🐛 BUG: New SvelteKit project created by C3 rejects all POSTs #4799

kentonv · 2024-01-21T23:15:58Z

Which Cloudflare product(s) does this pertain to?

C3, Miniflare

What version(s) of the tool(s) are you using?

3.23.0 [Wrangler], 2.9.2 [C3]

What version of Node are you using?

20.11.0

What operating system are you using?

Linux

Describe the Bug

In a newly-created SvelteKit project, all POST requests fail with {"message":"Cross-site POST form submissions are forbidden"}

To reproduce:

Run c3.
Choose to create a Svelte app.
Tell SvelteKit's create tool to create the demo app.
Run the app and browse to it.
Go to the "sverdle" tab in the app.
Try to submit an answer. The submission POST request will be blocked.

This appears to be due to this code in SvelteKit:

https://github.com/sveltejs/kit/blob/043ad0fb7c9247313542253599cd06d6da00a6bf/packages/kit/src/runtime/server/respond.js#L64-L76

I believe in particular request.headers.get('origin') !== url.origin is evaluating true. The reason is, the browser thinks the origin is localhost:8788, but by the time the request reaches workerd, the URL has been rewritten to localhost:5173, which doesn't match.

I'm not familiar with the architecture here but I assume this happens because there's a proxy sitting between the browser and workerd. It seems the proxy is rewriting the Host header when it forwards the HTTP request. If we could convince the proxy not to do that, I think it would solve the problem. That is, the proxy should forward the request with the Host header value it received from the browser, rather than rewrite it to match the workerd socket address.

Please provide a link to a minimal reproduction

No response

Please provide any relevant error logs

No response

The text was updated successfully, but these errors were encountered:

dario-piotrowicz · 2024-01-22T09:45:55Z

The issue appears to be related to the fact that this is the type of pages:dev script we generate:

wrangler pages dev --compatibility-date=2024-01-17 --proxy 5173 -- npm run dev

Since if you build you application and run it through wrangler pages dev then POSTs seem to be working fine:

We've already discussed the use of wrangler pages dev with the proxying functionality on the team and I think we all agree that we should move away from it, since it is not perfect and it can introduce invalid behaviors such as this one.

I think we need to update the Svelte scripts (and probably all of the other frameworks too) to be something like what we have in Next (source), basically remove pages:dev and allow people to use the standard svelte dev command, then provide to them a pages:preview script that they can use to actually preview their application using wrangler pages dev.

That is in my opinion the best option here (I am not familiar how the proxy works either, but since we already know that it is not the optimal solution, instead of trying to fix it there I'd advocate for just not using it (which is something that we were already planning to do in any case))

One caveat here is that with the standard Svelte dev script (vite dev) currently people can't access their Bindings (as SvelteKit itself documents), I hope that that can change soon: sveltejs/kit#11323
(But note that also with the current pages:dev script developers don't get access to bindings anyways)

mrbbot · 2024-01-22T11:06:39Z

Thanks for the report. I'm guessing this is a duplicate of #4761.

petebacondarwin · 2024-01-22T21:44:36Z

I believe that this is actually a problem with the "other" proxy that is being used by the wrangler pages dev --proxy command to send requests to the vite dev command rather than run then using workerd.

I tried following the reproduction steps above (thanks @kentonv) and I can see the problem both with the current Wrangler+MIniflare releases but also with wrangler@3.18.0, which is before the current wrangler dev proxy was implemented, and even wrangler@2.21.0, which was before we moved over to workerd in Miniflare.

petebacondarwin · 2024-01-23T13:55:10Z

Indeed debugging into this we have this code when wrangler pages dev is proxying requests to a third party dev server (as is the case here):

workers-sdk/packages/wrangler/src/miniflare-cli/assets.ts

Lines 41 to 46 in 0de1e16

    
           const proxyRequest = new Request(url, miniflareRequest as RequestInit); 
        
           if (proxyRequest.headers.get("Upgrade") === "websocket") { 
        
           	proxyRequest.headers.delete("Sec-WebSocket-Accept"); 
        
           	proxyRequest.headers.delete("Sec-WebSocket-Key"); 
        
           } 
        
           return await fetch(proxyRequest);

The call to fetch will follow the HTTP fetch spec with regards to CORS and Origin header - i.e. it will overwrite the header on the request with the origin from the request.url.

Perhaps there is an option we can pass to Undici's fetch to override this? For example I see in the Undici code it checks for request.responseTainting === "cors" before doing the overwrite and/or the request.referrerPolicy.

petebacondarwin · 2024-01-23T17:28:07Z

The proxy provided by Pages used in this issue is not easy to fix for the scenario set out here. Really this is not its correct use anyway. The original idea of this proxy was for SPA frameworks, like React (not full-stack, like Svelte), which had a dev server that hosted client side assets and was able to engage in things like incremental builds and hot-module reloading. In that case it makes sense for Pages to delegate the hosting of the static assets to such a dev server to avoid having to manage that itself. The idea was that code in Pages Functions would be handled by Wrangler (i.e. workerd) and static assets would be handled by the 3rd party dev server.

This doesn't really make sense for full stack frameworks, where the dev server actually wants to (and can) handle the server side behaviour as well as the static asset hosting. So going forward we are recommending the following approach.

Simple 3rd party dev server

Use the built in dev server to do day-to-day development with fast feedback cycles.
This will use the 3rd party's dev tooling to build and serve both the static (client-side) assets, and the server-side actions.
Note that in this scenario you are not running you code in an actual Cloudflare Worker nor do you have access to any Cloudflare bindings. But this is the simplest and fastest way to get started.
In the case of the Sveltekit project built by C3 this is just running npm dev, which can be seen to work as expected in the reproduction.

3rd party dev server + getBindingsProxy() helper

This is the same as the first option but additionally configuring the full-stack framework to get a proxy (agh yet another one!) but this time a JS Proxy Object that gives the node.js code running the server-side code access to real Cloudflare Worker bindings hosted by Miniflare locally.
We are working with each full-stack framework to make this as easy as possible to set up. As an example here are the docs on how to do this with Next-on-pages: https://github.com/cloudflare/next-on-pages/tree/main/internal-packages/next-dev.

3rd party build + wrangler pages dev

This last option has the highest fidelity to what will be deployed. It involves building the Pages application (incorporating any full-stack framework adaptors for Cloudflare) into a Worker and then running that locally via wrangler pages dev. Wrangler hosts both the client-side static assets and also the server-side code inside a local Worker. This Worker has full access to local bindings just like in normal Worker local development.
The downside to this approach is that on each change to the code you must rebuild the Worker and restart Wrangler, which slows down the development feedback cycle.

With these three options available, we should change the C3 starter to avoid encouraging the Pages proxy setup and document clearly how to use these options. Once that is done I think we can close this issue as won't fix.

mrbbot · 2024-01-24T13:00:01Z

Unrelated to whether we want to continue supporting this, I was observing strange behaviour where I could reproduce the issue when following the steps above (which installed wrangler@3.23.0 at the time), but not if I used a local checkout of wrangler@3.23.0 and ran with that. It turns out the repro was installing and using undici@5.28.2, but the local checkout was using undici@5.23.0. Normally, wrangler bundles undici, but the code for fetching from an upstream port uses miniflare's fetch() for WebSocket support, so was picking up this difference. As Kenton points out, the issue is that we're rewriting the Host header when we shouldn't be. Bisecting between undici@5.23.0 and 5.28.2 on that requirement gives this PR: nodejs/undici#2322. It seems like Vercel had a similar issue with their dev server proxy setup (vercel/vercel#10767), and switched to undici.request(), which doesn't have this behaviour. We should consider doing the same.

petebacondarwin · 2024-01-24T20:35:39Z

Nice work @mrbbot - I can reproduce this locally by patching miniflare to use Unidic's request rather than fetch although I haven't worked out quite the right incantation (it has a bit of a different API) to get it to work for all requests.

mrbbot · 2024-01-24T20:44:11Z

Nice! 🙂 Another option would be to use a custom undici Dispatcher that added back the original Host header if it were set. We did something similar to this in Miniflare 2 to remove default headers that were added by undici's fetch(), but not the Workers runtime.

See https://github.com/cloudflare/miniflare/blob/04134bb73b2d8e1dd5a7a946a703d446ea022e69/packages/core/src/standards/http.ts#L782-L837 for the dispatcher implementation and https://github.com/cloudflare/miniflare/blob/04134bb73b2d8e1dd5a7a946a703d446ea022e69/packages/core/src/standards/http.ts#L882-L887 for the usage.

miniflare's fetch() is correctly setup to receive custom undici Dispatchers via the RequestInit dispatcher property too.

petebacondarwin · 2024-01-29T10:06:57Z

Although #4850 does solve the original problem described above Let's also see if we can fix wrangler pages dev's proxy server as well using one of the suggested approaches discussed here.

dario-piotrowicz · 2024-01-29T10:18:27Z

@petebacondarwin shall we rename the issue then so not to potentially confuse people?
(maybe I'm overthinking it 😅)

petebacondarwin · 2024-01-29T11:52:22Z

I'm going to work on a fix this week. So hopefully no need to overthink this.

…header Previously, when configuring `wrangler pages dev` to use a proxy to a 3rd party dev server, the proxy would replace the Host header, resulting in problems at the dev server if it was checking for cross-site scripting attacks. Now the proxy server passes through the Host header unaltered making it invisible to the 3rd party dev server. Fixes #4799

* ci: only deploy Workers when pushing to special branches (#4848) Previously every push to `main` that contained changes to a Worker package would cause that Worker to be deploy "to production". This meant that we had to be very careful about merging PRs that touch these Workers files. Now production deployment is only run for a Worker on a push to its special deployment branch (e.g. `deploy-worker/playground-preview-worker`). This allows us to land PRs to `main` and then collect up changes to release in a single go by updating the special deployment branch in a controlled way. Moreover it is also easy to see what changes will be released by looking at the difference between `main` and the deployment branch for the Worker package directory. The three workers in this repo now follow this pattern: - edge-preview-authenticated-proxy - format-errors - playground-preview-worker In addition, the Playground Preview Worker has end-to-end tests that are run on every push to the `main` branch, and also any PRs that have the "playground-worker" label. For these tests the Worker is deployed to the testing environment before running the tests against this deployment. * C3: bump `create-next-app` and handle new `next.config.mjs` defaults (#4863) * bump create-next-app from 14.0.4 to 14.1.0 * C3: handle new next.config.mjs default files * [wrangler] Support ai bindings in getBindingsProxy (#4869) * Retain AI service binding from miniflare options * Update changeset * chore: bump `workerd` to `1.20240129.0` (#4874) * [C3] Bump create-vue from 3.9.1 to 3.9.2 in /packages/create-cloudflare/src/frameworks (#4870) * [C3] Bump create-vue in /packages/create-cloudflare/src/frameworks Bumps [create-vue](https://github.com/vuejs/create-vue) from 3.9.1 to 3.9.2. - [Release notes](https://github.com/vuejs/create-vue/releases) - [Commits](vuejs/create-vue@v3.9.1...v3.9.2) --- updated-dependencies: - dependency-name: create-vue dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * [C3] Update frameworks cli dependencies --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Wrangler automated PR updater <wrangler@cloudflare.com> * Exclude standardPricingWarning from dryrun (#4880) * Exclude standardPricingWarning from dryrun That way we do not need authentication for dryrun, again. * fixup! Exclude standardPricingWarning from dryrun * fixup! Exclude standardPricingWarning from dryrun --------- Co-authored-by: petero-dk <2478689+petero-dk@users.noreply.github.com> * Implements Python support in miniflare. (#4873) * Fix changesets (#4885) * fix dario-piotrowicz's changesets * fix existing C3 changesets and amend the changeset text in the creation logic * Version Packages (#4854) Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * [C3] Bump create-qwik from 1.4.2 to 1.4.3 in /packages/create-cloudflare/src/frameworks (#4881) * [C3] Bump create-qwik in /packages/create-cloudflare/src/frameworks Bumps [create-qwik](https://github.com/BuilderIO/qwik/tree/HEAD/packages/create-qwik) from 1.4.2 to 1.4.3. - [Release notes](https://github.com/BuilderIO/qwik/releases) - [Commits](https://github.com/BuilderIO/qwik/commits/v1.4.3/packages/create-qwik) --- updated-dependencies: - dependency-name: create-qwik dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * [C3] Update frameworks cli dependencies --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Wrangler automated PR updater <wrangler@cloudflare.com> * [wrangler] fix: listen on loopback for wrangler dev port check and login (#4830) The `wrangler dev` port availability check triggers a firewall prompt on macOS while it briefly opens and closes listeners. The OAuth callback server from `wrangler login` has the same issue. Fix both cases by listening on the loopback address only by default. Fixed some new test failures by using locally available IP addresses: wrangler:test: ● wrangler dev › ip › should use to `ip` from `wrangler.toml`, if available wrangler:test: listen EADDRNOTAVAIL: address not available 1.2.3.4:8787 wrangler:test: wrangler:test: ● wrangler dev › ip › should use --ip command line arg, if provided wrangler:test: listen EADDRNOTAVAIL: address not available 5.6.7.8:8787 Relates to #4430 * remove outdated and no longer valid miniflare development section from CONTRIBUTING.md (#4893) * [C3] Bump @angular/create from 17.1.1 to 17.1.2 in /packages/create-cloudflare/src/frameworks (#4892) * [C3] Bump @angular/create in /packages/create-cloudflare/src/frameworks Bumps [@angular/create](https://github.com/angular/angular-cli) from 17.1.1 to 17.1.2. - [Release notes](https://github.com/angular/angular-cli/releases) - [Changelog](https://github.com/angular/angular-cli/blob/main/CHANGELOG.md) - [Commits](angular/angular-cli@17.1.1...17.1.2) --- updated-dependencies: - dependency-name: "@angular/create" dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * [C3] Update frameworks cli dependencies --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Wrangler automated PR updater <wrangler@cloudflare.com> * [Stream] WebRTC Template Improvements (#4157) * Add port numbers to fix stackblitz automatic startup * Pull the variables up and show clear instructions * fixup! Pull the variables up and show clear instructions --------- Co-authored-by: Peter Bacon Darwin <pbacondarwin@cloudflare.com> * fix: return 4xx error from playground preview worker on invalid tokens (#4904) Previously, we were passing user-controllable token inputs (`X-CF-Token` header, `user` search param, `token` cookie) directly to the `DurableObjectNamespace#idFromString()` function. This validated the token to be a valid Durable Object ID, but threw a reportable `TypeError`, generating a 500 response and increasing the errored request count. This is a user error, so shouldn't be reported. This change wraps calls to `idFromString()` inside `try`/`catch`es, and re-throws non-reportable user errors that generate 4xx responses. We could just validate that the tokens were 64 hex digits before calling `idFromString()`, but this approach ensures the IDs are for the `UserSession` object by validating the signature encoded in the ID too. * chore: rename deprecated Vitest `TestContext.meta` properties to `TestContext.task` (#4897) This is a precursor to updating to latest Vitest. * [wrangler] fix: stop rebuild attempts when sources are missing (#3886) (#4877) * [wrangler] fix: stop rebuild attempts when sources are missing (#3886) * fixup! [wrangler] fix: stop rebuild attempts when sources are missing (#3886) * fixup! [wrangler] fix: stop rebuild attempts when sources are missing (#3886) * fixup! [wrangler] fix: stop rebuild attempts when sources are missing (#3886) * Update .changeset/hip-files-count.md Co-authored-by: Pete Bacon Darwin <pete@bacondarwin.com> * !fixup: [wrangler] fix: stop rebuild attempts when sources are missing (#3886) * !fixup: [wrangler] fix: stop rebuild attempts when sources are missing (#3886) --------- Co-authored-by: Peter Bacon Darwin <pbacondarwin@cloudflare.com> Co-authored-by: Pete Bacon Darwin <pete@bacondarwin.com> * [C3] Bump create-remix from 2.5.1 to 2.6.0 in /packages/create-cloudflare/src/frameworks (#4903) * [C3] Bump create-remix in /packages/create-cloudflare/src/frameworks Bumps [create-remix](https://github.com/remix-run/remix/tree/HEAD/packages/create-remix) from 2.5.1 to 2.6.0. - [Release notes](https://github.com/remix-run/remix/releases) - [Changelog](https://github.com/remix-run/remix/blob/main/packages/create-remix/CHANGELOG.md) - [Commits](https://github.com/remix-run/remix/commits/create-remix@2.6.0/packages/create-remix) --- updated-dependencies: - dependency-name: create-remix dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * [C3] Update frameworks cli dependencies --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Wrangler automated PR updater <wrangler@cloudflare.com> * fix: ensure that the Pages dev proxy server does not change the Host header (#4888) * fix: ensure that the Pages dev proxy server does not change the Host header Previously, when configuring `wrangler pages dev` to use a proxy to a 3rd party dev server, the proxy would replace the Host header, resulting in problems at the dev server if it was checking for cross-site scripting attacks. Now the proxy server passes through the Host header unaltered making it invisible to the 3rd party dev server. Fixes #4799 * fixup! fix: ensure that the Pages dev proxy server does not change the Host header * fixup! fix: ensure that the Pages dev proxy server does not change the Host header * fixup! fix: ensure that the Pages dev proxy server does not change the Host header * fix: fallback to returning stack trace if `format-errors` broken (#4908) * expose cf object from Miniflare instances (#4905) * expose cf object from Miniflare instances --------- Co-authored-by: MrBBot <bcoll@cloudflare.com> * Add a `ctx` field to the `getBindingsProxy` result (#4922) * split get-bindings-proxy fixture tests in multiple files * add ctx to getBindingsProxy * add ctx tests to get-bindings-proxy fixture --------- Co-authored-by: MrBBot <bcoll@cloudflare.com> * fix(d1): intercept and stringify errors thrown in --json mode (#4872) * fix(d1): intercept and stringify errors thrown in --json mode * fix: add light parsing on d1 execute error message * add test * wip * implement JsonFriendlyFatalError * address PR feedback * fix: don't report invalid `format-errors` input (#4911) * [D1] Add user friendly D1 validation error messages for `dev --remote` and `deploy` (#4914) * chore: refactor user friendly errors and add 10063 code handling * chore: add user friendly error message to deployments * chore: lint * chore: cleanup directory * chore: fix remote error handling * chore: add patch change set * chore: move ABORT_ERR logic out of the user friendly error handler * chore: fix syntax * Update .changeset/fair-shoes-melt.md Co-authored-by: Pete Bacon Darwin <pete@bacondarwin.com> --------- Co-authored-by: Pete Bacon Darwin <pete@bacondarwin.com> * [D1] teach wrangler how to fetch insights about D1's queries (#4909) * [D1] teach wrangler how to fetch insights about D1's queries * add options for sorting and number of results * add a means of filtering the datetime geq/leq * add more options, fix tests * add wrangler banner, add warning text * add changeset * rename last to timePeriod * use string format over numbers as >1mo's data could be possible * Update red-icons-flow.md * make it possible to order by count * Update red-icons-flow.md * PR feedback * Update .changeset/red-icons-flow.md Co-authored-by: Pete Bacon Darwin <pete@bacondarwin.com> * address PR feedback --------- Co-authored-by: Pete Bacon Darwin <pete@bacondarwin.com> * [wrangler] test: fix E2E tests (#4907) * ci: ensure E2E tests failures not reported as successes #4458 accidentally left `continue-on-error: true` in the workflow. This meant that E2E test failures weren't reported as check failures. * test: remove redundant `deploy.test.ts` E2E test This test was a strict subset of `deployments.test.ts`, and wasn't providing any additional value. * test: remove standard pricing warning from E2E test output This warning may not be shown if an account has opted-in to standard pricing. This change normalises output to remove it, meaning tests can be run on any account, regardless of opt-in state. * test: update format of writing logs message in E2E tests * test: use `fallback` instead of `default` in E2E tests #4571 updated the message logged in non-interactive contexts for default values to use the word `fallback` instead of `default`. * fix: ensure `--log-level` argument applied immediately Some messages were being logged before the `--log-level` argument was applied. In particular, this meant the "writing logs to" message at `debug` level, was not output when using `--log-level=debug`. * test: improve reliability of `dev.test.ts` E2E test This change makes a few improvements to `dev.test.ts`: - Shorter timeouts for `fetch()` retries - Replaces `get-port` with native port `0` implementation - Waits for stdout handlers to be registered before starting `wrangler dev` - Ignores errors if we failed to find a proccess to kill (assumes the process was already killed) * fix: throw `UserError`s for R2 object/bucket not-found errors These errors should not be reported to Sentry. * global install * Ensure internal workers listen on ipv4 only * shorter timeouts --------- Co-authored-by: Samuel Macleod <smacleod@cloudflare.com> * Python support (#4901) * Implements wrangler deploy/dev support for Python. * Migrate to `--no-bundle` approach * Basic support for `requirements.txt` * address review comments * Strip package versions * Support deploying * Address comments * Fix tests --------- Co-authored-by: Dominik Picheta <dominik@cloudflare.com> * Version Packages (#4891) Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * [C3] Add `getBindingsProxy` support to qwik template (#4927) * Split package.json update into multiple phases * Add getBindingsProxy to qwik template * Add support for testing dev scripts in c3 e2e tests * Refactor framework e2e verification helpers * Add support for verifying build script in framework e2es * Refactor e2e helpers * Refactor workers e2e tests to re-align with frameworks tests * Refactor RunnerConfig in e2e tests * Fixing cli e2e tests * changeset * remove leftover test value * Fix issue with npm tests & fix e2e logging * Addressing PR feedback * [playground-preview-worker] fix: don't report invalid upload input (#4937) * fix: don't report invalid `edge-preview-authenticated-proxy` URLs (#4939) * [D1] print wrangler banner at the start of every D1 command (#4938) * fix: make the entrypoint optional for the `types` command (#4931) --------- Co-authored-by: MrBBot <bcoll@cloudflare.com> * add a `cf` field to the `getBindingsProxy` result (#4926) --------- Co-authored-by: James Culveyhouse <jculveyhouse@cloudflare.com> * Improve DX with `node:*` modules (#4499) * Turn node build failures into warnings * Allow files to suppress warnings for specific modules * Remove comment-based allow-listing * Add changeset * Update .changeset/chatty-balloons-impress.md Co-authored-by: James M Snell <jasnell@gmail.com> * Pass through `defineNavigatorUserAgent` * Add tests * lockfile * Linting * fix tests --------- Co-authored-by: James M Snell <jasnell@gmail.com> * improve(r2): Update Sippy endpoint request payloads to match new schema (#4928) * fix(r2): update Sippy API request payloads * improve(r2): rename sippy flags for clarity * improve(r2): stricter existence in Sippy * [C3] Bump create-qwik from 1.4.3 to 1.4.4 in /packages/create-cloudflare/src/frameworks (#4935) * [C3] Bump create-qwik in /packages/create-cloudflare/src/frameworks Bumps [create-qwik](https://github.com/BuilderIO/qwik/tree/HEAD/packages/create-qwik) from 1.4.3 to 1.4.4. - [Release notes](https://github.com/BuilderIO/qwik/releases) - [Commits](https://github.com/BuilderIO/qwik/commits/v1.4.4/packages/create-qwik) --- updated-dependencies: - dependency-name: create-qwik dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * [C3] Update frameworks cli dependencies --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Wrangler automated PR updater <wrangler@cloudflare.com> * fix: allow `port` option to be specified with `unstable_dev()` (#4953) * Extend error handling of proxy request errors in ProxyWorker (#4867) * ignore stale proxy errors * attempt to recover from ProxyWorker fetch errors by requeuing the request (only if it is GET or HEAD) * add test * add changeset * refactor to flatten nested if-else blocks * requeue request for retry at front of queue * sort batch of requests in queue by order of arrival * Revert "sort batch of requests in queue by order of arrival" This reverts commit 3329f19. * Revert "requeue request for retry at front of queue" This reverts commit f0377b7. * prioritise requests being retried over requests being proxied for the first time * better comments * update changeset to match recommeded format * Update five-cooks-share.md (#4956) * Version Packages (#4934) Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Pete Bacon Darwin <pete@bacondarwin.com> Co-authored-by: Dario Piotrowicz <dario@cloudflare.com> Co-authored-by: James Culveyhouse <jculveyhouse@cloudflare.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Wrangler automated PR updater <wrangler@cloudflare.com> Co-authored-by: petero-dk <2478689+petero-dk@users.noreply.github.com> Co-authored-by: Dominik Picheta <dominikpicheta@googlemail.com> Co-authored-by: workers-devprod@cloudflare.com <116369605+workers-devprod@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Peter Wu <peter@lekensteyn.nl> Co-authored-by: Taylor Smith <tsmith@tsmith.com> Co-authored-by: Peter Bacon Darwin <pbacondarwin@cloudflare.com> Co-authored-by: Magnus Dahlstrand <magnusdahlstrand@users.noreply.github.com> Co-authored-by: Max Rozen <3822106+rozenmd@users.noreply.github.com> Co-authored-by: Nora Söderlund <norasoderlund@icloud.com> Co-authored-by: Samuel Macleod <smacleod@cloudflare.com> Co-authored-by: Dominik Picheta <dominik@cloudflare.com> Co-authored-by: James M Snell <jasnell@gmail.com> Co-authored-by: Siddhant <siddhant@cloudflare.com> Co-authored-by: Rahul Sethi <5822355+RamIdeas@users.noreply.github.com>

kentonv added the bug Something that isn't working label Jan 21, 2024

dario-piotrowicz added the c3 Relating to C3 (create-cloudflare) package label Jan 22, 2024

petebacondarwin added start-dev-worker Relating to the startDevWorker API regression Break in existing functionality as a result of a recent change and removed c3 Relating to C3 (create-cloudflare) package labels Jan 22, 2024

petebacondarwin self-assigned this Jan 22, 2024

petebacondarwin added pages Relating to Pages and removed start-dev-worker Relating to the startDevWorker API regression Break in existing functionality as a result of a recent change labels Jan 23, 2024

dario-piotrowicz mentioned this issue Jan 28, 2024

C3: replace Svelte's pages:dev with pages:preview and add optional previewScript to the c3 summary #4850

Merged

dario-piotrowicz closed this as completed in #4850 Jan 29, 2024

petebacondarwin reopened this Jan 29, 2024

petebacondarwin mentioned this issue Jan 31, 2024

fix: ensure that the Pages dev proxy server does not change the Host header #4888

Merged

6 tasks

petebacondarwin closed this as completed in 3679bc1 Feb 2, 2024

workers-devprod mentioned this issue Feb 2, 2024

Version Packages #4891

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

🐛 BUG: New SvelteKit project created by C3 rejects all POSTs #4799

🐛 BUG: New SvelteKit project created by C3 rejects all POSTs #4799

kentonv commented Jan 21, 2024 •

edited

dario-piotrowicz commented Jan 22, 2024 •

edited

mrbbot commented Jan 22, 2024

petebacondarwin commented Jan 22, 2024 •

edited

petebacondarwin commented Jan 23, 2024

petebacondarwin commented Jan 23, 2024

mrbbot commented Jan 24, 2024

petebacondarwin commented Jan 24, 2024

mrbbot commented Jan 24, 2024

petebacondarwin commented Jan 29, 2024

dario-piotrowicz commented Jan 29, 2024

petebacondarwin commented Jan 29, 2024

🐛 BUG: New SvelteKit project created by C3 rejects all POSTs #4799

🐛 BUG: New SvelteKit project created by C3 rejects all POSTs #4799

Comments

kentonv commented Jan 21, 2024 • edited

Which Cloudflare product(s) does this pertain to?

What version(s) of the tool(s) are you using?

What version of Node are you using?

What operating system are you using?

Describe the Bug

Please provide a link to a minimal reproduction

Please provide any relevant error logs

dario-piotrowicz commented Jan 22, 2024 • edited

mrbbot commented Jan 22, 2024

petebacondarwin commented Jan 22, 2024 • edited

petebacondarwin commented Jan 23, 2024

petebacondarwin commented Jan 23, 2024

mrbbot commented Jan 24, 2024

petebacondarwin commented Jan 24, 2024

mrbbot commented Jan 24, 2024

petebacondarwin commented Jan 29, 2024

dario-piotrowicz commented Jan 29, 2024

petebacondarwin commented Jan 29, 2024

kentonv commented Jan 21, 2024 •

edited

dario-piotrowicz commented Jan 22, 2024 •

edited

petebacondarwin commented Jan 22, 2024 •

edited