Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[fix] exclude Host header from load fetch requests made on server #3690

Merged
merged 2 commits into from Feb 2, 2022
Merged

[fix] exclude Host header from load fetch requests made on server #3690

merged 2 commits into from Feb 2, 2022

Conversation

Conduitry
Copy link
Member

Having child requests made via fetch from load during SSR include the Host header is bad. At the very least, it causes SSL certificate issues. (I'm not sure whether it causes other issues in shared-IP / dynamic host environments - I don't know whether the value in the headers or in the URL takes precedence in node-fetch.)

This skips over the Host header as well when copying the headers into the outgoing request. I looked at the existing test added in #3631, but I wasn't sure how to extend it.

Please don't delete this checklist! Before submitting the PR, please make sure you do the following:

  • It's really useful if your PR references an issue where it is discussed ahead of time. In many cases, features are absent for a reason. For large changes, please create an RFC: https://github.com/sveltejs/rfcs
  • This message body should clearly illustrate what problems it solves.
  • Ideally, include a test that fails without this PR but passes with it.

Tests

  • Run the tests with pnpm test and lint the project with pnpm lint and pnpm check

Changesets

  • If your PR makes a change that should be noted in one or more packages' changelogs, generate a changeset by running pnpx changeset and following the prompts. All changesets should be patch until SvelteKit 1.0

@changeset-bot
Copy link

changeset-bot bot commented Feb 2, 2022

🦋 Changeset detected

Latest commit: bd65015

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@sveltejs/kit Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@netlify
Copy link

netlify bot commented Feb 2, 2022
edited

✔️ Deploy Preview for kit-demo canceled.

🔨 Explore the source changes: bd65015

🔍 Inspect the deploy log: https://app.netlify.com/sites/kit-demo/deploys/61fafaea22c48900075aea63

@Conduitry Conduitry merged commit b22dfbf into sveltejs:master Feb 2, 2022
@Conduitry Conduitry deleted the fetch-header-exclude-host branch February 2, 2022 21:56
@github-actions github-actions bot mentioned this pull request Feb 2, 2022
Merged
@Conduitry Conduitry mentioned this pull request Jul 6, 2022
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Rich-Harris Rich-Harris Rich-Harris approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@Conduitry @Rich-Harris