prevent loading of illegal modules in the browser (#7507)

* prevent loading of illegal modules in the browser * update test * rename function * fix * remove dev test * remove unused consts * simpler checking code * move tests (still failing) * fix tests * remove only * fix * remove unnecessary default parameter * move path normalization out of graph_analysis * reinstate tests * ugh * doh, we need the dev-only test app * no longer necessary * fix * fixes * slow clap for windows * ah come on * get tests passing + windows path shenanigans * fix build tests * more crossplatform posixify stuff * use consistent terminology between dev and build * ugh. print error messages so we can see why windows is being a dick * fml. can everyone just stop using fucking windows * try this * ok turn everything back on * Create soft-gorillas-hear.md Co-authored-by: Ben McCann <322311+benmccann@users.noreply.github.com> Co-authored-by: Simon Holthausen <simon.holthausen@vercel.com>
sveltejs · Nov 10, 2022 · 6ba57ab · 6ba57ab
1 parent d00542b
commit 6ba57ab
Show file tree

Hide file tree

Showing 29 changed files with 331 additions and 566 deletions.
diff --git a/.changeset/soft-gorillas-hear.md b/.changeset/soft-gorillas-hear.md
@@ -0,0 +1,5 @@
+---
+"@sveltejs/kit": patch
+---
+
+prevent loading of illegal modules in the browser, rather than during SSR
diff --git a/packages/kit/scripts/special-types/$env+dynamic+private.md b/packages/kit/scripts/special-types/$env+dynamic+private.md
@@ -1,6 +1,6 @@
 This module provides access to runtime environment variables, as defined by the platform you're running on. For example if you're using [`adapter-node`](https://github.com/sveltejs/kit/tree/master/packages/adapter-node) (or running [`vite preview`](https://kit.svelte.dev/docs/cli)), this is equivalent to `process.env`. This module only includes variables that _do not_ begin with [`config.kit.env.publicPrefix`](https://kit.svelte.dev/docs/configuration#env).
 
-This module cannot be imported into public-facing code.
+This module cannot be imported into client-side code.
 
 ```ts
 import { env } from '$env/dynamic/private';

diff --git a/packages/kit/scripts/special-types/$env+static+private.md b/packages/kit/scripts/special-types/$env+static+private.md
@@ -1,4 +1,4 @@
-Environment variables [loaded by Vite](https://vitejs.dev/guide/env-and-mode.html#env-files) from `.env` files and `process.env`. Like [`$env/dynamic/private`](https://kit.svelte.dev/docs/modules#$env-dynamic-private), this module cannot be imported into public-facing code. This module only includes variables that _do not_ begin with [`config.kit.env.publicPrefix`](https://kit.svelte.dev/docs/configuration#env).
+Environment variables [loaded by Vite](https://vitejs.dev/guide/env-and-mode.html#env-files) from `.env` files and `process.env`. Like [`$env/dynamic/private`](https://kit.svelte.dev/docs/modules#$env-dynamic-private), this module cannot be imported into client-side code. This module only includes variables that _do not_ begin with [`config.kit.env.publicPrefix`](https://kit.svelte.dev/docs/configuration#env).
 
 _Unlike_ [`$env/dynamic/private`](https://kit.svelte.dev/docs/modules#$env-dynamic-private), the values exported from this module are statically injected into your bundle at build time, enabling optimisations like dead code elimination.
 

diff --git a/packages/kit/scripts/special-types/$lib.md b/packages/kit/scripts/special-types/$lib.md
@@ -2,4 +2,4 @@ This is a simple alias to `src/lib`, or whatever directory is specified as [`con
 
 #### `$lib/server`
 
-A subdirectory of `$lib`. SvelteKit will prevent you from importing any modules in `$lib/server` into public-facing code. See [server-only modules](/docs/server-only-modules).
+A subdirectory of `$lib`. SvelteKit will prevent you from importing any modules in `$lib/server` into client-side code. See [server-only modules](/docs/server-only-modules).
diff --git a/packages/kit/src/exports/vite/dev/index.js b/packages/kit/src/exports/vite/dev/index.js
@@ -11,9 +11,7 @@ import { load_error_page, load_template } from '../../../core/config/index.js';
 import { SVELTE_KIT_ASSETS } from '../../../constants.js';
 import * as sync from '../../../core/sync/sync.js';
 import { get_mime_lookup, runtime_base, runtime_prefix } from '../../../core/utils.js';
-import { prevent_illegal_vite_imports } from '../graph_analysis/index.js';
 import { compact } from '../../../utils/array.js';
-import { normalizePath } from 'vite';
 
 // Vite doesn't expose this so we just copy the list for now
 // https://github.com/vitejs/vite/blob/3edd1af56e980aef56641a5a51cf2932bb580d41/packages/vite/src/node/plugins/css.ts#L96
@@ -43,8 +41,6 @@ export async function dev(vite, vite_config, svelte_config) {
 	/** @type {import('types').SSRManifest} */
 	let manifest;
 
-	const extensions = [...svelte_config.extensions, ...svelte_config.kit.moduleExtensions];
-
 	/** @param {string} id */
 	async function resolve(id) {
 		const url = id.startsWith('..') ? `/@fs${path.posix.resolve(id)}` : `/${id}`;
@@ -94,12 +90,6 @@ export async function dev(vite, vite_config, svelte_config) {
 								module_nodes.push(module_node);
 								result.file = url.endsWith('.svelte') ? url : url + '?import'; // TODO what is this for?
 
-								prevent_illegal_vite_imports(
-									module_node,
-									normalizePath(svelte_config.kit.files.lib),
-									extensions
-								);
-
 								return module.default;
 							};
 						}
@@ -110,12 +100,6 @@ export async function dev(vite, vite_config, svelte_config) {
 							module_nodes.push(module_node);
 
 							result.shared = module;
-
-							prevent_illegal_vite_imports(
-								module_node,
-								normalizePath(svelte_config.kit.files.lib),
-								extensions
-							);
 						}
 
 						if (node.server) {