Skip to content

fix: bypass deployment protection for read when fetching files in an edge function #14147

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Aug 19, 2025
Merged

fix: bypass deployment protection for read when fetching files in an edge function #14147

merged 4 commits into from
Aug 19, 2025
+35 −2

Conversation

eltigerchino
Copy link
Member

@eltigerchino eltigerchino commented Aug 8, 2025
edited
Loading

When an edge function uses read, it needs to fetch the file. This can result in a 401 Unauthorized error if Vercel's deployment protection is enabled.

This PR adds the automatically generated secret to bypass the protection when fetching the file. However, the user must have enabled protection bypass automation for it to work. See https://vercel.com/docs/deployment-protection/methods-to-bypass-deployment-protection/protection-bypass-automation

Not sure how to detect if the deployment is protected or not so we can tell the user to enable bypass if they run into a 401 error. Is it enough to throw this error if we receive the 401 error regardless of if protection has been enabled?

Please don't delete this checklist! Before submitting the PR, please make sure you do the following:

  • It's really useful if your PR references an issue where it is discussed ahead of time. In many cases, features are absent for a reason. For large changes, please create an RFC: https://github.com/sveltejs/rfcs
  • This message body should clearly illustrate what problems it solves.
  • Ideally, include a test that fails without this PR but passes with it.

No test unless we can get a test app deployed through CI and perform playwright tests on it from there.

Tests

  • Run the tests with pnpm test and lint the project with pnpm lint and pnpm check

Changesets

  • If your PR makes a change that should be noted in one or more packages' changelogs, generate a changeset by running pnpm changeset and following the prompts. Changesets that add features should be minor and those that fix bugs should be patch. Please prefix changeset messages with feat:, fix:, or chore:.

Edits

  • Please ensure that 'Allow edits from maintainers' is checked. PRs without this option may be closed.

@eltigerchino eltigerchino added the pkg:adapter-vercel Pertaining to the Vercel adapter label Aug 8, 2025
@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Aug 8, 2025
edited
Loading

🦋 Changeset detected

Latest commit: 19c67bf

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@sveltejs/adapter-vercel Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@svelte-docs-bot
Copy link

Preview: https://svelte-dev-git-preview-kit-14147-svelte.vercel.app/

Rich-Harris
Rich-Harris approved these changes Aug 19, 2025
View reviewed changes
Copy link
Member

@Rich-Harris Rich-Harris left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried looking into whether you could determine at build time that deployment protection was enabled with no automation bypass, but it seems not, so runtime error it is.

I added some docs, and tweaked the error message to link to them so that it's a bit easier to figure out what the problem is and how to fix it

@Rich-Harris Rich-Harris merged commit 0852d7e into main Aug 19, 2025
21 checks passed
@Rich-Harris Rich-Harris deleted the fix-vercel-edge-read-deployment-protection branch August 19, 2025 14:01
This was referenced Aug 19, 2025
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Rich-Harris Rich-Harris Rich-Harris approved these changes

Assignees
No one assigned
Labels
pkg:adapter-vercel Pertaining to the Vercel adapter
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@eltigerchino @Rich-Harris