Release Notes
Major Changes
breaking:
handle'sresolveis now typed to always return aPromise(#16352)breaking: replace the
$libalias with#liband removefiles.libconfig. (#16360)breaking: disallow cross-origin form submissions without a
Content-Typeheader (#16347)breaking: Server-only directories (
/server/in the path) are now treated as server-only everywhere inside the project (exceptsrc/routesand the assets directory) (#16360)breaking: delegate CORS handling to Vite for static directory requests during development (#16357)
Minor Changes
- feat: reinstate
$env/static/private,$env/dynamic/private,$env/static/public,$env/dynamic/publicand$app/environmentas deprecated aliases for$app/env/private$app/env/publicand$app/env(#16334)
Patch Changes
perf: cache the default cookie header parse and avoid allocations in
cookies.get(#16341)fix: avoid client-side code being bundled by Cloudflare Wrangler (#16364)
fix: handle rejected streamed server data after delayed loads (#16268)
fix: enable CSRF protection in builds with a non-production
NODE_ENVvalue (#16313)