@tanstack/start-server-core 1.167.17 → 1.167.19

package/dist/esm/request-response.d.ts

@@ -119,5 +119,6 @@ export declare function getResponse(): {
     status?: number;
     statusText?: string;
     get headers(): Headers;
+    get errHeaders(): Headers;
 };
 export declare function getValidatedQuery<TSchema extends StandardSchemaV1>(schema: StandardSchemaV1): Promise<StandardSchemaV1.InferOutput<TSchema>>;

package/dist/esm/request-response.js

@@ -33,7 +33,16 @@ function attachResponseHeaders(value, event) {
 }
 function requestHandler(handler) {
 	return (request, requestOpts) => {
-		const h3Event = new H3Event(request);
+		let h3Event;
+		try {
+			h3Event = new H3Event(request);
+		} catch (error) {
+			if (error instanceof URIError) return new Response(null, {
+				status: 400,
+				statusText: "Bad Request"
+			});
+			throw error;
+		}
 		return toResponse(attachResponseHeaders(eventStorage.run({ h3Event }, () => handler(request, requestOpts)), h3Event), h3Event);
 	};
 }
@@ -125,7 +134,10 @@ function setResponseStatus(code, text) {
 * ```
 */
 function getCookies() {
-	return parseCookies(getH3Event());
+	const cookies = parseCookies(getH3Event());
+	const definedCookies = Object.create(null);
+	for (const [name, value] of Object.entries(cookies)) if (value !== void 0) definedCookies[name] = value;
+	return definedCookies;
 }
 /**
 * Get a cookie value by name.
@@ -136,7 +148,7 @@ function getCookies() {
 * ```
 */
 function getCookie(name) {
-	return getCookies()[name] || void 0;
+	return getCookies()[name];
 }
 /**
 * Set a cookie value by name.

package/dist/esm/request-response.js.map

@@ -1 +1 @@
-{"version":3,"file":"request-response.js","names":[],"sources":["../../src/request-response.ts"],"sourcesContent":["import { AsyncLocalStorage } from 'node:async_hooks'\n\nimport {\n  H3Event,\n  clearSession as h3_clearSession,\n  deleteCookie as h3_deleteCookie,\n  getRequestHost as h3_getRequestHost,\n  getRequestIP as h3_getRequestIP,\n  getRequestProtocol as h3_getRequestProtocol,\n  getRequestURL as h3_getRequestURL,\n  getSession as h3_getSession,\n  getValidatedQuery as h3_getValidatedQuery,\n  parseCookies as h3_parseCookies,\n  sanitizeStatusCode as h3_sanitizeStatusCode,\n  sanitizeStatusMessage as h3_sanitizeStatusMessage,\n  sealSession as h3_sealSession,\n  setCookie as h3_setCookie,\n  toResponse as h3_toResponse,\n  unsealSession as h3_unsealSession,\n  updateSession as h3_updateSession,\n  useSession as h3_useSession,\n} from 'h3-v2'\nimport type {\n  RequestHeaderMap,\n  RequestHeaderName,\n  ResponseHeaderMap,\n  ResponseHeaderName,\n  TypedHeaders,\n} from 'fetchdts'\n\nimport type { CookieSerializeOptions } from 'cookie-es'\nimport type {\n  Session,\n  SessionConfig,\n  SessionData,\n  SessionManager,\n  SessionUpdate,\n} from './session'\nimport type { StandardSchemaV1 } from '@standard-schema/spec'\nimport type { RequestHandler } from './request-handler'\n\ninterface StartEvent {\n  h3Event: H3Event\n}\n\n// Use a global symbol to ensure the same AsyncLocalStorage instance is shared\n// across different bundles that may each bundle this module.\nconst GLOBAL_EVENT_STORAGE_KEY = Symbol.for('tanstack-start:event-storage')\n\nconst globalObj = globalThis as typeof globalThis & {\n  [GLOBAL_EVENT_STORAGE_KEY]?: AsyncLocalStorage<StartEvent>\n}\n\nif (!globalObj[GLOBAL_EVENT_STORAGE_KEY]) {\n  globalObj[GLOBAL_EVENT_STORAGE_KEY] = new AsyncLocalStorage<StartEvent>()\n}\n\nconst eventStorage = globalObj[GLOBAL_EVENT_STORAGE_KEY]\n\nexport type { ResponseHeaderName, RequestHeaderName }\n\ntype HeadersWithGetSetCookie = Headers & {\n  getSetCookie?: () => Array<string>\n}\n\ntype MaybePromise<T> = T | Promise<T>\n\nfunction isPromiseLike<T>(value: MaybePromise<T>): value is Promise<T> {\n  return typeof (value as Promise<T>).then === 'function'\n}\n\nfunction getSetCookieValues(headers: Headers): Array<string> {\n  const headersWithSetCookie = headers as HeadersWithGetSetCookie\n  if (typeof headersWithSetCookie.getSetCookie === 'function') {\n    return headersWithSetCookie.getSetCookie()\n  }\n  const value = headers.get('set-cookie')\n  return value ? [value] : []\n}\n\nfunction mergeEventResponseHeaders(response: Response, event: H3Event): void {\n  if (response.ok) {\n    return\n  }\n\n  const eventSetCookies = getSetCookieValues(event.res.headers)\n  if (eventSetCookies.length === 0) {\n    return\n  }\n\n  const responseSetCookies = getSetCookieValues(response.headers)\n  response.headers.delete('set-cookie')\n  for (const cookie of responseSetCookies) {\n    response.headers.append('set-cookie', cookie)\n  }\n  for (const cookie of eventSetCookies) {\n    response.headers.append('set-cookie', cookie)\n  }\n}\n\nfunction attachResponseHeaders<T>(\n  value: MaybePromise<T>,\n  event: H3Event,\n): MaybePromise<T> {\n  if (isPromiseLike(value)) {\n    return value.then((resolved) => {\n      if (resolved instanceof Response) {\n        mergeEventResponseHeaders(resolved, event)\n      }\n      return resolved\n    })\n  }\n\n  if (value instanceof Response) {\n    mergeEventResponseHeaders(value, event)\n  }\n\n  return value\n}\n\nexport function requestHandler<TRegister = unknown>(\n  handler: RequestHandler<TRegister>,\n) {\n  return (request: Request, requestOpts: any): Promise<Response> | Response => {\n    const h3Event = new H3Event(request)\n\n    const response = eventStorage.run({ h3Event }, () =>\n      handler(request, requestOpts),\n    )\n    return h3_toResponse(attachResponseHeaders(response, h3Event), h3Event)\n  }\n}\n\nfunction getH3Event() {\n  const event = eventStorage.getStore()\n  if (!event) {\n    throw new Error(\n      `No StartEvent found in AsyncLocalStorage. Make sure you are using the function within the server runtime.`,\n    )\n  }\n  return event.h3Event\n}\n\nexport function getRequest(): Request {\n  const event = getH3Event()\n  return event.req\n}\n\nexport function getRequestHeaders(): TypedHeaders<RequestHeaderMap> {\n  // TODO `as any` not needed when fetchdts is updated\n  return getH3Event().req.headers as any\n}\n\nexport function getRequestHeader(name: RequestHeaderName): string | undefined {\n  return getRequestHeaders().get(name) || undefined\n}\n\nexport function getRequestIP(opts?: {\n  /**\n   * Use the X-Forwarded-For HTTP header set by proxies.\n   *\n   * Note: Make sure that this header can be trusted (your application running behind a CDN or reverse proxy) before enabling.\n   */\n  xForwardedFor?: boolean\n}) {\n  return h3_getRequestIP(getH3Event(), opts)\n}\n\n/**\n * Get the request hostname.\n *\n * If `xForwardedHost` is `true`, it will use the `x-forwarded-host` header if it exists.\n *\n * If no host header is found, it will default to \"localhost\".\n */\nexport function getRequestHost(opts?: { xForwardedHost?: boolean }) {\n  return h3_getRequestHost(getH3Event(), opts)\n}\n\n/**\n * Get the full incoming request URL.\n *\n * If `xForwardedHost` is `true`, it will use the `x-forwarded-host` header if it exists.\n *\n * If `xForwardedProto` is `false`, it will not use the `x-forwarded-proto` header.\n */\nexport function getRequestUrl(opts?: {\n  xForwardedHost?: boolean\n  xForwardedProto?: boolean\n}) {\n  return h3_getRequestURL(getH3Event(), opts)\n}\n\n/**\n * Get the request protocol.\n *\n * If `x-forwarded-proto` header is set to \"https\", it will return \"https\". You can disable this behavior by setting `xForwardedProto` to `false`.\n *\n * If protocol cannot be determined, it will default to \"http\".\n */\nexport function getRequestProtocol(opts?: {\n  xForwardedProto?: boolean\n}): 'http' | 'https' | (string & {}) {\n  return h3_getRequestProtocol(getH3Event(), opts)\n}\n\nexport function setResponseHeaders(\n  headers: TypedHeaders<ResponseHeaderMap>,\n): void {\n  const event = getH3Event()\n  for (const [name, value] of Object.entries(headers)) {\n    event.res.headers.set(name, value)\n  }\n}\n\nexport function getResponseHeaders(): TypedHeaders<ResponseHeaderMap> {\n  const event = getH3Event()\n  return event.res.headers\n}\n\nexport function getResponseHeader(\n  name: ResponseHeaderName,\n): string | undefined {\n  const event = getH3Event()\n  return event.res.headers.get(name) || undefined\n}\n\nexport function setResponseHeader(\n  name: ResponseHeaderName,\n  value: string | Array<string>,\n): void {\n  const event = getH3Event()\n  if (Array.isArray(value)) {\n    event.res.headers.delete(name)\n    for (const valueItem of value) {\n      event.res.headers.append(name, valueItem)\n    }\n  } else {\n    event.res.headers.set(name, value)\n  }\n}\nexport function removeResponseHeader(name: ResponseHeaderName): void {\n  const event = getH3Event()\n  event.res.headers.delete(name)\n}\n\nexport function clearResponseHeaders(\n  headerNames?: Array<ResponseHeaderName>,\n): void {\n  const event = getH3Event()\n  // If headerNames is provided, clear only those headers\n  if (headerNames && headerNames.length > 0) {\n    for (const name of headerNames) {\n      event.res.headers.delete(name)\n    }\n    // Otherwise, clear all headers\n  } else {\n    for (const name of event.res.headers.keys()) {\n      event.res.headers.delete(name)\n    }\n  }\n}\n\nexport function getResponseStatus(): number {\n  return getH3Event().res.status || 200\n}\n\nexport function setResponseStatus(code?: number, text?: string): void {\n  const event = getH3Event()\n  if (code) {\n    event.res.status = h3_sanitizeStatusCode(code, event.res.status)\n  }\n  if (text) {\n    event.res.statusText = h3_sanitizeStatusMessage(text)\n  }\n}\n\n/**\n * Parse the request to get HTTP Cookie header string and return an object of all cookie name-value pairs.\n * @returns Object of cookie name-value pairs\n * ```ts\n * const cookies = getCookies()\n * ```\n */\nexport function getCookies(): Record<string, string> {\n  const event = getH3Event()\n  return h3_parseCookies(event)\n}\n\n/**\n * Get a cookie value by name.\n * @param name Name of the cookie to get\n * @returns {*} Value of the cookie (String or undefined)\n * ```ts\n * const authorization = getCookie('Authorization')\n * ```\n */\nexport function getCookie(name: string): string | undefined {\n  return getCookies()[name] || undefined\n}\n\n/**\n * Set a cookie value by name.\n * @param name Name of the cookie to set\n * @param value Value of the cookie to set\n * @param options {CookieSerializeOptions} Options for serializing the cookie\n * ```ts\n * setCookie('Authorization', '1234567')\n * ```\n */\nexport function setCookie(\n  name: string,\n  value: string,\n  options?: CookieSerializeOptions,\n): void {\n  const event = getH3Event()\n  h3_setCookie(event, name, value, options)\n}\n\n/**\n * Remove a cookie by name.\n * @param name Name of the cookie to delete\n * @param serializeOptions {CookieSerializeOptions} Cookie options\n * ```ts\n * deleteCookie('SessionId')\n * ```\n */\nexport function deleteCookie(\n  name: string,\n  options?: CookieSerializeOptions,\n): void {\n  const event = getH3Event()\n  h3_deleteCookie(event, name, options)\n}\n\nfunction getDefaultSessionConfig(config: SessionConfig): SessionConfig {\n  return {\n    name: 'start',\n    ...config,\n  }\n}\n\n/**\n * Create a session manager for the current request.\n */\nexport function useSession<TSessionData extends SessionData = SessionData>(\n  config: SessionConfig,\n): Promise<SessionManager<TSessionData>> {\n  const event = getH3Event()\n  return h3_useSession(event, getDefaultSessionConfig(config))\n}\n/**\n * Get the session for the current request\n */\nexport function getSession<TSessionData extends SessionData = SessionData>(\n  config: SessionConfig,\n): Promise<Session<TSessionData>> {\n  const event = getH3Event()\n  return h3_getSession(event, getDefaultSessionConfig(config))\n}\n\n/**\n * Update the session data for the current request.\n */\nexport function updateSession<TSessionData extends SessionData = SessionData>(\n  config: SessionConfig,\n  update?: SessionUpdate<TSessionData>,\n): Promise<Session<TSessionData>> {\n  const event = getH3Event()\n  return h3_updateSession(event, getDefaultSessionConfig(config), update)\n}\n\n/**\n * Encrypt and sign the session data for the current request.\n */\nexport function sealSession(config: SessionConfig): Promise<string> {\n  const event = getH3Event()\n  return h3_sealSession(event, getDefaultSessionConfig(config))\n}\n/**\n * Decrypt and verify the session data for the current request.\n */\nexport function unsealSession(\n  config: SessionConfig,\n  sealed: string,\n): Promise<Partial<Session>> {\n  const event = getH3Event()\n  return h3_unsealSession(event, getDefaultSessionConfig(config), sealed)\n}\n\n/**\n * Clear the session data for the current request.\n */\nexport function clearSession(config: Partial<SessionConfig>): Promise<void> {\n  const event = getH3Event()\n  return h3_clearSession(event, { name: 'start', ...config })\n}\n\nexport function getResponse() {\n  const event = getH3Event()\n  return event.res\n}\n\n// not public API (yet)\nexport function getValidatedQuery<TSchema extends StandardSchemaV1>(\n  schema: StandardSchemaV1,\n): Promise<StandardSchemaV1.InferOutput<TSchema>> {\n  return h3_getValidatedQuery(getH3Event(), schema)\n}\n"],"mappings":";;;AA+CA,IAAM,2BAA2B,OAAO,IAAI,+BAA+B;AAE3E,IAAM,YAAY;AAIlB,IAAI,CAAC,UAAU,0BACb,WAAU,4BAA4B,IAAI,mBAA+B;AAG3E,IAAM,eAAe,UAAU;AAU/B,SAAS,cAAiB,OAA6C;AACrE,QAAO,OAAQ,MAAqB,SAAS;;AAG/C,SAAS,mBAAmB,SAAiC;CAC3D,MAAM,uBAAuB;AAC7B,KAAI,OAAO,qBAAqB,iBAAiB,WAC/C,QAAO,qBAAqB,cAAc;CAE5C,MAAM,QAAQ,QAAQ,IAAI,aAAa;AACvC,QAAO,QAAQ,CAAC,MAAM,GAAG,EAAE;;AAG7B,SAAS,0BAA0B,UAAoB,OAAsB;AAC3E,KAAI,SAAS,GACX;CAGF,MAAM,kBAAkB,mBAAmB,MAAM,IAAI,QAAQ;AAC7D,KAAI,gBAAgB,WAAW,EAC7B;CAGF,MAAM,qBAAqB,mBAAmB,SAAS,QAAQ;AAC/D,UAAS,QAAQ,OAAO,aAAa;AACrC,MAAK,MAAM,UAAU,mBACnB,UAAS,QAAQ,OAAO,cAAc,OAAO;AAE/C,MAAK,MAAM,UAAU,gBACnB,UAAS,QAAQ,OAAO,cAAc,OAAO;;AAIjD,SAAS,sBACP,OACA,OACiB;AACjB,KAAI,cAAc,MAAM,CACtB,QAAO,MAAM,MAAM,aAAa;AAC9B,MAAI,oBAAoB,SACtB,2BAA0B,UAAU,MAAM;AAE5C,SAAO;GACP;AAGJ,KAAI,iBAAiB,SACnB,2BAA0B,OAAO,MAAM;AAGzC,QAAO;;AAGT,SAAgB,eACd,SACA;AACA,SAAQ,SAAkB,gBAAmD;EAC3E,MAAM,UAAU,IAAI,QAAQ,QAAQ;AAKpC,SAAO,WAAc,sBAHJ,aAAa,IAAI,EAAE,SAAS,QAC3C,QAAQ,SAAS,YAAY,CAC9B,EACoD,QAAQ,EAAE,QAAQ;;;AAI3E,SAAS,aAAa;CACpB,MAAM,QAAQ,aAAa,UAAU;AACrC,KAAI,CAAC,MACH,OAAM,IAAI,MACR,4GACD;AAEH,QAAO,MAAM;;AAGf,SAAgB,aAAsB;AAEpC,QADc,YAAY,CACb;;AAGf,SAAgB,oBAAoD;AAElE,QAAO,YAAY,CAAC,IAAI;;AAG1B,SAAgB,iBAAiB,MAA6C;AAC5E,QAAO,mBAAmB,CAAC,IAAI,KAAK,IAAI,KAAA;;AAG1C,SAAgB,eAAa,MAO1B;AACD,QAAO,aAAgB,YAAY,EAAE,KAAK;;;;;;;;;AAU5C,SAAgB,iBAAe,MAAqC;AAClE,QAAO,eAAkB,YAAY,EAAE,KAAK;;;;;;;;;AAU9C,SAAgB,cAAc,MAG3B;AACD,QAAO,cAAiB,YAAY,EAAE,KAAK;;;;;;;;;AAU7C,SAAgB,qBAAmB,MAEE;AACnC,QAAO,mBAAsB,YAAY,EAAE,KAAK;;AAGlD,SAAgB,mBACd,SACM;CACN,MAAM,QAAQ,YAAY;AAC1B,MAAK,MAAM,CAAC,MAAM,UAAU,OAAO,QAAQ,QAAQ,CACjD,OAAM,IAAI,QAAQ,IAAI,MAAM,MAAM;;AAItC,SAAgB,qBAAsD;AAEpE,QADc,YAAY,CACb,IAAI;;AAGnB,SAAgB,kBACd,MACoB;AAEpB,QADc,YAAY,CACb,IAAI,QAAQ,IAAI,KAAK,IAAI,KAAA;;AAGxC,SAAgB,kBACd,MACA,OACM;CACN,MAAM,QAAQ,YAAY;AAC1B,KAAI,MAAM,QAAQ,MAAM,EAAE;AACxB,QAAM,IAAI,QAAQ,OAAO,KAAK;AAC9B,OAAK,MAAM,aAAa,MACtB,OAAM,IAAI,QAAQ,OAAO,MAAM,UAAU;OAG3C,OAAM,IAAI,QAAQ,IAAI,MAAM,MAAM;;AAGtC,SAAgB,qBAAqB,MAAgC;AACrD,aAAY,CACpB,IAAI,QAAQ,OAAO,KAAK;;AAGhC,SAAgB,qBACd,aACM;CACN,MAAM,QAAQ,YAAY;AAE1B,KAAI,eAAe,YAAY,SAAS,EACtC,MAAK,MAAM,QAAQ,YACjB,OAAM,IAAI,QAAQ,OAAO,KAAK;KAIhC,MAAK,MAAM,QAAQ,MAAM,IAAI,QAAQ,MAAM,CACzC,OAAM,IAAI,QAAQ,OAAO,KAAK;;AAKpC,SAAgB,oBAA4B;AAC1C,QAAO,YAAY,CAAC,IAAI,UAAU;;AAGpC,SAAgB,kBAAkB,MAAe,MAAqB;CACpE,MAAM,QAAQ,YAAY;AAC1B,KAAI,KACF,OAAM,IAAI,SAAS,mBAAsB,MAAM,MAAM,IAAI,OAAO;AAElE,KAAI,KACF,OAAM,IAAI,aAAa,sBAAyB,KAAK;;;;;;;;;AAWzD,SAAgB,aAAqC;AAEnD,QAAO,aADO,YAAY,CACG;;;;;;;;;;AAW/B,SAAgB,UAAU,MAAkC;AAC1D,QAAO,YAAY,CAAC,SAAS,KAAA;;;;;;;;;;;AAY/B,SAAgB,YACd,MACA,OACA,SACM;AAEN,WADc,YAAY,EACN,MAAM,OAAO,QAAQ;;;;;;;;;;AAW3C,SAAgB,eACd,MACA,SACM;AAEN,cADc,YAAY,EACH,MAAM,QAAQ;;AAGvC,SAAS,wBAAwB,QAAsC;AACrE,QAAO;EACL,MAAM;EACN,GAAG;EACJ;;;;;AAMH,SAAgB,aACd,QACuC;AAEvC,QAAO,WADO,YAAY,EACE,wBAAwB,OAAO,CAAC;;;;;AAK9D,SAAgB,aACd,QACgC;AAEhC,QAAO,WADO,YAAY,EACE,wBAAwB,OAAO,CAAC;;;;;AAM9D,SAAgB,gBACd,QACA,QACgC;AAEhC,QAAO,cADO,YAAY,EACK,wBAAwB,OAAO,EAAE,OAAO;;;;;AAMzE,SAAgB,cAAY,QAAwC;AAElE,QAAO,YADO,YAAY,EACG,wBAAwB,OAAO,CAAC;;;;;AAK/D,SAAgB,gBACd,QACA,QAC2B;AAE3B,QAAO,cADO,YAAY,EACK,wBAAwB,OAAO,EAAE,OAAO;;;;;AAMzE,SAAgB,eAAa,QAA+C;AAE1E,QAAO,aADO,YAAY,EACI;EAAE,MAAM;EAAS,GAAG;EAAQ,CAAC;;AAG7D,SAAgB,cAAc;AAE5B,QADc,YAAY,CACb;;AAIf,SAAgB,oBACd,QACgD;AAChD,QAAO,kBAAqB,YAAY,EAAE,OAAO"}
+{"version":3,"file":"request-response.js","names":[],"sources":["../../src/request-response.ts"],"sourcesContent":["import { AsyncLocalStorage } from 'node:async_hooks'\n\nimport {\n  H3Event,\n  clearSession as h3_clearSession,\n  deleteCookie as h3_deleteCookie,\n  getRequestHost as h3_getRequestHost,\n  getRequestIP as h3_getRequestIP,\n  getRequestProtocol as h3_getRequestProtocol,\n  getRequestURL as h3_getRequestURL,\n  getSession as h3_getSession,\n  getValidatedQuery as h3_getValidatedQuery,\n  parseCookies as h3_parseCookies,\n  sanitizeStatusCode as h3_sanitizeStatusCode,\n  sanitizeStatusMessage as h3_sanitizeStatusMessage,\n  sealSession as h3_sealSession,\n  setCookie as h3_setCookie,\n  toResponse as h3_toResponse,\n  unsealSession as h3_unsealSession,\n  updateSession as h3_updateSession,\n  useSession as h3_useSession,\n} from 'h3-v2'\nimport type {\n  RequestHeaderMap,\n  RequestHeaderName,\n  ResponseHeaderMap,\n  ResponseHeaderName,\n  TypedHeaders,\n} from 'fetchdts'\n\nimport type { CookieSerializeOptions } from 'cookie-es'\nimport type {\n  Session,\n  SessionConfig,\n  SessionData,\n  SessionManager,\n  SessionUpdate,\n} from './session'\nimport type { StandardSchemaV1 } from '@standard-schema/spec'\nimport type { RequestHandler } from './request-handler'\n\ninterface StartEvent {\n  h3Event: H3Event\n}\n\n// Use a global symbol to ensure the same AsyncLocalStorage instance is shared\n// across different bundles that may each bundle this module.\nconst GLOBAL_EVENT_STORAGE_KEY = Symbol.for('tanstack-start:event-storage')\n\nconst globalObj = globalThis as typeof globalThis & {\n  [GLOBAL_EVENT_STORAGE_KEY]?: AsyncLocalStorage<StartEvent>\n}\n\nif (!globalObj[GLOBAL_EVENT_STORAGE_KEY]) {\n  globalObj[GLOBAL_EVENT_STORAGE_KEY] = new AsyncLocalStorage<StartEvent>()\n}\n\nconst eventStorage = globalObj[GLOBAL_EVENT_STORAGE_KEY]\n\nexport type { ResponseHeaderName, RequestHeaderName }\n\ntype HeadersWithGetSetCookie = Headers & {\n  getSetCookie?: () => Array<string>\n}\n\ntype MaybePromise<T> = T | Promise<T>\n\nfunction isPromiseLike<T>(value: MaybePromise<T>): value is Promise<T> {\n  return typeof (value as Promise<T>).then === 'function'\n}\n\nfunction getSetCookieValues(headers: Headers): Array<string> {\n  const headersWithSetCookie = headers as HeadersWithGetSetCookie\n  if (typeof headersWithSetCookie.getSetCookie === 'function') {\n    return headersWithSetCookie.getSetCookie()\n  }\n  const value = headers.get('set-cookie')\n  return value ? [value] : []\n}\n\nfunction mergeEventResponseHeaders(response: Response, event: H3Event): void {\n  if (response.ok) {\n    return\n  }\n\n  const eventSetCookies = getSetCookieValues(event.res.headers)\n  if (eventSetCookies.length === 0) {\n    return\n  }\n\n  const responseSetCookies = getSetCookieValues(response.headers)\n  response.headers.delete('set-cookie')\n  for (const cookie of responseSetCookies) {\n    response.headers.append('set-cookie', cookie)\n  }\n  for (const cookie of eventSetCookies) {\n    response.headers.append('set-cookie', cookie)\n  }\n}\n\nfunction attachResponseHeaders<T>(\n  value: MaybePromise<T>,\n  event: H3Event,\n): MaybePromise<T> {\n  if (isPromiseLike(value)) {\n    return value.then((resolved) => {\n      if (resolved instanceof Response) {\n        mergeEventResponseHeaders(resolved, event)\n      }\n      return resolved\n    })\n  }\n\n  if (value instanceof Response) {\n    mergeEventResponseHeaders(value, event)\n  }\n\n  return value\n}\n\nexport function requestHandler<TRegister = unknown>(\n  handler: RequestHandler<TRegister>,\n) {\n  return (request: Request, requestOpts: any): Promise<Response> | Response => {\n    let h3Event: H3Event\n    try {\n      h3Event = new H3Event(request)\n    } catch (error) {\n      if (error instanceof URIError) {\n        return new Response(null, {\n          status: 400,\n          statusText: 'Bad Request',\n        })\n      }\n      throw error\n    }\n\n    const response = eventStorage.run({ h3Event }, () =>\n      handler(request, requestOpts),\n    )\n    return h3_toResponse(attachResponseHeaders(response, h3Event), h3Event)\n  }\n}\n\nfunction getH3Event() {\n  const event = eventStorage.getStore()\n  if (!event) {\n    throw new Error(\n      `No StartEvent found in AsyncLocalStorage. Make sure you are using the function within the server runtime.`,\n    )\n  }\n  return event.h3Event\n}\n\nexport function getRequest(): Request {\n  const event = getH3Event()\n  return event.req\n}\n\nexport function getRequestHeaders(): TypedHeaders<RequestHeaderMap> {\n  return getH3Event().req.headers\n}\n\nexport function getRequestHeader(name: RequestHeaderName): string | undefined {\n  return getRequestHeaders().get(name) || undefined\n}\n\nexport function getRequestIP(opts?: {\n  /**\n   * Use the X-Forwarded-For HTTP header set by proxies.\n   *\n   * Note: Make sure that this header can be trusted (your application running behind a CDN or reverse proxy) before enabling.\n   */\n  xForwardedFor?: boolean\n}) {\n  return h3_getRequestIP(getH3Event(), opts)\n}\n\n/**\n * Get the request hostname.\n *\n * If `xForwardedHost` is `true`, it will use the `x-forwarded-host` header if it exists.\n *\n * If no host header is found, it will default to \"localhost\".\n */\nexport function getRequestHost(opts?: { xForwardedHost?: boolean }) {\n  return h3_getRequestHost(getH3Event(), opts)\n}\n\n/**\n * Get the full incoming request URL.\n *\n * If `xForwardedHost` is `true`, it will use the `x-forwarded-host` header if it exists.\n *\n * If `xForwardedProto` is `false`, it will not use the `x-forwarded-proto` header.\n */\nexport function getRequestUrl(opts?: {\n  xForwardedHost?: boolean\n  xForwardedProto?: boolean\n}) {\n  return h3_getRequestURL(getH3Event(), opts)\n}\n\n/**\n * Get the request protocol.\n *\n * If `x-forwarded-proto` header is set to \"https\", it will return \"https\". You can disable this behavior by setting `xForwardedProto` to `false`.\n *\n * If protocol cannot be determined, it will default to \"http\".\n */\nexport function getRequestProtocol(opts?: {\n  xForwardedProto?: boolean\n}): 'http' | 'https' | (string & {}) {\n  return h3_getRequestProtocol(getH3Event(), opts)\n}\n\nexport function setResponseHeaders(\n  headers: TypedHeaders<ResponseHeaderMap>,\n): void {\n  const event = getH3Event()\n  for (const [name, value] of Object.entries(headers)) {\n    event.res.headers.set(name, value)\n  }\n}\n\nexport function getResponseHeaders(): TypedHeaders<ResponseHeaderMap> {\n  const event = getH3Event()\n  return event.res.headers\n}\n\nexport function getResponseHeader(\n  name: ResponseHeaderName,\n): string | undefined {\n  const event = getH3Event()\n  return event.res.headers.get(name) || undefined\n}\n\nexport function setResponseHeader(\n  name: ResponseHeaderName,\n  value: string | Array<string>,\n): void {\n  const event = getH3Event()\n  if (Array.isArray(value)) {\n    event.res.headers.delete(name)\n    for (const valueItem of value) {\n      event.res.headers.append(name, valueItem)\n    }\n  } else {\n    event.res.headers.set(name, value)\n  }\n}\nexport function removeResponseHeader(name: ResponseHeaderName): void {\n  const event = getH3Event()\n  event.res.headers.delete(name)\n}\n\nexport function clearResponseHeaders(\n  headerNames?: Array<ResponseHeaderName>,\n): void {\n  const event = getH3Event()\n  // If headerNames is provided, clear only those headers\n  if (headerNames && headerNames.length > 0) {\n    for (const name of headerNames) {\n      event.res.headers.delete(name)\n    }\n    // Otherwise, clear all headers\n  } else {\n    for (const name of event.res.headers.keys()) {\n      event.res.headers.delete(name)\n    }\n  }\n}\n\nexport function getResponseStatus(): number {\n  return getH3Event().res.status || 200\n}\n\nexport function setResponseStatus(code?: number, text?: string): void {\n  const event = getH3Event()\n  if (code) {\n    event.res.status = h3_sanitizeStatusCode(code, event.res.status)\n  }\n  if (text) {\n    event.res.statusText = h3_sanitizeStatusMessage(text)\n  }\n}\n\n/**\n * Parse the request to get HTTP Cookie header string and return an object of all cookie name-value pairs.\n * @returns Object of cookie name-value pairs\n * ```ts\n * const cookies = getCookies()\n * ```\n */\nexport function getCookies(): Record<string, string> {\n  const event = getH3Event()\n  const cookies = h3_parseCookies(event)\n  const definedCookies: Record<string, string> = Object.create(null)\n\n  for (const [name, value] of Object.entries(cookies)) {\n    if (value !== undefined) {\n      definedCookies[name] = value\n    }\n  }\n\n  return definedCookies\n}\n\n/**\n * Get a cookie value by name.\n * @param name Name of the cookie to get\n * @returns {*} Value of the cookie (String or undefined)\n * ```ts\n * const authorization = getCookie('Authorization')\n * ```\n */\nexport function getCookie(name: string): string | undefined {\n  return getCookies()[name]\n}\n\n/**\n * Set a cookie value by name.\n * @param name Name of the cookie to set\n * @param value Value of the cookie to set\n * @param options {CookieSerializeOptions} Options for serializing the cookie\n * ```ts\n * setCookie('Authorization', '1234567')\n * ```\n */\nexport function setCookie(\n  name: string,\n  value: string,\n  options?: CookieSerializeOptions,\n): void {\n  const event = getH3Event()\n  h3_setCookie(event, name, value, options)\n}\n\n/**\n * Remove a cookie by name.\n * @param name Name of the cookie to delete\n * @param serializeOptions {CookieSerializeOptions} Cookie options\n * ```ts\n * deleteCookie('SessionId')\n * ```\n */\nexport function deleteCookie(\n  name: string,\n  options?: CookieSerializeOptions,\n): void {\n  const event = getH3Event()\n  h3_deleteCookie(event, name, options)\n}\n\nfunction getDefaultSessionConfig(config: SessionConfig): SessionConfig {\n  return {\n    name: 'start',\n    ...config,\n  }\n}\n\n/**\n * Create a session manager for the current request.\n */\nexport function useSession<TSessionData extends SessionData = SessionData>(\n  config: SessionConfig,\n): Promise<SessionManager<TSessionData>> {\n  const event = getH3Event()\n  return h3_useSession(event, getDefaultSessionConfig(config))\n}\n/**\n * Get the session for the current request\n */\nexport function getSession<TSessionData extends SessionData = SessionData>(\n  config: SessionConfig,\n): Promise<Session<TSessionData>> {\n  const event = getH3Event()\n  return h3_getSession(event, getDefaultSessionConfig(config))\n}\n\n/**\n * Update the session data for the current request.\n */\nexport function updateSession<TSessionData extends SessionData = SessionData>(\n  config: SessionConfig,\n  update?: SessionUpdate<TSessionData>,\n): Promise<Session<TSessionData>> {\n  const event = getH3Event()\n  return h3_updateSession(event, getDefaultSessionConfig(config), update)\n}\n\n/**\n * Encrypt and sign the session data for the current request.\n */\nexport function sealSession(config: SessionConfig): Promise<string> {\n  const event = getH3Event()\n  return h3_sealSession(event, getDefaultSessionConfig(config))\n}\n/**\n * Decrypt and verify the session data for the current request.\n */\nexport function unsealSession(\n  config: SessionConfig,\n  sealed: string,\n): Promise<Partial<Session>> {\n  const event = getH3Event()\n  return h3_unsealSession(event, getDefaultSessionConfig(config), sealed)\n}\n\n/**\n * Clear the session data for the current request.\n */\nexport function clearSession(config: Partial<SessionConfig>): Promise<void> {\n  const event = getH3Event()\n  return h3_clearSession(event, { name: 'start', ...config })\n}\n\nexport function getResponse() {\n  const event = getH3Event()\n  return event.res\n}\n\n// not public API (yet)\nexport function getValidatedQuery<TSchema extends StandardSchemaV1>(\n  schema: StandardSchemaV1,\n): Promise<StandardSchemaV1.InferOutput<TSchema>> {\n  return h3_getValidatedQuery(getH3Event(), schema)\n}\n"],"mappings":";;;AA+CA,IAAM,2BAA2B,OAAO,IAAI,+BAA+B;AAE3E,IAAM,YAAY;AAIlB,IAAI,CAAC,UAAU,0BACb,WAAU,4BAA4B,IAAI,mBAA+B;AAG3E,IAAM,eAAe,UAAU;AAU/B,SAAS,cAAiB,OAA6C;AACrE,QAAO,OAAQ,MAAqB,SAAS;;AAG/C,SAAS,mBAAmB,SAAiC;CAC3D,MAAM,uBAAuB;AAC7B,KAAI,OAAO,qBAAqB,iBAAiB,WAC/C,QAAO,qBAAqB,cAAc;CAE5C,MAAM,QAAQ,QAAQ,IAAI,aAAa;AACvC,QAAO,QAAQ,CAAC,MAAM,GAAG,EAAE;;AAG7B,SAAS,0BAA0B,UAAoB,OAAsB;AAC3E,KAAI,SAAS,GACX;CAGF,MAAM,kBAAkB,mBAAmB,MAAM,IAAI,QAAQ;AAC7D,KAAI,gBAAgB,WAAW,EAC7B;CAGF,MAAM,qBAAqB,mBAAmB,SAAS,QAAQ;AAC/D,UAAS,QAAQ,OAAO,aAAa;AACrC,MAAK,MAAM,UAAU,mBACnB,UAAS,QAAQ,OAAO,cAAc,OAAO;AAE/C,MAAK,MAAM,UAAU,gBACnB,UAAS,QAAQ,OAAO,cAAc,OAAO;;AAIjD,SAAS,sBACP,OACA,OACiB;AACjB,KAAI,cAAc,MAAM,CACtB,QAAO,MAAM,MAAM,aAAa;AAC9B,MAAI,oBAAoB,SACtB,2BAA0B,UAAU,MAAM;AAE5C,SAAO;GACP;AAGJ,KAAI,iBAAiB,SACnB,2BAA0B,OAAO,MAAM;AAGzC,QAAO;;AAGT,SAAgB,eACd,SACA;AACA,SAAQ,SAAkB,gBAAmD;EAC3E,IAAI;AACJ,MAAI;AACF,aAAU,IAAI,QAAQ,QAAQ;WACvB,OAAO;AACd,OAAI,iBAAiB,SACnB,QAAO,IAAI,SAAS,MAAM;IACxB,QAAQ;IACR,YAAY;IACb,CAAC;AAEJ,SAAM;;AAMR,SAAO,WAAc,sBAHJ,aAAa,IAAI,EAAE,SAAS,QAC3C,QAAQ,SAAS,YAAY,CAC9B,EACoD,QAAQ,EAAE,QAAQ;;;AAI3E,SAAS,aAAa;CACpB,MAAM,QAAQ,aAAa,UAAU;AACrC,KAAI,CAAC,MACH,OAAM,IAAI,MACR,4GACD;AAEH,QAAO,MAAM;;AAGf,SAAgB,aAAsB;AAEpC,QADc,YAAY,CACb;;AAGf,SAAgB,oBAAoD;AAClE,QAAO,YAAY,CAAC,IAAI;;AAG1B,SAAgB,iBAAiB,MAA6C;AAC5E,QAAO,mBAAmB,CAAC,IAAI,KAAK,IAAI,KAAA;;AAG1C,SAAgB,eAAa,MAO1B;AACD,QAAO,aAAgB,YAAY,EAAE,KAAK;;;;;;;;;AAU5C,SAAgB,iBAAe,MAAqC;AAClE,QAAO,eAAkB,YAAY,EAAE,KAAK;;;;;;;;;AAU9C,SAAgB,cAAc,MAG3B;AACD,QAAO,cAAiB,YAAY,EAAE,KAAK;;;;;;;;;AAU7C,SAAgB,qBAAmB,MAEE;AACnC,QAAO,mBAAsB,YAAY,EAAE,KAAK;;AAGlD,SAAgB,mBACd,SACM;CACN,MAAM,QAAQ,YAAY;AAC1B,MAAK,MAAM,CAAC,MAAM,UAAU,OAAO,QAAQ,QAAQ,CACjD,OAAM,IAAI,QAAQ,IAAI,MAAM,MAAM;;AAItC,SAAgB,qBAAsD;AAEpE,QADc,YAAY,CACb,IAAI;;AAGnB,SAAgB,kBACd,MACoB;AAEpB,QADc,YAAY,CACb,IAAI,QAAQ,IAAI,KAAK,IAAI,KAAA;;AAGxC,SAAgB,kBACd,MACA,OACM;CACN,MAAM,QAAQ,YAAY;AAC1B,KAAI,MAAM,QAAQ,MAAM,EAAE;AACxB,QAAM,IAAI,QAAQ,OAAO,KAAK;AAC9B,OAAK,MAAM,aAAa,MACtB,OAAM,IAAI,QAAQ,OAAO,MAAM,UAAU;OAG3C,OAAM,IAAI,QAAQ,IAAI,MAAM,MAAM;;AAGtC,SAAgB,qBAAqB,MAAgC;AACrD,aAAY,CACpB,IAAI,QAAQ,OAAO,KAAK;;AAGhC,SAAgB,qBACd,aACM;CACN,MAAM,QAAQ,YAAY;AAE1B,KAAI,eAAe,YAAY,SAAS,EACtC,MAAK,MAAM,QAAQ,YACjB,OAAM,IAAI,QAAQ,OAAO,KAAK;KAIhC,MAAK,MAAM,QAAQ,MAAM,IAAI,QAAQ,MAAM,CACzC,OAAM,IAAI,QAAQ,OAAO,KAAK;;AAKpC,SAAgB,oBAA4B;AAC1C,QAAO,YAAY,CAAC,IAAI,UAAU;;AAGpC,SAAgB,kBAAkB,MAAe,MAAqB;CACpE,MAAM,QAAQ,YAAY;AAC1B,KAAI,KACF,OAAM,IAAI,SAAS,mBAAsB,MAAM,MAAM,IAAI,OAAO;AAElE,KAAI,KACF,OAAM,IAAI,aAAa,sBAAyB,KAAK;;;;;;;;;AAWzD,SAAgB,aAAqC;CAEnD,MAAM,UAAU,aADF,YAAY,CACY;CACtC,MAAM,iBAAyC,OAAO,OAAO,KAAK;AAElE,MAAK,MAAM,CAAC,MAAM,UAAU,OAAO,QAAQ,QAAQ,CACjD,KAAI,UAAU,KAAA,EACZ,gBAAe,QAAQ;AAI3B,QAAO;;;;;;;;;;AAWT,SAAgB,UAAU,MAAkC;AAC1D,QAAO,YAAY,CAAC;;;;;;;;;;;AAYtB,SAAgB,YACd,MACA,OACA,SACM;AAEN,WADc,YAAY,EACN,MAAM,OAAO,QAAQ;;;;;;;;;;AAW3C,SAAgB,eACd,MACA,SACM;AAEN,cADc,YAAY,EACH,MAAM,QAAQ;;AAGvC,SAAS,wBAAwB,QAAsC;AACrE,QAAO;EACL,MAAM;EACN,GAAG;EACJ;;;;;AAMH,SAAgB,aACd,QACuC;AAEvC,QAAO,WADO,YAAY,EACE,wBAAwB,OAAO,CAAC;;;;;AAK9D,SAAgB,aACd,QACgC;AAEhC,QAAO,WADO,YAAY,EACE,wBAAwB,OAAO,CAAC;;;;;AAM9D,SAAgB,gBACd,QACA,QACgC;AAEhC,QAAO,cADO,YAAY,EACK,wBAAwB,OAAO,EAAE,OAAO;;;;;AAMzE,SAAgB,cAAY,QAAwC;AAElE,QAAO,YADO,YAAY,EACG,wBAAwB,OAAO,CAAC;;;;;AAK/D,SAAgB,gBACd,QACA,QAC2B;AAE3B,QAAO,cADO,YAAY,EACK,wBAAwB,OAAO,EAAE,OAAO;;;;;AAMzE,SAAgB,eAAa,QAA+C;AAE1E,QAAO,aADO,YAAY,EACI;EAAE,MAAM;EAAS,GAAG;EAAQ,CAAC;;AAG7D,SAAgB,cAAc;AAE5B,QADc,YAAY,CACb;;AAIf,SAAgB,oBACd,QACgD;AAChD,QAAO,kBAAqB,YAAY,EAAE,OAAO"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tanstack/start-server-core",
-  "version": "1.167.17",
+  "version": "1.167.19",
   "description": "Modern and scalable routing for React applications",
   "author": "Tanner Linsley",
   "license": "MIT",
@@ -63,17 +63,17 @@
     "node": ">=22.12.0"
   },
   "dependencies": {
-    "h3-v2": "npm:h3@2.0.1-rc.16",
+    "h3-v2": "npm:h3@2.0.1-rc.20",
     "seroval": "^1.5.0",
     "@tanstack/history": "1.161.6",
-    "@tanstack/router-core": "1.168.13",
-    "@tanstack/start-client-core": "1.167.15",
-    "@tanstack/start-storage-context": "1.166.27"
+    "@tanstack/router-core": "1.168.15",
+    "@tanstack/start-client-core": "1.167.17",
+    "@tanstack/start-storage-context": "1.166.29"
   },
   "devDependencies": {
     "@standard-schema/spec": "^1.0.0",
     "@tanstack/intent": "^0.0.14",
-    "cookie-es": "^2.0.0",
+    "cookie-es": "^3.0.0",
     "fetchdts": "^0.1.6",
     "vite": "*",
     "@types/node": ">=20"

package/src/request-response.ts

@@ -122,7 +122,18 @@ export function requestHandler<TRegister = unknown>(
   handler: RequestHandler<TRegister>,
 ) {
   return (request: Request, requestOpts: any): Promise<Response> | Response => {
-    const h3Event = new H3Event(request)
+    let h3Event: H3Event
+    try {
+      h3Event = new H3Event(request)
+    } catch (error) {
+      if (error instanceof URIError) {
+        return new Response(null, {
+          status: 400,
+          statusText: 'Bad Request',
+        })
+      }
+      throw error
+    }
 
     const response = eventStorage.run({ h3Event }, () =>
       handler(request, requestOpts),
@@ -147,8 +158,7 @@ export function getRequest(): Request {
 }
 
 export function getRequestHeaders(): TypedHeaders<RequestHeaderMap> {
-  // TODO `as any` not needed when fetchdts is updated
-  return getH3Event().req.headers as any
+  return getH3Event().req.headers
 }
 
 export function getRequestHeader(name: RequestHeaderName): string | undefined {
@@ -284,7 +294,16 @@ export function setResponseStatus(code?: number, text?: string): void {
  */
 export function getCookies(): Record<string, string> {
   const event = getH3Event()
-  return h3_parseCookies(event)
+  const cookies = h3_parseCookies(event)
+  const definedCookies: Record<string, string> = Object.create(null)
+
+  for (const [name, value] of Object.entries(cookies)) {
+    if (value !== undefined) {
+      definedCookies[name] = value
+    }
+  }
+
+  return definedCookies
 }
 
 /**
@@ -296,7 +315,7 @@ export function getCookies(): Record<string, string> {
  * ```
  */
 export function getCookie(name: string): string | undefined {
-  return getCookies()[name] || undefined
+  return getCookies()[name]
 }
 
 /**