You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: documentation/docs/20-core-concepts/20-load.md
+18-7
Original file line number
Diff line number
Diff line change
@@ -231,10 +231,11 @@ Given a `route.id` of `/a/[b]/[...c]` and a `url.pathname` of `/a/x/y/z`, the `p
231
231
232
232
To get data from an external API or a `+server.js` handler, you can use the provided `fetch` function, which behaves identically to the [native `fetch` web API](https://developer.mozilla.org/en-US/docs/Web/API/fetch) with a few additional features:
233
233
234
-
- it can be used to make credentialed requests on the server, as it inherits the `cookie` and `authorization` headers for the page request
235
-
- it can make relative requests on the server (ordinarily, `fetch` requires a URL with an origin when used in a server context)
236
-
- internal requests (e.g. for `+server.js` routes) go direct to the handler function when running on the server, without the overhead of an HTTP call
237
-
- during server-side rendering, the response will be captured and inlined into the rendered HTML by hooking into the `text` and `json` methods of the `Response` object. Note that headers will _not_ be serialized, unless explicitly included via [`filterSerializedResponseHeaders`](hooks#server-hooks-handle). Then, during hydration, the response will be read from the HTML, guaranteeing consistency and preventing an additional network request - if you got a warning in your browser console when using the browser `fetch` instead of the `load``fetch`, this is why.
234
+
- It can be used to make credentialed requests on the server, as it inherits the `cookie` and `authorization` headers for the page request.
235
+
- It can make relative requests on the server (ordinarily, `fetch` requires a URL with an origin when used in a server context).
236
+
- Internal requests (e.g. for `+server.js` routes) go directly to the handler function when running on the server, without the overhead of an HTTP call.
237
+
- During server-side rendering, the response will be captured and inlined into the rendered HTML by hooking into the `text` and `json` methods of the `Response` object. Note that headers will _not_ be serialized, unless explicitly included via [`filterSerializedResponseHeaders`](hooks#server-hooks-handle).
238
+
- During hydration, the response will be read from the HTML, guaranteeing consistency and preventing an additional network request - if you received a warning in your browser console when using the browser `fetch` instead of the `load``fetch`, this is why.
> Cookies will only be passed through if the target host is the same as the SvelteKit application or a more specific subdomain of it.
251
-
252
-
## Cookies and headers
251
+
## Cookies
253
252
254
253
A server `load` function can get and set [`cookies`](types#public-types-cookies).
255
254
@@ -274,8 +273,20 @@ export async function load({ cookies }) {
274
273
}
275
274
```
276
275
276
+
Cookies will only be passed through the provided `fetch` function if the target host is the same as the SvelteKit application or a more specific subdomain of it.
277
+
278
+
For example, if SvelteKit is serving my.domain.com:
279
+
- domain.com WILL NOT receive cookies
280
+
- my.domain.com WILL receive cookies
281
+
- api.domain.dom WILL NOT receive cookies
282
+
- sub.my.domain.com WILL receive cookies
283
+
284
+
Other cookies will not be passed when `credentials: 'include'` is set, because SvelteKit does not know which domain which cookie belongs to (the browser does not pass this information along), so it's not safe to forward any of them. Use the [handleFetch hook](hooks#server-hooks-handlefetch) to work around it.
285
+
277
286
> When setting cookies, be aware of the `path` property. By default, the `path` of a cookie is the current pathname. If you for example set a cookie at page `admin/user`, the cookie will only be available within the `admin` pages by default. In most cases you likely want to set `path` to `'/'` to make the cookie available throughout your app.
278
287
288
+
## Headers
289
+
279
290
Both server and universal `load` functions have access to a `setHeaders` function that, when running on the server, can set headers for the response. (When running in the browser, `setHeaders` has no effect.) This is useful if you want the page to be cached, for example:
Copy file name to clipboardExpand all lines: documentation/docs/20-core-concepts/50-state-management.md
+1-1
Original file line number
Diff line number
Diff line change
@@ -36,7 +36,7 @@ export const actions = {
36
36
37
37
The `user` variable is shared by everyone who connects to this server. If Alice submitted an embarrassing secret, and Bob visited the page after her, Bob would know Alice's secret. In addition, when Alice returns to the site later in the day, the server may have restarted, losing her data.
38
38
39
-
Instead, you should _authenticate_ the user using [`cookies`](load#cookies-and-headers) and persist the data to a database.
39
+
Instead, you should _authenticate_ the user using [`cookies`](load#cookies) and persist the data to a database.
Copy file name to clipboardExpand all lines: packages/kit/src/exports/public.d.ts
+12-10
Original file line number
Diff line number
Diff line change
@@ -697,13 +697,13 @@ export interface LoadEvent<
697
697
/**
698
698
* `fetch` is equivalent to the [native `fetch` web API](https://developer.mozilla.org/en-US/docs/Web/API/fetch), with a few additional features:
699
699
*
700
-
* - it can be used to make credentialed requests on the server, as it inherits the `cookie` and `authorization` headers for the page request
701
-
* - it can make relative requests on the server (ordinarily, `fetch` requires a URL with an origin when used in a server context)
702
-
* - internal requests (e.g. for `+server.js` routes) go directly to the handler function when running on the server, without the overhead of an HTTP call
703
-
* - during server-side rendering, the response will be captured and inlined into the rendered HTML. Note that headers will _not_ be serialized, unless explicitly included via [`filterSerializedResponseHeaders`](https://kit.svelte.dev/docs/hooks#server-hooks-handle)
704
-
* - during hydration, the response will be read from the HTML, guaranteeing consistency and preventing an additional network request
700
+
* - It can be used to make credentialed requests on the server, as it inherits the `cookie` and `authorization` headers for the page request.
701
+
* - It can make relative requests on the server (ordinarily, `fetch` requires a URL with an origin when used in a server context).
702
+
* - Internal requests (e.g. for `+server.js` routes) go directly to the handler function when running on the server, without the overhead of an HTTP call.
703
+
* - During server-side rendering, the response will be captured and inlined into the rendered HTML by hooking into the `text` and `json` methods of the `Response` object. Note that headers will _not_ be serialized, unless explicitly included via [`filterSerializedResponseHeaders`](https://kit.svelte.dev/docs/hooks#server-hooks-handle)
704
+
* - During hydration, the response will be read from the HTML, guaranteeing consistency and preventing an additional network request.
705
705
*
706
-
* > Cookies will only be passed through if the target host is the same as the SvelteKit application or a more specific subdomain of it.
706
+
* You can learn more about making credentialed requests with cookies [here](https://kit.svelte.dev/docs/load#cookies)
* `fetch` is equivalent to the [native `fetch` web API](https://developer.mozilla.org/en-US/docs/Web/API/fetch), with a few additional features:
951
951
*
952
-
* - it can be used to make credentialed requests on the server, as it inherits the `cookie` and `authorization` headers for the page request
953
-
* - it can make relative requests on the server (ordinarily, `fetch` requires a URL with an origin when used in a server context)
954
-
* - internal requests (e.g. for `+server.js` routes) go directly to the handler function when running on the server, without the overhead of an HTTP call
952
+
* - It can be used to make credentialed requests on the server, as it inherits the `cookie` and `authorization` headers for the page request.
953
+
* - It can make relative requests on the server (ordinarily, `fetch` requires a URL with an origin when used in a server context).
954
+
* - Internal requests (e.g. for `+server.js` routes) go directly to the handler function when running on the server, without the overhead of an HTTP call.
955
+
* - During server-side rendering, the response will be captured and inlined into the rendered HTML by hooking into the `text` and `json` methods of the `Response` object. Note that headers will _not_ be serialized, unless explicitly included via [`filterSerializedResponseHeaders`](https://kit.svelte.dev/docs/hooks#server-hooks-handle)
956
+
* - During hydration, the response will be read from the HTML, guaranteeing consistency and preventing an additional network request.
955
957
*
956
-
* > Cookies will only be passed through if the target host is the same as the SvelteKit application or a more specific subdomain of it.
958
+
* You can learn more about making credentialed requests with cookies [here](https://kit.svelte.dev/docs/load#cookies)
0 commit comments