Skip to content

[fix] Server-side fetch request should have headers (#696) #3631

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Rich-Harris merged 9 commits into from
Feb 1, 2022
Merged

[fix] Server-side fetch request should have headers (#696) #3631

Changes from 6 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
cecd67c
pr 2861 rebase
Jan 30, 2022
6f5308e
merge headers from request
Jan 30, 2022
3546170
Revert "merge headers from request"
Jan 30, 2022
1a8de41
Update packages/kit/src/runtime/server/page/load_node.js
Rich-Harris Feb 1, 2022
22f713d
omit cookie and authorization headers by default
Rich-Harris Feb 1, 2022
93c8109
all headers are single-valued, so use set rather than append
Rich-Harris Feb 1, 2022
bc44aca
omit if-none-match, replace referer header
Rich-Harris Feb 1, 2022
83a3094
add test
Rich-Harris Feb 1, 2022
69e26ee
changeset
Rich-Harris Feb 1, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 11 additions & 4 deletions packages/kit/src/runtime/server/page/load_node.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,13 @@ export async function load_node({

opts.headers = new Headers(opts.headers);

// merge headers from request
for (const [key, value] of event.request.headers) {
if (opts.headers.has(key)) continue;
if (key === 'cookie' || key === 'authorization') continue;
Copy link
Member

@benmccann benmccann Feb 1, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

were we only going to skip these for the omit case? right now it looks like it's always skipping them

Copy link
Member

@Conduitry Conduitry Feb 1, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We're skipping copying them over directly right here. These headers should already have gotten handled earlier, if it was appropriate to copy them over.

Copy link

@bothness bothness Mar 11, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I seem to be getting issues from version 1.0.0-next.253 upwards whenever I make server-side fetch requests with an "authorization" header. I'm guessing it may relate to this code change?

See my comment here: #3631 (comment)

opts.headers.set(key, value);
}

const resolved = resolve(event.url.pathname, requested.split('?')[0]);

/** @type {Response} */
Expand Down Expand Up @@ -209,10 +216,10 @@ export async function load_node({
if (!opts.body || typeof opts.body === 'string') {
// prettier-ignore
fetched.push({
url: requested,
body: /** @type {string} */ (opts.body),
json: `{"status":${response.status},"statusText":${s(response.statusText)},"headers":${s(headers)},"body":"${escape_json_string_in_html(body)}"}`
});
url: requested,
body: /** @type {string} */ (opts.body),
json: `{"status":${response.status},"statusText":${s(response.statusText)},"headers":${s(headers)},"body":"${escape_json_string_in_html(body)}"}`
});
}

if (dependency) {
Expand Down