Skip to content

Commit

Permalink
breaking: Remove dangerZone.trackServerFetches (#11235)
Browse files Browse the repository at this point in the history
* breaking: Remove  and related code

* changeset

* remove dangerZone per discussion

---------

Co-authored-by: Rich Harris <[email protected]>
  • Loading branch information
1 parent 9d6de50 commit ffca61d
Show file tree
Hide file tree
Showing 13 changed files with 11 additions and 63 deletions.
5 changes: 5 additions & 0 deletions .changeset/twenty-birds-eat.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
'@sveltejs/kit': major
---

breaking: remove `dangerZone.trackServerFetches`
3 changes: 0 additions & 3 deletions packages/kit/src/core/config/index.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -69,9 +69,6 @@ const get_defaults = (prefix = '') => ({
csrf: {
checkOrigin: true
},
dangerZone: {
trackServerFetches: false
},
embedded: false,
env: {
dir: process.cwd(),
Expand Down
5 changes: 0 additions & 5 deletions packages/kit/src/core/config/options.js
Original file line number Diff line number Diff line change
Expand Up @@ -111,11 +111,6 @@ const options = object(
checkOrigin: boolean(true)
}),

dangerZone: object({
// TODO 2.0: Remove this
trackServerFetches: boolean(false)
}),

embedded: boolean(false),

env: object({
Expand Down
1 change: 0 additions & 1 deletion packages/kit/src/core/sync/write_server.js
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,6 @@ export const options = {
app_template_contains_nonce: ${template.includes('%sveltekit.nonce%')},
csp: ${s(config.kit.csp)},
csrf_check_origin: ${s(config.kit.csrf.checkOrigin)},
track_server_fetches: ${s(config.kit.dangerZone.trackServerFetches)},
embedded: ${config.kit.embedded},
env_public_prefix: '${config.kit.env.publicPrefix}',
env_private_prefix: '${config.kit.env.privatePrefix}',
Expand Down
10 changes: 0 additions & 10 deletions packages/kit/src/exports/public.d.ts
Original file line number Diff line number Diff line change
Expand Up @@ -343,16 +343,6 @@ export interface KitConfig {
*/
checkOrigin?: boolean;
};
/**
* Here be dragons. Enable at your peril.
*/
dangerZone?: {
/**
* Automatically add server-side `fetch`ed URLs to the `dependencies` map of `load` functions. This will expose secrets
* to the client if your URL contains them.
*/
trackServerFetches?: boolean;
};
/**
* Whether or not the app is embedded inside a larger app. If `true`, SvelteKit will add its event listeners related to navigation etc on the parent of `%sveltekit.body%` instead of `window`, and will pass `params` from the server rather than inferring them from `location.pathname`.
* @default false
Expand Down
3 changes: 1 addition & 2 deletions packages/kit/src/runtime/server/data/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -76,8 +76,7 @@ export async function render_data(
}
}
return data;
},
track_server_fetches: options.track_server_fetches
}
});
} catch (e) {
aborted = true;
Expand Down
3 changes: 1 addition & 2 deletions packages/kit/src/runtime/server/page/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -150,8 +150,7 @@ export async function render_page(event, page, options, manifest, state, resolve
if (parent) Object.assign(data, await parent.data);
}
return data;
},
track_server_fetches: options.track_server_fetches
}
});
} catch (e) {
load_error = /** @type {Error} */ (e);
Expand Down
15 changes: 1 addition & 14 deletions packages/kit/src/runtime/server/page/load_data.js
Original file line number Diff line number Diff line change
Expand Up @@ -10,18 +10,10 @@ import { validate_depends } from '../../shared.js';
* state: import('types').SSRState;
* node: import('types').SSRNode | undefined;
* parent: () => Promise<Record<string, any>>;
* track_server_fetches: boolean;
* }} opts
* @returns {Promise<import('types').ServerDataNode | null>}
*/
export async function load_server_data({
event,
state,
node,
parent,
// TODO 2.0: Remove this
track_server_fetches
}) {
export async function load_server_data({ event, state, node, parent }) {
if (!node?.server) return null;

let done = false;
Expand Down Expand Up @@ -59,11 +51,6 @@ export async function load_server_data({
);
}

// TODO 2.0: Remove this
if (track_server_fetches) {
uses.dependencies.add(url.href);
}

return event.fetch(info, init);
},
/** @param {string[]} deps */
Expand Down
3 changes: 1 addition & 2 deletions packages/kit/src/runtime/server/page/respond_with_error.js
Original file line number Diff line number Diff line change
Expand Up @@ -49,8 +49,7 @@ export async function respond_with_error({
event,
state,
node: default_layout,
parent: async () => ({}),
track_server_fetches: options.track_server_fetches
parent: async () => ({})
});

const server_data = await server_data_promise;
Expand Down
1 change: 0 additions & 1 deletion packages/kit/src/types/internal.d.ts
Original file line number Diff line number Diff line change
Expand Up @@ -333,7 +333,6 @@ export interface SSROptions {
app_template_contains_nonce: boolean;
csp: ValidatedConfig['kit']['csp'];
csrf_check_origin: boolean;
track_server_fetches: boolean;
embedded: boolean;
env_public_prefix: string;
env_private_prefix: string;
Expand Down
3 changes: 2 additions & 1 deletion packages/kit/test/apps/basics/test/client.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -483,7 +483,8 @@ test.describe('Invalidation', () => {
});

test('fetch in server load cannot be invalidated', async ({ page, app, request }) => {
// TODO 2.0: Can remove this test after `dangerZone.trackServerFetches` and associated code is removed
// legacy behavior was to track server dependencies -- this could leak secrets to the client (see github.com/sveltejs/kit/pull/9945)
// we keep this test just to make sure the behavior stays the same.
await request.get('/load/invalidation/server-fetch/count.json?reset');
await page.goto('/load/invalidation/server-fetch');
const selector = '[data-testid="count"]';
Expand Down
3 changes: 0 additions & 3 deletions packages/kit/test/apps/options/svelte.config.js
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,6 @@ const config = {
'require-trusted-types-for': ['script']
}
},
dangerZone: {
trackServerFetches: true
},
files: {
assets: 'public',
lib: 'source/components',
Expand Down
19 changes: 0 additions & 19 deletions packages/kit/test/apps/options/test/test.js
Original file line number Diff line number Diff line change
Expand Up @@ -302,22 +302,3 @@ test.describe('Routing', () => {
await expect(page.locator('h2')).toHaveText('target: 0');
});
});

test.describe('load', () => {
// TODO 2.0: Remove this test
test('fetch in server load can be invalidated when `dangerZone.trackServerFetches` is set', async ({
page,
app,
request,
javaScriptEnabled
}) => {
test.skip(!javaScriptEnabled, 'JavaScript is disabled');
await request.get('/path-base/server-fetch-invalidate/count.json?reset');
await page.goto('/path-base/server-fetch-invalidate');
const selector = '[data-testid="count"]';

expect(await page.textContent(selector)).toBe('1');
await app.invalidate('/path-base/server-fetch-invalidate/count.json');
expect(await page.textContent(selector)).toBe('2');
});
});

0 comments on commit ffca61d

Please sign in to comment.