[fix] exclude Host header from load fetch requests made on server #3690
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Having child requests made via
fetch
fromload
during SSR include theHost
header is bad. At the very least, it causes SSL certificate issues. (I'm not sure whether it causes other issues in shared-IP / dynamic host environments - I don't know whether the value in the headers or in the URL takes precedence innode-fetch
.)This skips over the
Host
header as well when copying the headers into the outgoing request. I looked at the existing test added in #3631, but I wasn't sure how to extend it.Please don't delete this checklist! Before submitting the PR, please make sure you do the following:
Tests
pnpm test
and lint the project withpnpm lint
andpnpm check
Changesets
pnpx changeset
and following the prompts. All changesets should bepatch
until SvelteKit 1.0