ietf.org/doc/html/rfc2616#section-2.2`
124
+ );
125
+ }
126
+
116
127
  validate_options(options);
117
128
  set_internal(name, value, { ...defaults, ...options });
118
129
  },
package/src/version.js CHANGED
@@ -1,4 +1,4 @@
1
1
  // generated during release, do not modify
2
2
 
3
3
  /** @type {string} */
4
- export const VERSION = '2.7.4';
4
+ export const VERSION = '2.7.5';