[fix] Server-side fetch request should have headers (#696) #3631
Conversation
|
|
✔️ Deploy Preview for kit-demo canceled. 🔨 Explore the source changes: 69e26ee 🔍 Inspect the deploy log: https://app.netlify.com/sites/kit-demo/deploys/61f966c261508400077ecb83 |
aolose
changed the title
|
It looks like there's another PR to fix this issue as well: #2911. I haven't looked at either in any detail yet. Can you comment on the differences between the two approaches? |
This reverts commit 6f5308e.
the param of * @param {{
- * request: import('types/hooks').ServerRequest;
+ * event: import('types/hooks').RequestEvent;The code below is unable to achieve goals. const headers = /** @type {import('types/helper').RequestHeaders} */ ({
...request.headers,
...opts.headers
});Headers can't be merged. I try to modify it opts.headers = new Headers({
...Object.fromEntries(event.request.headers),
...opts.headers
});It's working, but it can't pass tests. |
|
This also relates to my #3503 where I'm grasping around for ways to get at the incoming request headers in order to fulfill a server-side rendered response (and one that makes data fetch calls). I suggested either making "event" available in externalFetch, or for a narrower scoped change, making "fetch" have the cookies the way it would if you did a Question though -- should this behavior be gated by the presence of "credentials: include"? At the very least it seems like it should respect "credentials: omit" the same as they do here right? |
|
Thanks @aolose. @johnnysprinkles yes, we do need to account for |
| // merge headers from request | ||
| for (const [key, value] of event.request.headers) { | ||
| if (opts.headers.has(key)) continue; | ||
| if (key === 'cookie' || key === 'authorization') continue; |
There was a problem hiding this comment.
were we only going to skip these for the omit case? right now it looks like it's always skipping them
There was a problem hiding this comment.
We're skipping copying them over directly right here. These headers should already have gotten handled earlier, if it was appropriate to copy them over.
There was a problem hiding this comment.
I seem to be getting issues from version 1.0.0-next.253 upwards whenever I make server-side fetch requests with an "authorization" header. I'm guessing it may relate to this code change?
See my comment here: #3631 (comment)
|
Realised there's at least a couple of headers that should get special casing — Adding some tests alongside this behaviour |
|
This fix appears to be causing problems when I'm using the I'm getting the following error "Unexpected token < in JSON at position 2", which seems to mean that I'm getting an HTML error page in place of the JSON file that I'm trying to request (it worked perfectly in 1.0.0-next.252 but breaks in 1.0.0-next.252). I'm guessing this issue can be solved by explicitly adding certain headers to the request, eg. allowing CORS? It would be great if requests could be sent with suitable default headers to prevent this issue! Additional info: It seems this issue may only affect requests that have an "Authorization" header. |
|
I'm getting an error too. I think we need more doc to say when to use fetch from global and fetch from loadInput. |
|
@bothness comments on merged PRs will end up getting lost. If you have encountered a bug, please file a new issue |
|
Thanks for spotting this @benmccann. I'll file a fresh issue. |
Server-side fetch in load function will include original request headers. (#696)
Please don't delete this checklist! Before submitting the PR, please make sure you do the following:
Tests
pnpm testand lint the project withpnpm lintandpnpm checkChangesets
pnpx changesetand following the prompts. All changesets should bepatchuntil SvelteKit 1.0