h3 1.15.2 → 1.15.4

package/README.md

@@ -33,11 +33,11 @@ H3 (pronounced as /eɪtʃθriː/, like h-3) is a minimal h(ttp) framework built
 
 <!-- automd:contributors license=MIT author="pi0" -->
 
-Published under the [MIT](https://github.com/unjs/h3/blob/main/LICENSE) license.
-Made by [@pi0](https://github.com/pi0) and [community](https://github.com/unjs/h3/graphs/contributors) 💛
+Published under the [MIT](https://github.com/h3js/h3/blob/main/LICENSE) license.
+Made by [@pi0](https://github.com/pi0) and [community](https://github.com/h3js/h3/graphs/contributors) 💛
 <br><br>
-<a href="https://github.com/unjs/h3/graphs/contributors">
-<img src="https://contrib.rocks/image?repo=unjs/h3" />
+<a href="https://github.com/h3js/h3/graphs/contributors">
+<img src="https://contrib.rocks/image?repo=h3js/h3" />
 </a>
 
 <!-- /automd -->

package/dist/index.cjs

@@ -315,7 +315,8 @@ function getRequestHeader(event, name) {
 const getHeader = getRequestHeader;
 function getRequestHost(event, opts = {}) {
   if (opts.xForwardedHost) {
-    const xForwardedHost = event.node.req.headers["x-forwarded-host"];
+    const _header = event.node.req.headers["x-forwarded-host"];
+    const xForwardedHost = (_header || "").split(",").shift()?.trim();
     if (xForwardedHost) {
       return xForwardedHost;
     }
@@ -1684,10 +1685,7 @@ async function serveStatic(event, options) {
   }
   if (!meta) {
     if (!options.fallthrough) {
-      throw createError({
-        statusMessage: "Cannot find static asset " + id,
-        statusCode: 404
-      });
+      throw createError({ statusCode: 404 });
     }
     return false;
   }

package/dist/index.d.cts

@@ -117,6 +117,12 @@ interface Session<T extends SessionDataT = SessionDataT> {
     data: SessionData<T>;
     [getSessionPromise]?: Promise<Session<T>>;
 }
+interface SessionManager<T extends SessionDataT = SessionDataT> {
+    readonly id: string | undefined;
+    readonly data: SessionData<T>;
+    update: (update: SessionUpdate<T>) => Promise<SessionManager<T>>;
+    clear: () => Promise<SessionManager<T>>;
+}
 interface SessionConfig {
     /** Private key used to encrypt session tokens */
     password: string;
@@ -145,12 +151,7 @@ type CompatEvent = {
 /**
  * Create a session manager for the current request.
  */
-declare function useSession<T extends SessionDataT = SessionDataT>(event: H3Event | CompatEvent, config: SessionConfig): Promise<{
-    readonly id: any;
-    readonly data: T;
-    update: (update: SessionUpdate<T>) => Promise</*elided*/ any>;
-    clear: () => Promise</*elided*/ any>;
-}>;
+declare function useSession<T extends SessionDataT = SessionDataT>(event: H3Event | CompatEvent, config: SessionConfig): Promise<SessionManager<T>>;
 /**
  * Get the session for the current request.
  */
@@ -1393,4 +1394,4 @@ declare function toPlainHandler(app: App): PlainHandler;
 declare function fromPlainHandler(handler: PlainHandler): EventHandler<EventHandlerRequest, Promise<unknown>>;
 
 export { H3Error, H3Event, H3Headers, H3Response, MIMES, appendCorsHeaders, appendCorsPreflightHeaders, appendHeader, appendHeaders, appendResponseHeader, appendResponseHeaders, assertMethod, callNodeListener, clearResponseHeaders, clearSession, createApp, createAppEventHandler, createError, createEvent, createEventStream, createRouter, defaultContentType, defineEventHandler, defineLazyEventHandler, defineNodeListener, defineNodeMiddleware, defineRequestMiddleware, defineResponseMiddleware, defineWebSocket, defineWebSocketHandler, deleteCookie, dynamicEventHandler, eventHandler, fetchWithEvent, fromNodeMiddleware, fromPlainHandler, fromWebHandler, getCookie, getHeader, getHeaders, getMethod, getProxyRequestHeaders, getQuery, getRequestFingerprint, getRequestHeader, getRequestHeaders, getRequestHost, getRequestIP, getRequestPath, getRequestProtocol, getRequestURL, getRequestWebStream, getResponseHeader, getResponseHeaders, getResponseStatus, getResponseStatusText, getRouterParam, getRouterParams, getSession, getValidatedQuery, getValidatedRouterParams, handleCacheHeaders, handleCors, isCorsOriginAllowed, isError, isEvent, isEventHandler, isMethod, isPreflightRequest, isStream, isWebResponse, lazyEventHandler, parseCookies, promisifyNodeListener, proxyRequest, readBody, readFormData, readMultipartFormData, readRawBody, readValidatedBody, removeResponseHeader, sanitizeStatusCode, sanitizeStatusMessage, sealSession, send, sendError, sendIterable, sendNoContent, sendProxy, sendRedirect, sendStream, sendWebResponse, serveStatic, setCookie, setHeader, setHeaders, setResponseHeader, setResponseHeaders, setResponseStatus, splitCookiesString, toEventHandler, toNodeListener, toPlainHandler, toWebHandler, toWebRequest, unsealSession, updateSession, use, useBase, useSession, writeEarlyHints };
-export type { AddRouteShortcuts, App, AppOptions, AppUse, CacheConditions, CreateRouterOptions, Duplex, DynamicEventHandler, Encoding, EventHandler, EventHandlerObject, EventHandlerRequest, EventHandlerResolver, EventHandlerResponse, EventStream, EventStreamMessage, EventStreamOptions, H3CorsOptions, H3EventContext, HTTPHeaderName, HTTPMethod, InferEventInput, InputLayer, InputStack, Layer, LazyEventHandler, Matcher, MimeType, MultiPartData, NodeEventContext, NodeListener, NodeMiddleware, NodePromisifiedHandler, PlainHandler, PlainRequest, PlainResponse, ProxyOptions, RequestFingerprintOptions, RequestHeaders, RouteNode, Router, RouterMethod, RouterUse, ServeStaticOptions, Session, SessionConfig, SessionData, Stack, StaticAssetMeta, StatusCode, TypedHeaders, ValidateFunction, ValidateResult, WebEventContext, WebHandler, WebSocketOptions, _RequestMiddleware, _ResponseMiddleware };
+export type { AddRouteShortcuts, App, AppOptions, AppUse, CacheConditions, CreateRouterOptions, Duplex, DynamicEventHandler, Encoding, EventHandler, EventHandlerObject, EventHandlerRequest, EventHandlerResolver, EventHandlerResponse, EventStream, EventStreamMessage, EventStreamOptions, H3CorsOptions, H3EventContext, HTTPHeaderName, HTTPMethod, InferEventInput, InputLayer, InputStack, Layer, LazyEventHandler, Matcher, MimeType, MultiPartData, NodeEventContext, NodeListener, NodeMiddleware, NodePromisifiedHandler, PlainHandler, PlainRequest, PlainResponse, ProxyOptions, RequestFingerprintOptions, RequestHeaders, RouteNode, Router, RouterMethod, RouterUse, ServeStaticOptions, Session, SessionConfig, SessionData, SessionManager, Stack, StaticAssetMeta, StatusCode, TypedHeaders, ValidateFunction, ValidateResult, WebEventContext, WebHandler, WebSocketOptions, _RequestMiddleware, _ResponseMiddleware };

package/dist/index.d.mts

@@ -117,6 +117,12 @@ interface Session<T extends SessionDataT = SessionDataT> {
     data: SessionData<T>;
     [getSessionPromise]?: Promise<Session<T>>;
 }
+interface SessionManager<T extends SessionDataT = SessionDataT> {
+    readonly id: string | undefined;
+    readonly data: SessionData<T>;
+    update: (update: SessionUpdate<T>) => Promise<SessionManager<T>>;
+    clear: () => Promise<SessionManager<T>>;
+}
 interface SessionConfig {
     /** Private key used to encrypt session tokens */
     password: string;
@@ -145,12 +151,7 @@ type CompatEvent = {
 /**
  * Create a session manager for the current request.
  */
-declare function useSession<T extends SessionDataT = SessionDataT>(event: H3Event | CompatEvent, config: SessionConfig): Promise<{
-    readonly id: any;
-    readonly data: T;
-    update: (update: SessionUpdate<T>) => Promise</*elided*/ any>;
-    clear: () => Promise</*elided*/ any>;
-}>;
+declare function useSession<T extends SessionDataT = SessionDataT>(event: H3Event | CompatEvent, config: SessionConfig): Promise<SessionManager<T>>;
 /**
  * Get the session for the current request.
  */
@@ -1393,4 +1394,4 @@ declare function toPlainHandler(app: App): PlainHandler;
 declare function fromPlainHandler(handler: PlainHandler): EventHandler<EventHandlerRequest, Promise<unknown>>;
 
 export { H3Error, H3Event, H3Headers, H3Response, MIMES, appendCorsHeaders, appendCorsPreflightHeaders, appendHeader, appendHeaders, appendResponseHeader, appendResponseHeaders, assertMethod, callNodeListener, clearResponseHeaders, clearSession, createApp, createAppEventHandler, createError, createEvent, createEventStream, createRouter, defaultContentType, defineEventHandler, defineLazyEventHandler, defineNodeListener, defineNodeMiddleware, defineRequestMiddleware, defineResponseMiddleware, defineWebSocket, defineWebSocketHandler, deleteCookie, dynamicEventHandler, eventHandler, fetchWithEvent, fromNodeMiddleware, fromPlainHandler, fromWebHandler, getCookie, getHeader, getHeaders, getMethod, getProxyRequestHeaders, getQuery, getRequestFingerprint, getRequestHeader, getRequestHeaders, getRequestHost, getRequestIP, getRequestPath, getRequestProtocol, getRequestURL, getRequestWebStream, getResponseHeader, getResponseHeaders, getResponseStatus, getResponseStatusText, getRouterParam, getRouterParams, getSession, getValidatedQuery, getValidatedRouterParams, handleCacheHeaders, handleCors, isCorsOriginAllowed, isError, isEvent, isEventHandler, isMethod, isPreflightRequest, isStream, isWebResponse, lazyEventHandler, parseCookies, promisifyNodeListener, proxyRequest, readBody, readFormData, readMultipartFormData, readRawBody, readValidatedBody, removeResponseHeader, sanitizeStatusCode, sanitizeStatusMessage, sealSession, send, sendError, sendIterable, sendNoContent, sendProxy, sendRedirect, sendStream, sendWebResponse, serveStatic, setCookie, setHeader, setHeaders, setResponseHeader, setResponseHeaders, setResponseStatus, splitCookiesString, toEventHandler, toNodeListener, toPlainHandler, toWebHandler, toWebRequest, unsealSession, updateSession, use, useBase, useSession, writeEarlyHints };
-export type { AddRouteShortcuts, App, AppOptions, AppUse, CacheConditions, CreateRouterOptions, Duplex, DynamicEventHandler, Encoding, EventHandler, EventHandlerObject, EventHandlerRequest, EventHandlerResolver, EventHandlerResponse, EventStream, EventStreamMessage, EventStreamOptions, H3CorsOptions, H3EventContext, HTTPHeaderName, HTTPMethod, InferEventInput, InputLayer, InputStack, Layer, LazyEventHandler, Matcher, MimeType, MultiPartData, NodeEventContext, NodeListener, NodeMiddleware, NodePromisifiedHandler, PlainHandler, PlainRequest, PlainResponse, ProxyOptions, RequestFingerprintOptions, RequestHeaders, RouteNode, Router, RouterMethod, RouterUse, ServeStaticOptions, Session, SessionConfig, SessionData, Stack, StaticAssetMeta, StatusCode, TypedHeaders, ValidateFunction, ValidateResult, WebEventContext, WebHandler, WebSocketOptions, _RequestMiddleware, _ResponseMiddleware };
+export type { AddRouteShortcuts, App, AppOptions, AppUse, CacheConditions, CreateRouterOptions, Duplex, DynamicEventHandler, Encoding, EventHandler, EventHandlerObject, EventHandlerRequest, EventHandlerResolver, EventHandlerResponse, EventStream, EventStreamMessage, EventStreamOptions, H3CorsOptions, H3EventContext, HTTPHeaderName, HTTPMethod, InferEventInput, InputLayer, InputStack, Layer, LazyEventHandler, Matcher, MimeType, MultiPartData, NodeEventContext, NodeListener, NodeMiddleware, NodePromisifiedHandler, PlainHandler, PlainRequest, PlainResponse, ProxyOptions, RequestFingerprintOptions, RequestHeaders, RouteNode, Router, RouterMethod, RouterUse, ServeStaticOptions, Session, SessionConfig, SessionData, SessionManager, Stack, StaticAssetMeta, StatusCode, TypedHeaders, ValidateFunction, ValidateResult, WebEventContext, WebHandler, WebSocketOptions, _RequestMiddleware, _ResponseMiddleware };

package/dist/index.d.ts

@@ -117,6 +117,12 @@ interface Session<T extends SessionDataT = SessionDataT> {
     data: SessionData<T>;
     [getSessionPromise]?: Promise<Session<T>>;
 }
+interface SessionManager<T extends SessionDataT = SessionDataT> {
+    readonly id: string | undefined;
+    readonly data: SessionData<T>;
+    update: (update: SessionUpdate<T>) => Promise<SessionManager<T>>;
+    clear: () => Promise<SessionManager<T>>;
+}
 interface SessionConfig {
     /** Private key used to encrypt session tokens */
     password: string;
@@ -145,12 +151,7 @@ type CompatEvent = {
 /**
  * Create a session manager for the current request.
  */
-declare function useSession<T extends SessionDataT = SessionDataT>(event: H3Event | CompatEvent, config: SessionConfig): Promise<{
-    readonly id: any;
-    readonly data: T;
-    update: (update: SessionUpdate<T>) => Promise</*elided*/ any>;
-    clear: () => Promise</*elided*/ any>;
-}>;
+declare function useSession<T extends SessionDataT = SessionDataT>(event: H3Event | CompatEvent, config: SessionConfig): Promise<SessionManager<T>>;
 /**
  * Get the session for the current request.
  */
@@ -1393,4 +1394,4 @@ declare function toPlainHandler(app: App): PlainHandler;
 declare function fromPlainHandler(handler: PlainHandler): EventHandler<EventHandlerRequest, Promise<unknown>>;
 
 export { H3Error, H3Event, H3Headers, H3Response, MIMES, appendCorsHeaders, appendCorsPreflightHeaders, appendHeader, appendHeaders, appendResponseHeader, appendResponseHeaders, assertMethod, callNodeListener, clearResponseHeaders, clearSession, createApp, createAppEventHandler, createError, createEvent, createEventStream, createRouter, defaultContentType, defineEventHandler, defineLazyEventHandler, defineNodeListener, defineNodeMiddleware, defineRequestMiddleware, defineResponseMiddleware, defineWebSocket, defineWebSocketHandler, deleteCookie, dynamicEventHandler, eventHandler, fetchWithEvent, fromNodeMiddleware, fromPlainHandler, fromWebHandler, getCookie, getHeader, getHeaders, getMethod, getProxyRequestHeaders, getQuery, getRequestFingerprint, getRequestHeader, getRequestHeaders, getRequestHost, getRequestIP, getRequestPath, getRequestProtocol, getRequestURL, getRequestWebStream, getResponseHeader, getResponseHeaders, getResponseStatus, getResponseStatusText, getRouterParam, getRouterParams, getSession, getValidatedQuery, getValidatedRouterParams, handleCacheHeaders, handleCors, isCorsOriginAllowed, isError, isEvent, isEventHandler, isMethod, isPreflightRequest, isStream, isWebResponse, lazyEventHandler, parseCookies, promisifyNodeListener, proxyRequest, readBody, readFormData, readMultipartFormData, readRawBody, readValidatedBody, removeResponseHeader, sanitizeStatusCode, sanitizeStatusMessage, sealSession, send, sendError, sendIterable, sendNoContent, sendProxy, sendRedirect, sendStream, sendWebResponse, serveStatic, setCookie, setHeader, setHeaders, setResponseHeader, setResponseHeaders, setResponseStatus, splitCookiesString, toEventHandler, toNodeListener, toPlainHandler, toWebHandler, toWebRequest, unsealSession, updateSession, use, useBase, useSession, writeEarlyHints };
-export type { AddRouteShortcuts, App, AppOptions, AppUse, CacheConditions, CreateRouterOptions, Duplex, DynamicEventHandler, Encoding, EventHandler, EventHandlerObject, EventHandlerRequest, EventHandlerResolver, EventHandlerResponse, EventStream, EventStreamMessage, EventStreamOptions, H3CorsOptions, H3EventContext, HTTPHeaderName, HTTPMethod, InferEventInput, InputLayer, InputStack, Layer, LazyEventHandler, Matcher, MimeType, MultiPartData, NodeEventContext, NodeListener, NodeMiddleware, NodePromisifiedHandler, PlainHandler, PlainRequest, PlainResponse, ProxyOptions, RequestFingerprintOptions, RequestHeaders, RouteNode, Router, RouterMethod, RouterUse, ServeStaticOptions, Session, SessionConfig, SessionData, Stack, StaticAssetMeta, StatusCode, TypedHeaders, ValidateFunction, ValidateResult, WebEventContext, WebHandler, WebSocketOptions, _RequestMiddleware, _ResponseMiddleware };
+export type { AddRouteShortcuts, App, AppOptions, AppUse, CacheConditions, CreateRouterOptions, Duplex, DynamicEventHandler, Encoding, EventHandler, EventHandlerObject, EventHandlerRequest, EventHandlerResolver, EventHandlerResponse, EventStream, EventStreamMessage, EventStreamOptions, H3CorsOptions, H3EventContext, HTTPHeaderName, HTTPMethod, InferEventInput, InputLayer, InputStack, Layer, LazyEventHandler, Matcher, MimeType, MultiPartData, NodeEventContext, NodeListener, NodeMiddleware, NodePromisifiedHandler, PlainHandler, PlainRequest, PlainResponse, ProxyOptions, RequestFingerprintOptions, RequestHeaders, RouteNode, Router, RouterMethod, RouterUse, ServeStaticOptions, Session, SessionConfig, SessionData, SessionManager, Stack, StaticAssetMeta, StatusCode, TypedHeaders, ValidateFunction, ValidateResult, WebEventContext, WebHandler, WebSocketOptions, _RequestMiddleware, _ResponseMiddleware };

package/dist/index.mjs

@@ -308,7 +308,8 @@ function getRequestHeader(event, name) {
 const getHeader = getRequestHeader;
 function getRequestHost(event, opts = {}) {
   if (opts.xForwardedHost) {
-    const xForwardedHost = event.node.req.headers["x-forwarded-host"];
+    const _header = event.node.req.headers["x-forwarded-host"];
+    const xForwardedHost = (_header || "").split(",").shift()?.trim();
     if (xForwardedHost) {
       return xForwardedHost;
     }
@@ -1677,10 +1678,7 @@ async function serveStatic(event, options) {
   }
   if (!meta) {
     if (!options.fallthrough) {
-      throw createError({
-        statusMessage: "Cannot find static asset " + id,
-        statusCode: 404
-      });
+      throw createError({ statusCode: 404 });
     }
     return false;
   }

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "h3",
-  "version": "1.15.2",
+  "version": "1.15.4",
   "description": "Minimal H(TTP) framework built for high performance and portability.",
-  "repository": "unjs/h3",
+  "repository": "h3js/h3",
   "license": "MIT",
   "sideEffects": false,
   "exports": {
@@ -34,42 +34,42 @@
   },
   "dependencies": {
     "cookie-es": "^1.2.2",
-    "crossws": "^0.3.4",
+    "crossws": "^0.3.5",
     "defu": "^6.1.4",
     "destr": "^2.0.5",
     "iron-webcrypto": "^1.2.1",
-    "node-mock-http": "^1.0.0",
+    "node-mock-http": "^1.0.2",
     "radix3": "^1.1.2",
     "ufo": "^1.6.1",
     "uncrypto": "^0.1.3"
   },
   "devDependencies": {
-    "0x": "^5.8.0",
-    "@types/express": "^5.0.1",
-    "@types/node": "^22.15.2",
+    "0x": "^6.0.0",
+    "@types/express": "^5.0.3",
+    "@types/node": "^24.1.0",
     "@types/supertest": "^6.0.3",
-    "@vitest/coverage-v8": "^3.1.2",
+    "@vitest/coverage-v8": "^3.2.4",
     "autocannon": "^8.0.0",
     "automd": "^0.4.0",
-    "changelogen": "^0.6.1",
+    "changelogen": "^0.6.2",
     "connect": "^3.7.0",
-    "eslint": "^9.25.1",
-    "eslint-config-unjs": "^0.4.2",
+    "eslint": "^9.32.0",
+    "eslint-config-unjs": "^0.5.0",
     "express": "^5.1.0",
     "get-port": "^7.1.0",
-    "h3": "^1.15.1",
-    "jiti": "^2.4.2",
+    "h3": "^1.15.3",
+    "jiti": "^2.5.1",
     "listhen": "^1.9.0",
     "node-fetch-native": "^1.6.6",
-    "prettier": "^3.5.3",
-    "react": "^19.1.0",
-    "react-dom": "^19.1.0",
-    "supertest": "^7.1.0",
+    "prettier": "^3.6.2",
+    "react": "^19.1.1",
+    "react-dom": "^19.1.1",
+    "supertest": "^7.1.4",
     "typescript": "^5.8.3",
-    "unbuild": "^3.5.0",
-    "undici": "^7.8.0",
-    "vitest": "^3.1.2",
-    "zod": "^3.24.3"
+    "unbuild": "^3.6.0",
+    "undici": "^7.12.0",
+    "vitest": "^3.2.4",
+    "zod": "^4.0.14"
   },
   "packageManager": "pnpm@10.2.0"
 }