-
-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Route request headers are forwarding to backend fetch calls. #5253
Comments
Well shoot. Now that I've submitted this, I just saw #5195. It sounds like there's already been quite a bit of conversation about this. Hopefully this issue, and explanation of why this is surprising and annoying, is helpful. |
#5195 is almost certainly not going to happen in its current form, but yes we do either need to be smarter about which headers get carried over, and probably also give more control over that. |
I would want an option to completely disable this behavior, and I think it should be opt-in. Edit: Maybe this could be a list of allowed headers? This makes the behavior of Also - I don't want to be a pain and bog you all down rehashing this decision. I disagree with it, but I'd also just be okay with a way to disable this behavior for my app. It would have also been helpful to have some documentation (and justification) about this for folks like me totally surprised when unexpected headers cause problems. |
I believe sveltekit's |
Describe the bug
Request headers for the initial HTML page load are getting passed through to external fetch requests on the backend. For example, if
http://localhost:3000
is requested with theAccept: text/html
header, that gets passed along to my API requests.This occurs when using
@sveltejs/node-adapter@1.0.0-next.78
. I've included a reproduction, but here are some more details:I'm seeing this in my server logs within my API, however it is also observable in the
externalFetch
svelte-kit hook:This is unexpected and causes some wonky interactions with our API. We've hit this in two places:
Accept: text/html
to our API endpoint, which results in our JSON API responding with a406 Not Acceptable
error. This is fine 🤷, but pretty weird and an annoying class of errors to filter through in error tracking software.If-Modified-Since
header, our API returns a 304 Not Modified response, which results in a user facing error whenfetch
on the backend considers the request a failure:We'd expect these headers to not get automatically passed through. Those headers are for the SvelteKit request, not our API.
As a temporary work around, we're removing these headers using the
externalFetch
hook, but I think that this should not be necessary.Reproduction
I have provided a reproducing project here:
https://github.com/nhunzaker/sveltekit-reproduction
You can reproduce this issue by running the project with:
Then cURL the request with the Accept header:
When running the example, you'll see the request come through with the
Accept
header sent along with the request forhttp://localhost:3000
:(UK Bank holidays are not related to this issue, they simply have a public JSON API)
Logs
No response
System Info
Severity
serious, but I can work around it
Additional Information
No response
The text was updated successfully, but these errors were encountered: