#1167834da907 Thanks @ematipico! - Fixes a case where omitting a semicolon and line ending with carriage return - CRLF - in the prerender option could throw an error.
Server island props are now encrypted with a key generated at build-time. This is intended to prevent accidentally leaking secrets caused by exposing secrets through prop-passing. This is not intended to allow a server island to be trusted to skip authentication, or to protect against any other vulnerabilities other than secret leakage.
#11655dc0a297 Thanks @billy-le! - Fixes Astro Actions input validation when using default values with a form input.
#11689c7bda4c Thanks @ematipico! - Fixes an issue in the Astro actions, where the size of the generated cookie was exceeding the size permitted by the Set-Cookie header.
#1165813b912a Thanks @bholmesdev! - Fixes orThrow() type when calling an Action without an input validator.
#11603f31d466 Thanks @bholmesdev! - Improves user experience when render an Action result from a form POST request:
Removes "Confirm post resubmission?" dialog when refreshing a result.
Removes the ?_astroAction=NAME flag when a result is rendered.
Also improves the DX of directing to a new route on success. Actions will now redirect to the route specified in your action string on success, and redirect back to the previous page on error. This follows the routing convention of established backend frameworks like Laravel.
For example, say you want to redirect to a /success route when actions.signup succeeds. You can add /success to your action string like so:
On error, Astro will redirect back to the current page.
You can retrieve the action result from either page using the Astro.getActionResult() function.
Note on security
This uses a temporary cookie to forward the action result to the next page. The cookie will be deleted when that page is rendered.
⚠ The action result is not encrypted. In general, we recommend returning minimal data from an action handler to a) avoid leaking sensitive information, and b) avoid unexpected render issues once the temporary cookie is deleted. For example, a login function may return a user's session id to retrieve from your Astro frontmatter, rather than the entire user object.
astro@4.13.2
Patch Changes
#11648589d351 Thanks @bholmesdev! - Fixes unexpected error when refreshing a POST request from a form using Actions.
#1167834da907 Thanks @ematipico! - Fixes a case where omitting a semicolon and line ending with carriage return - CRLF - in the prerender option could throw an error.
Server island props are now encrypted with a key generated at build-time. This is intended to prevent accidentally leaking secrets caused by exposing secrets through prop-passing. This is not intended to allow a server island to be trusted to skip authentication, or to protect against any other vulnerabilities other than secret leakage.
#11655dc0a297 Thanks @billy-le! - Fixes Astro Actions input validation when using default values with a form input.
#11689c7bda4c Thanks @ematipico! - Fixes an issue in the Astro actions, where the size of the generated cookie was exceeding the size permitted by the Set-Cookie header.
#1165813b912a Thanks @bholmesdev! - Fixes orThrow() type when calling an Action without an input validator.
#11603f31d466 Thanks @bholmesdev! - Improves user experience when render an Action result from a form POST request:
Removes "Confirm post resubmission?" dialog when refreshing a result.
Removes the ?_astroAction=NAME flag when a result is rendered.
Also improves the DX of directing to a new route on success. Actions will now redirect to the route specified in your action string on success, and redirect back to the previous page on error. This follows the routing convention of established backend frameworks like Laravel.
For example, say you want to redirect to a /success route when actions.signup succeeds. You can add /success to your action string like so:
On error, Astro will redirect back to the current page.
You can retrieve the action result from either page using the Astro.getActionResult() function.
Note on security
This uses a temporary cookie to forward the action result to the next page. The cookie will be deleted when that page is rendered.
⚠ The action result is not encrypted. In general, we recommend returning minimal data from an action handler to a) avoid leaking sensitive information, and b) avoid unexpected render issues once the temporary cookie is deleted. For example, a login function may return a user's session id to retrieve from your Astro frontmatter, rather than the entire user object.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot]
commented
1 month ago
Bumps astro from 4.12.1 to 4.13.4.
Release notes
Sourced from astro's releases.
... (truncated)
Changelog
Sourced from astro's changelog.
... (truncated)
Commits
6bb0014[ci] release (#11686)cb98b74[ci] formatc7bda4cfix(actions): save error stack trace in memory (#11689)315ec07fix(deps): update all non-major dependencies (#11674)f5616a8[ci] format932bd2eEncrypt server islands props (#11535)5c9183a[ci] formatdc0a297Set action input default values from zod if FormData key is not present (#11655)242be51[ci] format34da907fix: make semicolon optional when detectingprerenderoption (#11678)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show