diff --git a/apps/svelte.dev/content/docs/kit/20-core-concepts/60-remote-functions.md b/apps/svelte.dev/content/docs/kit/20-core-concepts/60-remote-functions.md
index 072e3270db..91b29cbd54 100644
--- a/apps/svelte.dev/content/docs/kit/20-core-concepts/60-remote-functions.md
+++ b/apps/svelte.dev/content/docs/kit/20-core-concepts/60-remote-functions.md
@@ -163,7 +163,7 @@ Both the argument and the return value are serialized with [devalue](https://git
### Refreshing queries
-Any query can be updated via its `refresh` method:
+Any query can be re-fetched via its `refresh` method, which retrieves the latest value from the server:
```svelte
```
-> [!NOTE] Queries are cached while they're on the page, meaning `getPosts() === getPosts()`. This means you don't need a reference like `const posts = getPosts()` in order to refresh the query.
+> [!NOTE] Queries are cached while they're on the page, meaning `getPosts() === getPosts()`. This means you don't need a reference like `const posts = getPosts()` in order to update the query.
## form
@@ -271,6 +271,9 @@ import * as v from 'valibot';
import { error, redirect } from '@sveltejs/kit';
import { query, form } from '$app/server';
const slug = '';
+const post = { id: '' };
+/** @type {any} */
+const externalApi = '';
// ---cut---
export const getPosts = query(async () => { /* ... */ });
@@ -286,6 +289,15 @@ export const createPost = form(async (data) => {
// Redirect to the newly created page
redirect(303, `/blog/${slug}`);
});
+
+export const updatePost = form(async (data) => {
+ // form logic goes here...
+ const result = externalApi.update(post);
+
+ // The API already gives us the updated post,
+ // no need to refresh it, we can set it directly
+ +++await getPost(post.id).set(result);+++
+});
```
The second is to drive the single-flight mutation from the client, which we'll see in the section on [`enhance`](#form-enhance).
@@ -542,6 +554,9 @@ export const addLike = command(v.string(), async (id) => {
`;
+++getLikes(id).refresh();+++
+ // Just like within form functions you can also do
+ // getLikes(id).set(...)
+ // in case you have the result already
});
```
diff --git a/apps/svelte.dev/content/docs/kit/98-reference/10-@sveltejs-kit.md b/apps/svelte.dev/content/docs/kit/98-reference/10-@sveltejs-kit.md
index 557e08020f..5b13fb4d7f 100644
--- a/apps/svelte.dev/content/docs/kit/98-reference/10-@sveltejs-kit.md
+++ b/apps/svelte.dev/content/docs/kit/98-reference/10-@sveltejs-kit.md
@@ -2191,6 +2191,13 @@ type RemotePrerenderFunction = (
```dts
type RemoteQuery = RemoteResource & {
+ /**
+ * On the client, this function will update the value of the query without re-fetching it.
+ *
+ * On the server, this can be called in the context of a `command` or `form` and the specified data will accompany the action response back to the client.
+ * This prevents SvelteKit needing to refresh all queries on the page in a second server round-trip.
+ */
+ set(value: T): void;
/**
* On the client, this function will re-fetch the query from the server.
*
diff --git a/apps/svelte.dev/content/docs/kit/98-reference/50-configuration.md b/apps/svelte.dev/content/docs/kit/98-reference/50-configuration.md
index 5a5c7c0bbd..170e448b01 100644
--- a/apps/svelte.dev/content/docs/kit/98-reference/50-configuration.md
+++ b/apps/svelte.dev/content/docs/kit/98-reference/50-configuration.md
@@ -289,7 +289,9 @@ This is useful for allowing trusted third-party services like payment gateways o
If the array contains `'*'`, all origins will be trusted. This is generally not recommended!
-**Warning**: Only add origins you completely trust, as this bypasses CSRF protection for those origins.
+> [!NOTE] Only add origins you completely trust, as this bypasses CSRF protection for those origins.
+
+CSRF checks only apply in production, not in local development.