From cecd67cb1d40d90b2cd2ebee750e7eb0b93b99e0 Mon Sep 17 00:00:00 2001 From: tom Date: Sun, 30 Jan 2022 16:19:16 +0800 Subject: [PATCH 1/9] pr 2861 rebase --- packages/kit/src/runtime/server/page/load_node.js | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/packages/kit/src/runtime/server/page/load_node.js b/packages/kit/src/runtime/server/page/load_node.js index bb878ae14b61..ae2e70e13f9e 100644 --- a/packages/kit/src/runtime/server/page/load_node.js +++ b/packages/kit/src/runtime/server/page/load_node.js @@ -94,6 +94,13 @@ export async function load_node({ opts.headers = new Headers(opts.headers); + // merge headers from request + for (const [key, value] of event.request.headers.entries()) { + if (!opts.headers.has(key)) { + opts.headers.append(key, value); + } + } + const resolved = resolve(event.url.pathname, requested.split('?')[0]); /** @type {Response} */ @@ -209,10 +216,10 @@ export async function load_node({ if (!opts.body || typeof opts.body === 'string') { // prettier-ignore fetched.push({ - url: requested, - body: /** @type {string} */ (opts.body), - json: `{"status":${response.status},"statusText":${s(response.statusText)},"headers":${s(headers)},"body":"${escape_json_string_in_html(body)}"}` - }); + url: requested, + body: /** @type {string} */ (opts.body), + json: `{"status":${response.status},"statusText":${s(response.statusText)},"headers":${s(headers)},"body":"${escape_json_string_in_html(body)}"}` + }); } if (dependency) { From 6f5308e79e0e18bec6dc7d9565696c607a6ef098 Mon Sep 17 00:00:00 2001 From: tom Date: Mon, 31 Jan 2022 02:54:49 +0800 Subject: [PATCH 2/9] merge headers from request --- packages/kit/src/runtime/server/page/load_node.js | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/packages/kit/src/runtime/server/page/load_node.js b/packages/kit/src/runtime/server/page/load_node.js index ae2e70e13f9e..b61496d0a6d5 100644 --- a/packages/kit/src/runtime/server/page/load_node.js +++ b/packages/kit/src/runtime/server/page/load_node.js @@ -92,14 +92,11 @@ export async function load_node({ }; } - opts.headers = new Headers(opts.headers); - // merge headers from request - for (const [key, value] of event.request.headers.entries()) { - if (!opts.headers.has(key)) { - opts.headers.append(key, value); - } - } + opts.headers = new Headers({ + ...Object.fromEntries(event.request.headers), + ...opts.headers + }); const resolved = resolve(event.url.pathname, requested.split('?')[0]); From 35461704dcc2e3859abb9a77e36163cc722c8708 Mon Sep 17 00:00:00 2001 From: tom Date: Mon, 31 Jan 2022 03:07:02 +0800 Subject: [PATCH 3/9] Revert "merge headers from request" This reverts commit 6f5308e79e0e18bec6dc7d9565696c607a6ef098. --- packages/kit/src/runtime/server/page/load_node.js | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/packages/kit/src/runtime/server/page/load_node.js b/packages/kit/src/runtime/server/page/load_node.js index b61496d0a6d5..ae2e70e13f9e 100644 --- a/packages/kit/src/runtime/server/page/load_node.js +++ b/packages/kit/src/runtime/server/page/load_node.js @@ -92,11 +92,14 @@ export async function load_node({ }; } + opts.headers = new Headers(opts.headers); + // merge headers from request - opts.headers = new Headers({ - ...Object.fromEntries(event.request.headers), - ...opts.headers - }); + for (const [key, value] of event.request.headers.entries()) { + if (!opts.headers.has(key)) { + opts.headers.append(key, value); + } + } const resolved = resolve(event.url.pathname, requested.split('?')[0]); From 1a8de41c64e6ef77e0e293d970679248ff54f461 Mon Sep 17 00:00:00 2001 From: Rich Harris Date: Tue, 1 Feb 2022 10:58:15 -0500 Subject: [PATCH 4/9] Update packages/kit/src/runtime/server/page/load_node.js --- packages/kit/src/runtime/server/page/load_node.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/kit/src/runtime/server/page/load_node.js b/packages/kit/src/runtime/server/page/load_node.js index ae2e70e13f9e..62c0fcf13ece 100644 --- a/packages/kit/src/runtime/server/page/load_node.js +++ b/packages/kit/src/runtime/server/page/load_node.js @@ -95,7 +95,7 @@ export async function load_node({ opts.headers = new Headers(opts.headers); // merge headers from request - for (const [key, value] of event.request.headers.entries()) { + for (const [key, value] of event.request.headers) { if (!opts.headers.has(key)) { opts.headers.append(key, value); } From 22f713d63c530136cbfea8716b7d2107cf24ee55 Mon Sep 17 00:00:00 2001 From: Rich Harris Date: Tue, 1 Feb 2022 11:05:58 -0500 Subject: [PATCH 5/9] omit cookie and authorization headers by default --- packages/kit/src/runtime/server/page/load_node.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/kit/src/runtime/server/page/load_node.js b/packages/kit/src/runtime/server/page/load_node.js index 62c0fcf13ece..f68530232074 100644 --- a/packages/kit/src/runtime/server/page/load_node.js +++ b/packages/kit/src/runtime/server/page/load_node.js @@ -96,9 +96,9 @@ export async function load_node({ // merge headers from request for (const [key, value] of event.request.headers) { - if (!opts.headers.has(key)) { - opts.headers.append(key, value); - } + if (opts.headers.has(key)) continue; + if (key === 'cookie' || key === 'authorization') continue; + opts.headers.append(key, value); } const resolved = resolve(event.url.pathname, requested.split('?')[0]); From 93c81091a512ce7bc13447ee07e03f2a527330df Mon Sep 17 00:00:00 2001 From: Rich Harris Date: Tue, 1 Feb 2022 11:07:00 -0500 Subject: [PATCH 6/9] all headers are single-valued, so use set rather than append --- packages/kit/src/runtime/server/page/load_node.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/kit/src/runtime/server/page/load_node.js b/packages/kit/src/runtime/server/page/load_node.js index f68530232074..af2404725c90 100644 --- a/packages/kit/src/runtime/server/page/load_node.js +++ b/packages/kit/src/runtime/server/page/load_node.js @@ -98,7 +98,7 @@ export async function load_node({ for (const [key, value] of event.request.headers) { if (opts.headers.has(key)) continue; if (key === 'cookie' || key === 'authorization') continue; - opts.headers.append(key, value); + opts.headers.set(key, value); } const resolved = resolve(event.url.pathname, requested.split('?')[0]); From bc44acad84a328df6ef5233d92e8cfd8a1085da3 Mon Sep 17 00:00:00 2001 From: Rich Harris Date: Tue, 1 Feb 2022 11:47:08 -0500 Subject: [PATCH 7/9] omit if-none-match, replace referer header --- packages/kit/src/runtime/server/page/load_node.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/packages/kit/src/runtime/server/page/load_node.js b/packages/kit/src/runtime/server/page/load_node.js index af2404725c90..f7c90171e36e 100644 --- a/packages/kit/src/runtime/server/page/load_node.js +++ b/packages/kit/src/runtime/server/page/load_node.js @@ -97,10 +97,12 @@ export async function load_node({ // merge headers from request for (const [key, value] of event.request.headers) { if (opts.headers.has(key)) continue; - if (key === 'cookie' || key === 'authorization') continue; + if (key === 'cookie' || key === 'authorization' || key === 'if-none-match') continue; opts.headers.set(key, value); } + opts.headers.set('referer', event.url.href); + const resolved = resolve(event.url.pathname, requested.split('?')[0]); /** @type {Response} */ From 83a3094ee27d2cb0b58eb73c2b578d0ca6f3d60d Mon Sep 17 00:00:00 2001 From: Rich Harris Date: Tue, 1 Feb 2022 11:47:16 -0500 Subject: [PATCH 8/9] add test --- .../src/routes/load/fetch-headers.json.js | 6 +++++ .../src/routes/load/fetch-headers.svelte | 26 +++++++++++++++++++ .../apps/basics/src/routes/load/index.svelte | 1 + packages/kit/test/apps/basics/test/test.js | 19 ++++++++++++++ 4 files changed, 52 insertions(+) create mode 100644 packages/kit/test/apps/basics/src/routes/load/fetch-headers.json.js create mode 100644 packages/kit/test/apps/basics/src/routes/load/fetch-headers.svelte diff --git a/packages/kit/test/apps/basics/src/routes/load/fetch-headers.json.js b/packages/kit/test/apps/basics/src/routes/load/fetch-headers.json.js new file mode 100644 index 000000000000..0a2705016617 --- /dev/null +++ b/packages/kit/test/apps/basics/src/routes/load/fetch-headers.json.js @@ -0,0 +1,6 @@ +/** @type {import('@sveltejs/kit').RequestHandler} */ +export function get({ request }) { + return { + body: Object.fromEntries(request.headers) + }; +} diff --git a/packages/kit/test/apps/basics/src/routes/load/fetch-headers.svelte b/packages/kit/test/apps/basics/src/routes/load/fetch-headers.svelte new file mode 100644 index 000000000000..6b20202ef583 --- /dev/null +++ b/packages/kit/test/apps/basics/src/routes/load/fetch-headers.svelte @@ -0,0 +1,26 @@ + + + + +
{json}
diff --git a/packages/kit/test/apps/basics/src/routes/load/index.svelte b/packages/kit/test/apps/basics/src/routes/load/index.svelte index 52a1929099b4..5cffb7e2a2ff 100644 --- a/packages/kit/test/apps/basics/src/routes/load/index.svelte +++ b/packages/kit/test/apps/basics/src/routes/load/index.svelte @@ -22,6 +22,7 @@ fetch request fetch credentialed +fetch headers large response raw body server fetch request diff --git a/packages/kit/test/apps/basics/test/test.js b/packages/kit/test/apps/basics/test/test.js index ab7fc4be653f..1292f2fd8ab5 100644 --- a/packages/kit/test/apps/basics/test/test.js +++ b/packages/kit/test/apps/basics/test/test.js @@ -1036,6 +1036,25 @@ test.describe.parallel('Load', () => { expect(await page.textContent('h1')).toBe('Hello SvelteKit!'); }); + test('includes correct page request headers', async ({ + baseURL, + page, + clicknav, + javaScriptEnabled + }) => { + await page.goto('/load'); + await clicknav('[href="/load/fetch-headers"]'); + + const json = /** @type {string} */ (await page.textContent('pre')); + expect(JSON.parse(json)).toEqual({ + referer: `${baseURL}/load/fetch-headers`, + // these headers aren't particularly useful, but they allow us to verify + // that page headers are being forwarded + 'sec-fetch-dest': javaScriptEnabled ? 'empty' : 'document', + 'sec-fetch-mode': javaScriptEnabled ? 'cors' : 'navigate' + }); + }); + test('exposes rawBody to endpoints', async ({ page, clicknav }) => { await page.goto('/load'); await clicknav('[href="/load/raw-body"]'); From 69e26ee07af4ead0bde4b80f31091cfc75078323 Mon Sep 17 00:00:00 2001 From: Rich Harris Date: Tue, 1 Feb 2022 11:58:34 -0500 Subject: [PATCH 9/9] changeset --- .changeset/twenty-numbers-destroy.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .changeset/twenty-numbers-destroy.md diff --git a/.changeset/twenty-numbers-destroy.md b/.changeset/twenty-numbers-destroy.md new file mode 100644 index 000000000000..83ea9d0fb832 --- /dev/null +++ b/.changeset/twenty-numbers-destroy.md @@ -0,0 +1,5 @@ +--- +'@sveltejs/kit': patch +--- + +Include page request headers in server-side fetches