fix: decode base64-serialized fetch bodies before caching them for client-side replay#16034
Merged
Merged
Conversation
🦋 Changeset detectedLatest commit: 69a4624 The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
agafonovim
force-pushed
the
fix/fetch-cache-b64-decode
branch
3 times, most recently
from
a39de49 to
91d07f9
Compare
agafonovim
force-pushed
the
fix/fetch-cache-b64-decode
branch
from
91d07f9 to
89f289e
Compare
agafonovim
force-pushed
the
fix/fetch-cache-b64-decode
branch
from
89f289e to
69a4624
Compare
Member
|
Please stop force pushing. |
Contributor
Author
Sorry about that, I was updating the branch and got caught up looking into the flaky tests. I won’t force-push anymore. |
Merged
huskas-2189
pushed a commit
to huskas-2189/Bookmark
that referenced
this pull request
Jun 20, 2026
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [@sveltejs/kit](https://svelte.dev) ([source](https://github.com/sveltejs/kit/tree/HEAD/packages/kit)) | [`2.65.1` → `2.66.0`](https://renovatebot.com/diffs/npm/@sveltejs%2fkit/2.65.1/2.66.0) |  |  | --- ### Release Notes <details> <summary>sveltejs/kit (@​sveltejs/kit)</summary> ### [`v2.66.0`](https://github.com/sveltejs/kit/blob/HEAD/packages/kit/CHANGELOG.md#2660) [Compare Source](https://github.com/sveltejs/kit/compare/@sveltejs/kit@2.65.2...@sveltejs/kit@2.66.0) ##### Minor Changes - feat: precompress prerendered `.md` and `.mdx` files ([#​15893](sveltejs/kit#15893)) - feat: warn the user when they forget to make boolean inputs optional in their form schemas ([#​15804](sveltejs/kit#15804)) ##### Patch Changes - fix: blur active element before component update during navigation so that blur/focusout handlers fire while old component data is still valid ([#​15452](sveltejs/kit#15452)) - fix: ensure `base` is available from `$service-worker` during development ([#​15882](sveltejs/kit#15882)) - fix: use correct relative asset paths when rendering an error page for a missing `__data.json` request ([#​15884](sveltejs/kit#15884)) - fix: preserve active `for await` consumers across `query.live` reconnects ([#​16022](sveltejs/kit#16022)) - fix: settle `query.live` reconnect promise on all exit paths, preventing `invalidateAll()` from deadlocking when a live query is offline or interrupted ([#​16022](sveltejs/kit#16022)) - fix: preserve last value when a `query.live` stream completes without yielding on reconnect ([#​16022](sveltejs/kit#16022)) - fix: remove `types: ['node']` from generated tsconfig to avoid errors when `@types/node` is not installed ([#​15709](sveltejs/kit#15709)) - fix: prefer pages over endpoints when prerendering ([#​16076](sveltejs/kit#16076)) - fix: restore snapshots after afterNavigate callbacks ([#​16066](sveltejs/kit#16066)) - fix: support `ws:`/`wss:` and `trusted-types-eval` for CSP sources ([#​15938](sveltejs/kit#15938)) - fix: omit empty `file` inputs from remote form data ([#​15898](sveltejs/kit#15898)) - fix: fail early if a route with `+page` and `+server` is marked as prerenderable ([#​16075](sveltejs/kit#16075)) - fix: wait a tick before resetting forms ([#​15805](sveltejs/kit#15805)) - fix: `preflight` schemas apply correctly when chained before `for` ([#​15863](sveltejs/kit#15863)) - fix: blank page in SPA mode when root layout `load()` throws ([#​15798](sveltejs/kit#15798)) - fix: pass all unknown options from the `sveltekit` Vite plugin through to `vite-plugin-svelte` ([#​16010](sveltejs/kit#16010)) ### [`v2.65.2`](https://github.com/sveltejs/kit/blob/HEAD/packages/kit/CHANGELOG.md#2652) [Compare Source](https://github.com/sveltejs/kit/compare/@sveltejs/kit@2.65.1...@sveltejs/kit@2.65.2) ##### Patch Changes - fix: throw an error when prerendering a root +server.js that returns a non-HTML response ([#​15994](sveltejs/kit#15994)) - fix: decode base64-serialized fetch bodies before caching them for client-side replay ([#​16034](sveltejs/kit#16034)) - fix: correctly access explicit dynamic public environment variables from prerendered pages and service workers ([#​16024](sveltejs/kit#16024)) - fix: allow `preloadCode` to be called during initial page load ([#​16028](sveltejs/kit#16028)) - fix: send `cache-control: private, no-store` on remote function responses so personalized query results can never be cached by shared caches ([#​16020](sveltejs/kit#16020)) - fix: preserve the HTTP status and error body when a remote function request fails in transport (e.g. a 401/403 from a `handle` hook), instead of reporting a generic 500 ([#​16021](sveltejs/kit#16021)) - fix: avoid loading universal nodes during build analysis when the app uses a hash router ([#​16042](sveltejs/kit#16042)) - fix: correctly serve client entry during development when using the pnpm global virtual store ([#​16045](sveltejs/kit#16045)) - fix: normalize path separators when comparing config ([#​16037](sveltejs/kit#16037)) - fix: ensure `building` resolves correctly to allow avoiding build-time explicit environment variable validation ([#​16058](sveltejs/kit#16058)) - fix: prevent unhandled promise rejections when remote function failures are consumed via `current`/`error` instead of `await` ([#​16018](sveltejs/kit#16018)) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled because a matching PR was automerged previously. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMjAuMCIsInVwZGF0ZWRJblZlciI6IjQzLjIyMC4wIiwidGFyZ2V0QnJhbmNoIjoiZGV2ZWxvcCIsImxhYmVscyI6W119--> Reviewed-on: https://codeberg.org/huskas-2189/Bookmark/pulls/126
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When a universal
loadfetches a binary resource during SSR, the response is serialized into the page as<script data-sveltekit-fetched data-b64 data-ttl="...">(data-ttlderived from the response'ss-maxage/max-age,data-b64marking a base64-encoded body).During hydration,
initial_fetchstores the entry in the client-side fetch cache before decoding the body:So the cache holds the raw base64 string. When the user client-side navigates back to the page within the TTL window,
subsequent_fetchreplaysnew Response(cached.body, cached.init)and the load function receives base64 text instead of the original bytes — e.g. an endpoint returning[1, 2, 3, 4]is replayed as[65, 81, 73, 68, 66, 65, 61, 61](the UTF-8 bytes of"AQIDBA=="). Anything that parses the body (protobuf, images, etc.) breaks, and only on cached client-side re-navigation, which makes it look like a flaky backend.The fix moves the decode above the
cache.setso the cache stores the decoded bytes; the hydration-timeResponseis unaffected (it was already constructed after decoding).Includes a regression test mirroring the existing
fetch-cache-controlsuite: a binary endpoint withcache-control: public, max-age=7, client-side navigation away and back, asserting the byte content and that no new request was made. It fails onmainwith the corrupted bytes above and passes with this change; the neighbouring cache and b64 serialization tests stay green.Please don't delete this checklist! Before submitting the PR, please make sure you do the following:
Tests
pnpm testand lint the project withpnpm lintandpnpm checkChangesets
pnpm changesetand following the prompts. Changesets that add features should beminorand those that fix bugs should bepatch. Please prefix changeset messages withfeat:,fix:, orchore:.Edits