Read mode/credentials from init object, not request (#7453)

* [fix] fetch erroring on Cloudflare Fixes #6739 * alternative to #7192 Co-authored-by: The Noah <thenoahbz@gmail.com>
sveltejs · Oct 31, 2022 · 9f57ff3 · 9f57ff3
1 parent 24561fb
commit 9f57ff3
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 9 deletions.
diff --git a/.changeset/tidy-tables-think.md b/.changeset/tidy-tables-think.md
@@ -0,0 +1,5 @@
+---
+'@sveltejs/kit': patch
+---
+
+[fix] fetch erroring on Cloudflare
diff --git a/packages/kit/src/runtime/server/fetch.js b/packages/kit/src/runtime/server/fetch.js
@@ -12,13 +12,19 @@ import { respond } from './index.js';
  */
 export function create_fetch({ event, options, state, get_cookie_header }) {
 	return async (info, init) => {
-		const request = normalize_fetch_input(info, init, event.url);
+		const original_request = normalize_fetch_input(info, init, event.url);
 
 		const request_body = init?.body;
 
+		// some runtimes (e.g. Cloudflare) error if you access `request.mode`,
+		// annoyingly, so we need to read the value from the `init` object instead
+		let mode = (info instanceof Request ? info.mode : init?.mode) ?? 'cors';
+		let credentials =
+			(info instanceof Request ? info.credentials : init?.credentials) ?? 'same-origin';
+
 		return await options.hooks.handleFetch({
 			event,
-			request,
+			request: original_request,
 			fetch: async (info, init) => {
 				const request = normalize_fetch_input(info, init, event.url);
 
@@ -28,10 +34,16 @@ export function create_fetch({ event, options, state, get_cookie_header }) {
 					request.headers.set('origin', event.url.origin);
 				}
 
+				if (info !== original_request) {
+					mode = (info instanceof Request ? info.mode : init?.mode) ?? 'cors';
+					credentials =
+						(info instanceof Request ? info.credentials : init?.credentials) ?? 'same-origin';
+				}
+
 				// Remove Origin, according to https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin#description
 				if (
 					(request.method === 'GET' || request.method === 'HEAD') &&
-					((request.mode === 'no-cors' && url.origin !== event.url.origin) ||
+					((mode === 'no-cors' && url.origin !== event.url.origin) ||
 						url.origin === event.url.origin)
 				) {
 					request.headers.delete('origin');
@@ -46,17 +58,14 @@ export function create_fetch({ event, options, state, get_cookie_header }) {
 					// - sub.my.domain.com WILL receive cookies
 					// ports do not affect the resolution
 					// leading dot prevents mydomain.com matching domain.com
-					if (
-						`.${url.hostname}`.endsWith(`.${event.url.hostname}`) &&
-						request.credentials !== 'omit'
-					) {
+					if (`.${url.hostname}`.endsWith(`.${event.url.hostname}`) && credentials !== 'omit') {
 						const cookie = get_cookie_header(url, request.headers.get('cookie'));
 						if (cookie) request.headers.set('cookie', cookie);
 					}
 
 					let response = await fetch(request);
 
-					if (request.mode === 'no-cors') {
+					if (mode === 'no-cors') {
 						response = new Response('', {
 							status: response.status,
 							statusText: response.statusText,
@@ -109,7 +118,7 @@ export function create_fetch({ event, options, state, get_cookie_header }) {
 					return await fetch(request);
 				}
 
-				if (request.credentials !== 'omit') {
+				if (credentials !== 'omit') {
 					const cookie = get_cookie_header(url, request.headers.get('cookie'));
 					if (cookie) {
 						request.headers.set('cookie', cookie);