Merge branch 'main' into repl-legacy-compat

Author: Ocean-OS

apps/svelte.dev/content/docs/kit/20-core-concepts/60-remote-functions.md

@@ -161,7 +161,7 @@ export const getPost = query(v.string(), async (slug) => {
 
 Both the argument and the return value are serialized with [devalue](https://github.com/sveltejs/devalue), which handles types like `Date` and `Map` (and custom types defined in your [transport hook](hooks#Universal-hooks-transport)) in addition to JSON.
 
-### Updating queries
+### Refreshing queries
 
 Any query can be re-fetched via its `refresh` method, which retrieves the latest value from the server:
 
@@ -171,29 +171,6 @@ Any query can be re-fetched via its `refresh` method, which retrieves the latest
 </button>
 ```
 
-Alternatively, if you need to update its value manually, you can use the `set` method:
-
-```svelte
-<script>
-	import { getPosts } from './data.remote';
-	import { onMount } from 'svelte';
-
-	onMount(() => {
-		const ws = new WebSocket('/ws');
-		ws.addEventListener('message', (ev) => {
-			const message = JSON.parse(ev.data);
-			if (message.type === 'new-post') {
-				getPosts().set([
-					message.post,
-					...getPosts().current,
-				]);
-			}
-		});
-		return () => ws.close();
-	});
-</script>
-```
-
 > [!NOTE] Queries are cached while they're on the page, meaning `getPosts() === getPosts()`. This means you don't need a reference like `const posts = getPosts()` in order to update the query.
 
 ## form
@@ -294,6 +271,9 @@ import * as v from 'valibot';
 import { error, redirect } from '@sveltejs/kit';
 import { query, form } from '$app/server';
 const slug = '';
+const post = { id: '' };
+/** @type {any} */
+const externalApi = '';
 // ---cut---
 export const getPosts = query(async () => { /* ... */ });
 
@@ -309,6 +289,15 @@ export const createPost = form(async (data) => {
 	// Redirect to the newly created page
 	redirect(303, `/blog/${slug}`);
 });
+
+export const updatePost = form(async (data) => {
+	// form logic goes here...
+	const result = externalApi.update(post);
+
+	// The API already gives us the updated post,
+	// no need to refresh it, we can set it directly
+	+++await getPost(post.id).set(result);+++
+});
 ```
 
 The second is to drive the single-flight mutation from the client, which we'll see in the section on [`enhance`](#form-enhance).
@@ -565,6 +554,9 @@ export const addLike = command(v.string(), async (id) => {
 	`;
 
 	+++getLikes(id).refresh();+++
+	// Just like within form functions you can also do
+	// getLikes(id).set(...)
+	// in case you have the result already
 });
 ```
 

apps/svelte.dev/content/docs/kit/98-reference/[email protected]

@@ -2194,7 +2194,8 @@ type RemoteQuery<T> = RemoteResource<T> & {
 	/**
 	 * On the client, this function will update the value of the query without re-fetching it.
 	 *
-	 * On the server, this throws an error.
+	 * On the server, this can be called in the context of a `command` or `form` and the specified data will accompany the action response back to the client.
+	 * This prevents SvelteKit needing to refresh all queries on the page in a second server round-trip.
 	 */
 	set(value: T): void;
 	/**

apps/svelte.dev/content/docs/kit/98-reference/50-configuration.md

@@ -289,7 +289,9 @@ This is useful for allowing trusted third-party services like payment gateways o
 
 If the array contains `'*'`, all origins will be trusted. This is generally not recommended!
 
-**Warning**: Only add origins you completely trust, as this bypasses CSRF protection for those origins.
+> [!NOTE] Only add origins you completely trust, as this bypasses CSRF protection for those origins.
+
+CSRF checks only apply in production, not in local development.
 
 </div>
 </div>

apps/svelte.dev/package.json

@@ -52,7 +52,7 @@
 		"@supabase/supabase-js": "^2.43.4",
 		"@sveltejs/adapter-vercel": "^5.10.2",
 		"@sveltejs/enhanced-img": "^0.8.1",
-		"@sveltejs/kit": "^2.34.0",
+		"@sveltejs/kit": "^2.37.0",
 		"@sveltejs/site-kit": "workspace:*",
 		"@sveltejs/vite-plugin-svelte": "^6.1.3",
 		"@types/cookie": "^0.6.0",