-
-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OPTIONS http calls trigger loader functions #9217
Comments
This isn't specific to For For |
@Rich-Harris can you lend any clarity as to why Vercel's feature branch deployments are making these OPTIONS calls, but not the main deployment (even when run on the auto-generated, similar Vercel domain) |
I think any http method not exported in +server.js or covered by a page or form action should return a 405 Method not allowed and a list of currently allowed methods in the Alternatively, I've read that a 404 could be returned to hide allowed methods and reduce attack surface area. |
Created a reproducible here. Run We could add a kit/packages/kit/src/runtime/server/respond.js Lines 368 to 369 in c0612a8
|
I was scratching my head why this happens, too - turns out that |
Describe the bug
This is a tricky one to explain.
When you push commits to non-Main branches, Vercel creates deployments off of those branches. When you run those deployments, for some reason there's a network request fired off on all requests (as far as I can tell) with the http verb OPTIONS. This happens only with non-main (ie feature branch) deployments, not with the main deployment off of Master (Main).
When these OPTIONS requests happen, the loader functions run. @Rich-Harris tells me the loaders should not run under these circumstances, and asked me to repro. Here's the repro. (whether the OPTIONS request itself is supposed to happen at all I'm still not clear on).
This is a straight clone of the default SvelteKit project. I added a shared loader to the root page (and shut off prerender).
https://github.com/arackaf/sveltekit-options-loader-bug
After deploying to Vercel, and then pushing to some non-Main branch, opening that deployment, and then looking at the logs, I see those OPTIONS requests, and logging happening from the loader on them.
Reproduction
See above
Logs
System Info
Severity
annoyance
Additional Information
No response
The text was updated successfully, but these errors were encountered: