diff options
Diffstat (limited to 'packages/integrations/react')
| -rw-r--r-- | packages/integrations/react/CHANGELOG.md | 6 | ||||
| -rw-r--r-- | packages/integrations/react/package.json | 6 | ||||
| -rw-r--r-- | packages/integrations/react/server.js | 6 | ||||
| -rw-r--r-- | packages/integrations/react/src/actions.ts | 6 |
4 files changed, 14 insertions, 10 deletions
diff --git a/packages/integrations/react/CHANGELOG.md b/packages/integrations/react/CHANGELOG.md index 45f9ffaeb..31c9066ca 100644 --- a/packages/integrations/react/CHANGELOG.md +++ b/packages/integrations/react/CHANGELOG.md @@ -1,5 +1,11 @@ # @astrojs/react +## 3.7.0-beta.1 + +### Minor Changes + +- [#12510](https://github.com/withastro/astro/pull/12510) [`14feaf3`](https://github.com/withastro/astro/commit/14feaf30e1a4266b8422865722a4478d39202404) Thanks [@bholmesdev](https://github.com/bholmesdev)! - Changes the generated URL query param from `_astroAction` to `_action` when submitting a form using Actions. This avoids leaking the framework name into the URL bar, which may be considered a security issue. + ## 3.6.3 ### Patch Changes diff --git a/packages/integrations/react/package.json b/packages/integrations/react/package.json index e4662b820..4a0c7262b 100644 --- a/packages/integrations/react/package.json +++ b/packages/integrations/react/package.json @@ -1,7 +1,7 @@ { "name": "@astrojs/react", "description": "Use React components within Astro", - "version": "3.6.3", + "version": "3.7.0-beta.1", "type": "module", "types": "./dist/index.d.ts", "author": "withastro", @@ -51,7 +51,7 @@ "dependencies": { "@vitejs/plugin-react": "^4.3.4", "ultrahtml": "^1.5.3", - "vite": "^5.4.11" + "vite": "^6.0.1" }, "devDependencies": { "@types/react": "^18.3.12", @@ -69,7 +69,7 @@ "react-dom": "^17.0.2 || ^18.0.0 || ^19.0.0-beta" }, "engines": { - "node": "^18.17.1 || ^20.3.0 || >=21.0.0" + "node": "^18.17.1 || ^20.3.0 || >=22.0.0" }, "publishConfig": { "provenance": true diff --git a/packages/integrations/react/server.js b/packages/integrations/react/server.js index 69b0a8e12..9c3c309cc 100644 --- a/packages/integrations/react/server.js +++ b/packages/integrations/react/server.js @@ -126,11 +126,7 @@ async function getFormState({ result }) { * This matches the endpoint path. * @example "/_actions/blog.like" */ - const actionName = - searchParams.get('_astroAction') ?? - /* Legacy. TODO: remove for stable */ formData - .get('_astroAction') - ?.toString(); + const actionName = searchParams.get('_action'); if (!actionKey || !actionName) return undefined; diff --git a/packages/integrations/react/src/actions.ts b/packages/integrations/react/src/actions.ts index a5ccb2f9a..06ecd4148 100644 --- a/packages/integrations/react/src/actions.ts +++ b/packages/integrations/react/src/actions.ts @@ -26,7 +26,7 @@ export function experimental_withState<T>(action: FormFn<T>) { // Called by React when form state is passed from the server. // If the action names match, React returns this state from `useActionState()`. callback.$$IS_SIGNATURE_EQUAL = (incomingActionName: string) => { - const actionName = new URLSearchParams(action.toString()).get('_astroAction'); + const actionName = new URLSearchParams(action.toString()).get('_action'); return actionName === incomingActionName; }; @@ -46,7 +46,9 @@ export function experimental_withState<T>(action: FormFn<T>) { */ export async function experimental_getActionState<T>({ request, -}: { request: Request }): Promise<T> { +}: { + request: Request; +}): Promise<T> { const contentType = request.headers.get('Content-Type'); if (!contentType || !isFormRequest(contentType)) { throw new AstroError( |