Skip to content

fix: allow commands from within endpoints #14343

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Sep 11, 2025
Merged

fix: allow commands from within endpoints #14343

merged 4 commits into from
Sep 11, 2025

Conversation

dummdidumm
Copy link
Member

fixes #14325

Please don't delete this checklist! Before submitting the PR, please make sure you do the following:

  • It's really useful if your PR references an issue where it is discussed ahead of time. In many cases, features are absent for a reason. For large changes, please create an RFC: https://github.com/sveltejs/rfcs
  • This message body should clearly illustrate what problems it solves.
  • Ideally, include a test that fails without this PR but passes with it.

Tests

  • Run the tests with pnpm test and lint the project with pnpm lint and pnpm check

Changesets

  • If your PR makes a change that should be noted in one or more packages' changelogs, generate a changeset by running pnpm changeset and following the prompts. Changesets that add features should be minor and those that fix bugs should be patch. Please prefix changeset messages with feat:, fix:, or chore:.

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Aug 28, 2025
edited
Loading

🦋 Changeset detected

Latest commit: 4b4de69

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@sveltejs/kit Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@dummdidumm dummdidumm force-pushed the command-in-endpoint branch from d1be925 to 45e6ef9 Compare August 28, 2025 22:10
MAttila42
MAttila42 approved these changes Aug 29, 2025
View reviewed changes
Copy link

@MAttila42 MAttila42 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

Rich-Harris
Rich-Harris previously requested changes Aug 30, 2025
View reviewed changes
Copy link
Member

@Rich-Harris Rich-Harris left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure this is quite right — surely we want to allow commands in POST requests etc, but not in GET/HEAD?

@MAttila42
Copy link

Are you suggesting that SvelteKit should not let developers use certain remote functions inside certain endpoints because of opinions?

@dummdidumm
Copy link
Member Author

I'm not sure this is quite right — surely we want to allow commands in POST requests etc, but not in GET/HEAD?

For what technical reason?

@Rich-Harris
Copy link
Member

RFC 9110 on HTTP semantics says this:

Request methods are considered "safe" if their defined semantics are essentially read-only; i.e., the client does not request, and does not expect, any state change on the origin server as a result of applying a safe method to a target resource. Likewise, reasonable use of a safe method is not expected to cause any harm, loss of property, or unusual burden on the origin server ... Of the request methods defined by this specification, the GET, HEAD, OPTIONS, and TRACE methods are defined to be safe.

GET and HEAD are safe — aka side-effect-free — methods. command and form are means of producing side-effects. They are incompatible.

@dummdidumm
Copy link
Member Author

So no technical reason but spec reason. I'm fine looking into adjusting this, just wanted to clarify

@dummdidumm dummdidumm dismissed Rich-Harris’s stale review September 2, 2025 22:18

implemented endpoint method check for commands

@svelte-docs-bot
Copy link

Preview: https://svelte-dev-git-preview-kit-14343-svelte.vercel.app/

@Rich-Harris Rich-Harris merged commit f886d33 into main Sep 11, 2025
22 checks passed
@Rich-Harris Rich-Harris deleted the command-in-endpoint branch September 11, 2025 01:34
@github-actions github-actions bot mentioned this pull request Sep 10, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Rich-Harris Rich-Harris Rich-Harris approved these changes

+1 more reviewer

@MAttila42 MAttila42 MAttila42 approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Remote Functions: Cannot call a command during server-side rendering when calling a command from an API endpoint
3 participants
@dummdidumm @MAttila42 @Rich-Harris