* Encrypt server islands props
* Comment on the hex algo
* Use @oslojs/encoding
* Rename functions
* Add base to test
* Remove old tests no longer valid
* Run test locally
* Make sure adapters run before manifest
* Add a changeset
* Adjust test adapter
* don't assume adapter is at root
* Add a changeset
* Updates on review comments
* Update oslo
* Add better description of Node adapter change
* fix: make semicolon optional when detecting `prerender` option
* trim to remove possible carriage return
* Apply suggestions from code review
Co-authored-by: Bjorn Lu <bjornlu.dev@gmail.com>
---------
Co-authored-by: Bjorn Lu <bjornlu.dev@gmail.com>
* Fix css plugin having inconsistent builds in different environments
Astro's css plugin generates chunk ids that include a hash of all of
the chunk's parent ids. These ids are currently the absolute file paths
of the parent files. The generated chunk ids are then inserted into
those pages as import statements.
Because these import statements include a hash based on these absolute
file paths, this causes rollup to generate different hashes for those
pages when a build is run in different environments. The exact same
project will produce identical assets with different filenames when
built on different machines, or when built from different directories
on the same machine, etc.
To fix this, I've stripped out the working directory of these file paths
before they are added to the hash. This means that the hash will still
change if the files referencing it chacnge (which I believe is the
intended behavior), but will be stable if the entire project is built
in different environments.
* add changeset
* fixup! use settings.config.root and vite's normalizePath
I've chosen to update the function signature of shortHashedName
to match createSlugger's, so it now accepts the settings object
and returns the actual hashing function. This way, createSlugger's
function signature doesn't need to update to needlessly accept
an additional argument.
* fixup! remove unused import
* Update .changeset/young-pillows-shave.md
Co-authored-by: Bjorn Lu <bjornlu.dev@gmail.com>
* fixup! use fileURLtoPath
---------
Co-authored-by: Matt Lee <mdlee.md@gmail.com>
Co-authored-by: Bjorn Lu <bjornlu.dev@gmail.com>
* wip: move getActionResult setup to render
* feat: serialize action data for edge
* refactor: serializeActionResult util
* feat: introduce devalue for body parsing
* refactor: orthrow -> main
* feat(test): Date and Set
* refactor: move getAction to separate file for bundling
* docs: changeset
* Revert "refactor: move getAction to separate file for bundling"
This reverts commit ef2b40991f90ff64c063cb4364eb2affcb2328c3.
* Revert "Revert "refactor: move getAction to separate file for bundling""
This reverts commit 40deaeda1dd350b27fa3da994a7c37005ae7a187.
* fix: actions import from client
* feat: add support for URL objects
* refactor: new isActionError utility
* refactor: reuse isInputError in fromJson
* fix: use INTERNAL_SERVER_ERROR for unknown errors
* fix: audit incorrectly flagging images as above the fold (#10891)
Previously used lement.offsetTop to find the y position of the image, which does not work when the element parent has a position: relative property.
Instead, this uses lement.getBoundingClientRect().y top get real y position of the image.
There's one issue though, which is that getBoundingClientRect returns the position relative to the user's viewport, not the absolute position.
So, add window.scrollY to the value to cancel that effect out, and you have the element's absolute position.
https://developer.mozilla.org/en-US/docs/Web/API/Element/getBoundingClientRecthttps://developer.mozilla.org/en-US/docs/Web/API/Window/scrollY
* chore: add changeset
* refactor: move from Async local storage to .bind()
* feat: Astro.callAction for server calls
* feat(e2e): update server call
* feat(types): test callAction types
* fix: callAction context on rewrite
* feat: called from server error
* chore: remove store.ts file
* chore: remove getApiContext client stub
* chore: changeset
* fix: src -> dist import
* refactor: move content collection errors together
* fix: move rfc link to hint
* fix: highlight line with error in the error overlay
* chore: changeset
* Update packages/astro/e2e/errors.test.js
Co-authored-by: Bjorn Lu <bjornlu.dev@gmail.com>
---------
Co-authored-by: Bjorn Lu <bjornlu.dev@gmail.com>
* Fix an XSS in Server Islands.
Discussed with @FredKSchott that this is OK to disclose since Server Islands are still experimental.
It's generally not safe to use `JSON.stringify` to interpolate potentially attacker controlled data into `<script>` tags as JSON doesn't escape `<>"'` and so one can use it to break out of the script tag and e.g. make a new one with controlled content.
See https://pragmaticwebsecurity.com/articles/spasecurity/json-stringify-xss
* Format
* Create smart-snakes-promise.md
* Switch to manual encoding
---------
Co-authored-by: Matt Kane <m@mk.gg>
* fix: prevent client hydration when rendering via Container API
* revert change that is not needed
* skip client directives via option
* reword changeset
* Fix types of react server.d.ts
* add new API
---------
Co-authored-by: Matthew Phillips <matthew@skypack.dev>
* Fix Server Islands in Vercel
* Add a changeset
* Get server islands pattern from the segments
* Move getPattern so it can be used at runtime
* Fix build
* fix: use config root to build default routes
* fix: make root serializable
* fix regression
* Use stringified URLs
* Fix unit tests
---------
Co-authored-by: Matthew Phillips <matthew@skypack.dev>