New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cache-control always includes private even if fetch has no credentials #793
Comments
Well well, was looking through the project code, and realized a kit/packages/kit/src/runtime/server/page.js Lines 89 to 91 in a59fbd0
If I change my fetch call on
The So I guess this is working as expected, but we could use some more clarity in the docs in my opinion. |
I wonder if there's an opportunity to be slightly smarter here. Perhaps the check should be |
I think there are a lot of edge cases if this is to be inferred automatically. Headers are often used for authentication for example. IMO, I think being able to just return |
Okay... I figured out why. My code was like this, destructing the args to Load as per the example export const load: Load = async ({ page, fetch, session, context }) => { However, pulling in session (even though it was unused) I think triggered this check kit/packages/kit/src/runtime/server/page.js Lines 270 to 273 in 42dc6b3
I've fixed it by only destructuring page & fetch but it was a bit of a headscratcher for a while. |
The other issue that |
Also seems like here kit/packages/kit/src/runtime/server/page/render.js Lines 133 to 135 in 27a9888
IMO Framework need to instercept that subscribe was called from rendered page. And not that session was changed during rendering. Should be something like const tmp = session.subscribe;
session.subscribe = (v) => {
tmp(v);
is_private = true;
} |
* fix session subscription tracking - closes #793 * simplify * fix/simplify
Describe the bug
I'm filing this in as a bug simply because it's either a bug in the project or misleading documentation.
So when using the
maxage
attribute on theload
function, SvelteKit builds thecache-control
header into that page. According to the documentation: The resulting cache header will include private if user data was involved in rendering the page (either via session, or because a credentialled fetch was made in a load function).My goal is to just cache the page that uses a
fetch
request with no user data. Seems that SvelteKit is forcing theprivate
incache-control
just by usingfetch
.This page will always include
private
in the response header.If I don't use fetch from the
load
function, then it includespublic
.Logs
No logs for this, but here is a screenshot of the browser response header:
To Reproduce
Just build out a simple page that makes a
fetch
request, then pass in amaxage
to theload
response. Check in the browser's dev tools that the responsecache-control
headers will always includeprivate
.This is happening both on
dev
(svelte-kit dev) andprod
(svelte-kit start).Expected behavior
If
fetch
is being used without custom headers then perhaps we should not set thecache-control
toprivate
. Ideally,private
should only be included if we pass in parameters tofetch
, but I see that being a brittle solution. Maybe we could override it somehow, with aprivate: false
on theload
response? Or just being able to return fully custom headers onload
.Information about your SvelteKit Installation:
npx envinfo --system --npmPackages svelte,@sveltejs/kit --binaries --browsers
Browser
Brave
Svelte Kit Adapter
Node, but will switch to Netlify before going into prod.
Severity
I'm just trying out SvelteKit for fun, I think it's an awesome project. But this bug basically makes the usage of this project a bit hard for me, at work and in freelancing scenarios. Without being able to cache pages that make "public" fetch requests on the
load
function, I'm basically forcing myself to consistently pay for serverless executions, instead of caching said page for the specifiedmaxage
. This is because no cloud provider will cache pages withprivate
in thecache-control
.Additional context
The use case for this is a classically SSR page that contains the latest updates to Covid numbers in Portugal. I want the page to be server-rendered but the results cached by an hour so I serve that from the CDN instead of hitting the serverless function on Netlify over and over.
The text was updated successfully, but these errors were encountered: